From 0436de6184c1a95d463da52929e3bf60923d6e04 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Dec 2021 09:23:09 +0100 Subject: update third-party libs and resolve API issues --- id/ConfigWebTool/pom.xml | 16 + .../auth/pvp2/servlets/Authenticate.java | 313 +-- .../auth/pvp2/servlets/BuildMetadata.java | 531 +++-- .../auth/pvp2/servlets/SLOBackChannelServlet.java | 203 +- .../auth/pvp2/servlets/SLOBasicServlet.java | 433 ++-- .../auth/pvp2/servlets/SLOFrontChannelServlet.java | 443 ++-- .../config/ConfigurationProvider.java | 1235 ++++++----- .../configuration/data/FormularCustomization.java | 1564 +++++++------- .../id/configuration/data/GeneralMOAIDConfig.java | 2183 ++++++++++---------- .../id/configuration/data/GeneralStorkConfig.java | 274 +-- .../moa/id/configuration/data/OAListElement.java | 187 +- .../moa/id/configuration/data/StorkAttributes.java | 42 +- .../id/configuration/data/UserDatabaseFrom.java | 630 +++--- .../id/configuration/data/oa/AttributeHelper.java | 92 +- .../data/oa/IOnlineApplicationData.java | 55 +- .../data/oa/OAAuthenticationData.java | 1572 +++++++------- .../id/configuration/data/oa/OABPKEncryption.java | 633 +++--- .../id/configuration/data/oa/OAGeneralConfig.java | 275 +-- .../data/oa/OAMOAIDPInterfederationConfig.java | 362 ++-- .../id/configuration/data/oa/OAOAuth20Config.java | 267 +-- .../moa/id/configuration/data/oa/OAPVP2Config.java | 439 ++-- .../configuration/data/oa/OARevisionsLogData.java | 237 ++- .../id/configuration/data/oa/OASAML1Config.java | 383 ++-- .../moa/id/configuration/data/oa/OASSOConfig.java | 184 +- .../id/configuration/data/oa/OASTORKConfig.java | 623 +++--- .../data/oa/OATargetConfiguration.java | 851 ++++---- .../data/oa/PVPGatewayInterfederationConfig.java | 202 +- .../configuration/filter/AuthenticationFilter.java | 6 +- .../id/configuration/filter/EncodingFilter.java | 6 +- .../configuration/helper/AuthenticationHelper.java | 40 +- .../id/configuration/helper/DateTimeHelper.java | 50 +- .../id/configuration/helper/FormDataHelper.java | 131 +- .../id/configuration/helper/LanguageHelper.java | 106 +- .../moa/id/configuration/helper/MailHelper.java | 435 ++-- .../moa/id/configuration/helper/StringHelper.java | 62 +- .../configuration/struts/action/BasicAction.java | 175 +- .../configuration/struts/action/BasicOAAction.java | 1187 +++++------ .../struts/action/EditGeneralConfigAction.java | 1548 +++++++------- .../configuration/struts/action/EditOAAction.java | 981 ++++----- .../struts/action/IDPGatewayAction.java | 36 +- .../struts/action/ImportExportAction.java | 929 +++++---- .../configuration/struts/action/IndexAction.java | 1643 +++++++-------- .../struts/action/InterfederationIDPAction.java | 822 ++++---- .../configuration/struts/action/ListOAsAction.java | 307 ++- .../configuration/struts/action/MOAIDPAction.java | 41 +- .../id/configuration/struts/action/MainAction.java | 66 +- .../struts/action/OpenAdminRequestsAction.java | 125 +- .../struts/action/UserManagementAction.java | 1130 +++++----- .../id/configuration/struts/action/VIDPAction.java | 63 +- .../utils/ConfigurationEncryptionUtils.java | 84 +- .../moa/id/configuration/utils/SAML2Utils.java | 97 +- .../id/configuration/utils/UserRequestCleaner.java | 110 +- .../validation/CompanyNumberValidator.java | 92 +- .../validation/FormularCustomizationValitator.java | 284 +-- .../validation/IdentificationNumberValidator.java | 4 +- .../validation/UserDatabaseFormValidator.java | 312 ++- .../validation/moaconfig/MOAConfigValidator.java | 857 ++++---- .../validation/moaconfig/PVP2ContactValidator.java | 130 +- .../validation/moaconfig/StorkConfigValidator.java | 187 +- .../oa/OAAuthenticationDataValidation.java | 419 ++-- .../validation/oa/OAFileUploadValidation.java | 89 +- .../validation/oa/OAOAUTH20ConfigValidation.java | 33 +- .../validation/oa/OAPVP2ConfigValidation.java | 362 ++-- .../validation/oa/OASAML1ConfigValidation.java | 28 +- .../validation/oa/OASSOConfigValidation.java | 44 +- .../validation/oa/OASTORKConfigValidation.java | 85 +- .../validation/oa/OATargetConfigValidation.java | 254 ++- id/moa-id-webgui/pom.xml | 6 +- id/moa-spss-container/pom.xml | 59 +- id/oa/pom.xml | 8 +- .../egovernment/moa/id/demoOA/Configuration.java | 6 +- .../moa/id/demoOA/servlet/pvp2/Authenticate.java | 529 +++-- .../moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 509 +++-- .../id/demoOA/servlet/pvp2/DemoApplication.java | 554 ++--- .../moa/id/demoOA/servlet/pvp2/Index.java | 467 +++-- .../moa/id/demoOA/servlet/pvp2/SingleLogOut.java | 296 +-- id/server/idserverlib/pom.xml | 20 +- id/server/moa-id-commons/pom.xml | 10 +- .../moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 4 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 4 +- .../modules/moa-id-module-ehvd_integration/pom.xml | 1 - id/server/modules/moa-id-module-openID/pom.xml | 5 +- .../moa-id-module-sl20_authentication/pom.xml | 6 +- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 664 +++--- .../modules/moa-id-module-ssoTransfer/pom.xml | 4 +- pom.xml | 59 +- 86 files changed, 15551 insertions(+), 15249 deletions(-) diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 63db8f8db..fd896efe7 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -64,11 +64,23 @@ MOA.id.server moa-id-commons + + + org.apache.logging.log4j + log4j-api + + at.gv.egiz.eaaf eaaf_module_pvp2_core + + + log4j + log4j + + at.gv.egiz.eaaf @@ -206,6 +218,10 @@ javassist javassist + + org.apache.logging.log4j + log4j-api + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java index 84fbec0e8..c6946e509 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java @@ -36,7 +36,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.AuthnContextClassRef; @@ -67,163 +66,167 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - /** * Servlet implementation class Authenticate */ public class Authenticate extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - - private static DocumentBuilderFactory factory = null; - - static { - initialDocumentBuilderFactory(); - } - - synchronized private static void initialDocumentBuilderFactory() { - factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - - } - - public Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException, ParserConfigurationException { - try { - DocumentBuilder builder = null; - synchronized (factory) { - builder = factory.newDocumentBuilder(); - - } - - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - throw e; - } - - } - - protected void process(HttpServletRequest request, - HttpServletResponse response, Map legacyParameter) throws ServletException, IOException { - try { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - config.initializePVP2Login(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - HttpSession session = request.getSession(); - if (session != null) { - session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); - } - - authReq.setAssertionConsumerServiceIndex(0); - authReq.setAttributeConsumingServiceIndex(0); - authReq.setIssueInstant(new DateTime()); - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - - subject.setNameID(name); - authReq.setSubject(subject); - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - redirectEndpoint = sss; - } - } - - authReq.setDestination(redirectEndpoint.getLocation()); - - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - - authReq.setRequestedAuthnContext(reqAuthContext); - - //sign Message - X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, config); - - //encode message - PVP2Utils.postBindingEncoder(request, - response, - authReq, - authcredential, - redirectEndpoint.getLocation(), - null); - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response, null); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response, null); - } + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + + private static DocumentBuilderFactory factory = null; + + static { + initialDocumentBuilderFactory(); + } + + synchronized private static void initialDocumentBuilderFactory() { + factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + + } + + public Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException, ParserConfigurationException { + try { + DocumentBuilder builder = null; + synchronized (factory) { + builder = factory.newDocumentBuilder(); + + } + + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + throw e; + } + + } + + protected void process(HttpServletRequest request, + HttpServletResponse response, Map legacyParameter) throws ServletException, + IOException { + try { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + + final AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + final HttpSession session = request.getSession(); + if (session != null) { + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); + } + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setAttributeConsumingServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + final Subject subject = SAML2Utils.createSAMLObject(Subject.class); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + final NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameIDType.PERSISTENT); + authReq.setNameIDPolicy(policy); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + SingleSignOnService redirectEndpoint = null; + for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleSignOnServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + redirectEndpoint = sss; + } + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + final RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + final AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + + authReq.setRequestedAuthnContext(reqAuthContext); + + // sign Message + final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, + config); + + // encode message + PVP2Utils.postBindingEncoder(request, + response, + authReq, + authcredential, + redirectEndpoint.getLocation(), + null); + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java index 7256d8688..ca03054aa 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java @@ -44,9 +44,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; @@ -81,275 +79,274 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.AttributeListBuilder; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * Servlet implementation class BuildMetadata */ +@Slf4j public class BuildMetadata extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = Logger.getLogger(BuildMetadata.class); - - private static final int VALIDUNTIL_IN_HOURS = 24; - - /** - * @see HttpServlet#HttpServlet() - */ - public BuildMetadata() { - super(); - } - - protected static Signature getSignature(Credential credentials) { - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - - //config.initializePVP2Login(); - - SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); - - EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. - createSAMLObject(EntitiesDescriptor.class); - - DateTime date = new DateTime(); - spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); - - String name = config.getPVP2MetadataEntitiesName(); - if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); - throw new ConfigurationException("NO Metadata EntitiesName configurated"); - } - - spEntitiesDescriptor.setName(name); - spEntitiesDescriptor.setID(idGen.generateIdentifier()); - - EntityDescriptor spEntityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); - - spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - log.debug("Set OnlineApplicationURL to " + serviceURL); - spEntityDescriptor.setEntityID(serviceURL); - - SPSSODescriptor spSSODescriptor = SAML2Utils - .createSAMLObject(SPSSODescriptor.class); - - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(true); - - X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityCertificate(true); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential signingcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreMetadataKeyAlias(), - config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - - - log.debug("Set Metadata key information"); - //Set MetaData Signing key - KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); - entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); - Signature entitiesSignature = getSignature(signingcredential); - spEntitiesDescriptor.setSignature(entitiesSignature); - - //Set AuthRequest Signing certificate - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - - //set AuthRequest encryption certificate - if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { - X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - - NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); - - spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); - - NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientnameIDFormat.setFormat(NameIDType.TRANSIENT); - - spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); - - NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - - AssertionConsumerService postassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - - //add SLO services - SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); - spSSODescriptor.getSingleLogoutServices().add(postBindingService); - - SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); - spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); - - SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); - spSSODescriptor.getSingleLogoutServices().add(soapBindingService); - - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - - spSSODescriptor.setWantAssertionsSigned(true); - spSSODescriptor.setAuthnRequestsSigned(true); - - AttributeConsumingService attributeService = - SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "de")); - attributeService.getNames().add(serviceName); - - attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); - out.marshall(spEntitiesDescriptor, document); - - Signer.signObject(entitiesSignature); - - Transformer transformer = TransformerFactory.newInstance().newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - byte[] metadataXML = sw.toString().getBytes("UTF-8"); - - response.setContentType("text/xml"); - response.setContentLength(metadataXML.length); - response.getOutputStream().write(metadataXML); - - - } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (KeyStoreException e) { - log.warn("Requested KeyStoreType is not implemented.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (CertificateException e) { - log.warn("KeyStore can not be opend or userd.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (SecurityException e) { - log.warn("KeyStore can not be opend or used", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (MarshallingException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (SignatureException e) { - log.warn("PVP2 Metadata can not be signed", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - } + private static final long serialVersionUID = 1L; + + private static final int VALIDUNTIL_IN_HOURS = 24; + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + + // config.initializePVP2Login(); + + final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + final DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + + final String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + final EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + final SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + log.debug("Set Metadata key information"); + // Set MetaData Signing key + final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + final Signature entitiesSignature = getSignature(signingcredential); + spEntitiesDescriptor.setSignature(entitiesSignature); + + // Set AuthRequest Signing certificate + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + final KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + // set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { + final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + final KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + final AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + // add SLO services + final SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); + spSSODescriptor.getSingleLogoutServices().add(postBindingService); + + final SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject( + SingleLogoutService.class); + redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); + spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); + + final SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); + spSSODescriptor.getSingleLogoutServices().add(soapBindingService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + spSSODescriptor.setWantAssertionsSigned(true); + spSSODescriptor.setAuthnRequestsSigned(true); + + final AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + DocumentBuilder builder; + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + final Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + final StringWriter sw = new StringWriter(); + final StreamResult sr = new StreamResult(sw); + final DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + final byte[] metadataXML = sw.toString().getBytes("UTF-8"); + + response.setContentType("text/xml"); + response.setContentLength(metadataXML.length); + response.getOutputStream().write(metadataXML); + + } catch (final ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final KeyStoreException e) { + log.warn("Requested KeyStoreType is not implemented.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final CertificateException e) { + log.warn("KeyStore can not be opend or userd.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final SecurityException e) { + log.warn("KeyStore can not be opend or used", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final MarshallingException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final SignatureException e) { + log.warn("PVP2 Metadata can not be signed", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (final Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java index f2c95f391..01bf39696 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java @@ -64,111 +64,116 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; */ public class SLOBackChannelServlet extends SLOBasicServlet { - private static final long serialVersionUID = 1481623547633064922L; - private static final Logger log = LoggerFactory - .getLogger(SLOBackChannelServlet.class); - - /** - * @throws ConfigurationException - */ - public SLOBackChannelServlet() throws ConfigurationException { - super(); - } - - - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - try { - HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); - - BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); - -// BasicSAMLMessageContext messageContext = + private static final long serialVersionUID = 1481623547633064922L; + private static final Logger log = LoggerFactory + .getLogger(SLOBackChannelServlet.class); + + /** + * @throws ConfigurationException + */ + public SLOBackChannelServlet() throws ConfigurationException { + super(); + } + + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + try { + final HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); + + final BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); + +// BasicSAMLMessageContext messageContext = // new BasicSAMLMessageContext(); - - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - //messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); - - //set trustPolicy + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + // messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + // set trustPolicy // BasicSecurityPolicy policy = new BasicSecurityPolicy(); // policy.getPolicyRules().add( // new PVPSOAPRequestSecurityPolicy( // PVP2Utils.getTrustEngine(getConfig()), -// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); // SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( -// policy); +// policy); // messageContext.setSecurityPolicyResolver(resolver); - - soapDecoder.decode(messageContext); - - Envelope inboundMessage = (Envelope) messageContext - .getInboundMessage(); - - LogoutResponse sloResp = null; - - if (inboundMessage.getBody() != null) { - List xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - - if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { - LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); - - //validate request signature - PVP2Utils.validateSignature(sloReq, getConfig()); - - sloResp = processLogOutRequest(sloReq, request); - - KeyStore keyStore = getConfig().getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - getConfig().getPVP2KeystoreAuthRequestKeyAlias(), - getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setOutboundSAMLMessage(sloResp); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); - - } else { - log.warn("Received request ist not of type LogOutRequest"); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - return; - - } - } - - } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (CertificateException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (KeyStoreException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (MessageEncodingException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } - - - - } - - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - response.setStatus(HttpServletResponse.SC_NOT_FOUND); - - } - + + soapDecoder.decode(messageContext); + + final Envelope inboundMessage = (Envelope) messageContext + .getInboundMessage(); + + LogoutResponse sloResp = null; + + if (inboundMessage.getBody() != null) { + final List xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); + + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { + final LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); + + // validate request signature + PVP2Utils.validateSignature(sloReq, getConfig()); + + sloResp = processLogOutRequest(sloReq, request); + + final KeyStore keyStore = getConfig().getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + getConfig().getPVP2KeystoreAuthRequestKeyAlias(), + getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setOutboundSAMLMessage(sloResp); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } else { + log.warn("Received request ist not of type LogOutRequest"); + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return; + + } + } + + } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException + | ValidationException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final CertificateException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final KeyStoreException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final MessageEncodingException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } + + } + + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + response.setStatus(HttpServletResponse.SC_NOT_FOUND); + + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index c70d34d7e..a880e800b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -62,217 +62,226 @@ import at.gv.egovernment.moa.util.MiscUtil; * */ public class SLOBasicServlet extends HttpServlet { - private static final long serialVersionUID = -4547240664871845098L; - private static final Logger log = LoggerFactory - .getLogger(SLOBasicServlet.class); - - private ConfigurationProvider config; - - public SLOBasicServlet() throws ConfigurationException { - config = ConfigurationProvider.getInstance(); - config.initializePVP2Login(); - } - - protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request) throws SLOException { - try { - LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloReq.setID(gen.generateIdentifier()); - sloReq.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloReq.setIssuer(issuer); - - NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); - sloReq.setNameID(userNameID); - userNameID.setFormat(nameIDFormat); - userNameID.setValue(nameID); - - return sloReq; - - } catch (NoSuchAlgorithmException e) { - log.warn("Single LogOut request createn FAILED. ", e); - throw new SLOException(); - - } - - } - - protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request) throws NoSuchAlgorithmException { - //check response destination - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = sloReq.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.startsWith(serviceURL)) { - log.warn("PVPResponse destination does not match requested destination"); - return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request); - } - - AuthenticationManager authManager = AuthenticationManager.getInstance(); - if (authManager.isActiveUser(sloReq.getNameID().getValue())) { - AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue()); - log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:" - + authUser.getNameID() + " get logged out by Single LogOut request."); - authManager.removeActiveUser(authUser); - HttpSession session = request.getSession(false); - if (session != null) - session.invalidate(); - return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); - - } else { - log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found."); - return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); - - } - - } - - protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { - LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloResp.setID(gen.generateIdentifier()); - sloResp.setInResponseTo(sloReq.getID()); - sloResp.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloResp.setIssuer(issuer); - - Status status = SAML2Utils.createSAMLObject(Status.class); - sloResp.setStatus(status); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - statusCode.setValue(statusCodeURI); - status.setStatusCode(statusCode ); - - return sloResp; - } - - protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request, HttpServletResponse response) throws PVP2Exception { - //ckeck InResponseTo matchs requestID - if (MiscUtil.isEmpty(reqID)) { - log.info("NO Sigle LogOut request ID"); - throw new PVP2Exception("NO Sigle LogOut request ID"); - } - - if (!reqID.equals(sloResp.getInResponseTo())) { - log.warn("SLORequestID does not match SLO Response ID!"); - throw new PVP2Exception("SLORequestID does not match SLO Response ID!"); - - } - - //check response destination - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = sloResp.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.startsWith(serviceURL)) { - log.warn("PVPResponse destination does not match requested destination"); - throw new PVP2Exception("SLO response destination does not match requested destination"); - } - - request.getSession().invalidate(); - - if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) { - log.warn("Single LogOut process is not completed."); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - - } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - if (sloResp.getStatus().getStatusCode().getStatusCode() != null && - !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) { - log.info("Single LogOut process complete."); - request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, - LanguageHelper.getErrorString("webpages.slo.success", request)); - - } else { - log.warn("Single LogOut process is not completed."); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - } - - } else { - log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue()); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - } - String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; - redirectURL = response.encodeRedirectURL(redirectURL); - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - - } - - protected SingleLogoutService findIDPFrontChannelSLOService() throws - ConfigurationException, SLOException { - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - try { - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) - redirectEndpoint = sss; - - else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && - redirectEndpoint == null) - redirectEndpoint = sss; - } - - if (redirectEndpoint == null) { - log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service."); - throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service."); - } - - return redirectEndpoint; - } catch (MetadataProviderException e) { - log.info("IDP EntityName is not found in IDP Metadata", e); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - - } - } - - protected ConfigurationProvider getConfig() { - return config; - } + private static final long serialVersionUID = -4547240664871845098L; + private static final Logger log = LoggerFactory + .getLogger(SLOBasicServlet.class); + + private final ConfigurationProvider config; + + public SLOBasicServlet() throws ConfigurationException { + config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + } + + protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request) + throws SLOException { + try { + final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloReq.setID(gen.generateIdentifier()); + sloReq.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloReq.setIssuer(issuer); + + final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); + sloReq.setNameID(userNameID); + userNameID.setFormat(nameIDFormat); + userNameID.setValue(nameID); + + return sloReq; + + } catch (final NoSuchAlgorithmException e) { + log.warn("Single LogOut request createn FAILED. ", e); + throw new SLOException(); + + } + + } + + protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request) + throws NoSuchAlgorithmException { + // check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = sloReq.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.startsWith(serviceURL)) { + log.warn("PVPResponse destination does not match requested destination"); + return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request); + } + + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + if (authManager.isActiveUser(sloReq.getNameID().getValue())) { + final AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue()); + log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:" + + authUser.getNameID() + " get logged out by Single LogOut request."); + authManager.removeActiveUser(authUser); + final HttpSession session = request.getSession(false); + if (session != null) { + session.invalidate(); + } + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); + + } else { + log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + + " is not found."); + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); + + } + + } + + protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, + HttpServletRequest request) throws NoSuchAlgorithmException { + final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloResp.setID(gen.generateIdentifier()); + sloResp.setInResponseTo(sloReq.getID()); + sloResp.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloResp.setIssuer(issuer); + + final Status status = SAML2Utils.createSAMLObject(Status.class); + sloResp.setStatus(status); + final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(statusCodeURI); + status.setStatusCode(statusCode); + + return sloResp; + } + + protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request, + HttpServletResponse response) throws PVP2Exception { + // ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(reqID)) { + log.info("NO Sigle LogOut request ID"); + throw new PVP2Exception("NO Sigle LogOut request ID"); + } + + if (!reqID.equals(sloResp.getInResponseTo())) { + log.warn("SLORequestID does not match SLO Response ID!"); + throw new PVP2Exception("SLORequestID does not match SLO Response ID!"); + + } + + // check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = sloResp.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.startsWith(serviceURL)) { + log.warn("PVPResponse destination does not match requested destination"); + throw new PVP2Exception("SLO response destination does not match requested destination"); + } + + request.getSession().invalidate(); + + if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) { + log.warn("Single LogOut process is not completed."); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + if (sloResp.getStatus().getStatusCode().getStatusCode() != null && + !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) { + log.info("Single LogOut process complete."); + request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, + LanguageHelper.getErrorString("webpages.slo.success", request)); + + } else { + log.warn("Single LogOut process is not completed."); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } + + } else { + log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode() + .getValue()); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } + String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; + redirectURL = response.encodeRedirectURL(redirectURL); + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", redirectURL); + + } + + protected SingleLogoutService findIDPFrontChannelSLOService() throws ConfigurationException, SLOException { + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + try { + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && + redirectEndpoint == null) { + redirectEndpoint = sss; + } + } + + if (redirectEndpoint == null) { + log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service."); + throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service."); + } + + return redirectEndpoint; + } catch (final MetadataProviderException e) { + log.info("IDP EntityName is not found in IDP Metadata", e); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + + } + } + + protected ConfigurationProvider getConfig() { + return config; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java index 274aa21bf..ac9d65cbf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java @@ -77,221 +77,230 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class SLOFrontChannelServlet extends SLOBasicServlet { - private static final long serialVersionUID = -6280199681356977759L; - private static final Logger log = LoggerFactory - .getLogger(SLOFrontChannelServlet.class); - - /** - * @throws ConfigurationException - */ - public SLOFrontChannelServlet() throws ConfigurationException { - super(); - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { - //process user initiated single logout process - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - - if (authUserObj == null) { - log.warn("No user information found. Single Log-Out not possible"); - buildErrorMessage(request, response); - - } - - AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; - - String nameIDFormat = authUser.getNameIDFormat(); - String nameID = authUser.getNameID(); - - //remove user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.removeActiveUser(authUser); - - if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { - log.warn("No user information found. Single Log-Out not possible"); - buildErrorMessage(request, response); - - } else - log.info("Fount user information for user nameID: " + nameID - + " , nameIDFormat: " + nameIDFormat - + ". Build Single Log-Out request ..."); - - //build SLO request to IDP - LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request); - - request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); - - //send message - sendMessage(request, response, sloReq, null); - - } else { - //process PVP 2.1 single logout process - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - PVP2Utils.getTrustEngine(getConfig())); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setSecurityPolicyResolver(resolver); - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - - decode.decode(messageContext); - - signatureRule.evaluate(messageContext); - - - processMessage(request, response, - messageContext.getInboundMessage(), messageContext.getRelayState()); - - } - - } catch (SLOException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ConfigurationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (PVP2Exception e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityPolicyException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (MessageDecodingException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (NoSuchAlgorithmException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - decode.decode(messageContext); - - PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig()); - - processMessage(request, response, - messageContext.getInboundMessage(), messageContext.getRelayState()); - - - } catch (MessageDecodingException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ValidationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ConfigurationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (PVP2Exception e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (NoSuchAlgorithmException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } - } - - private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) { - - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - //check response destination - String serviceURL = getConfig().getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; - redirectURL = response.encodeRedirectURL(redirectURL); - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - } - - private void processMessage(HttpServletRequest request, HttpServletResponse response, - XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, NoSuchAlgorithmException { - if (xmlObject instanceof LogoutRequest) { - LogoutResponse sloResp = - processLogOutRequest((LogoutRequest) xmlObject, request); - sendMessage(request, response, sloResp, relayState); - - } else if (xmlObject instanceof LogoutResponse) { - LogoutResponse sloResp = (LogoutResponse) xmlObject; - - String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID); - request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null); - validateLogOutResponse(sloResp, reqID, request, response); - - } - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception { - SingleLogoutService sloService = findIDPFrontChannelSLOService(); - sloReq.setDestination(sloService.getLocation()); - sendMessage(request, response, sloReq, sloService, relayState); - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception { - SingleLogoutService sloService = findIDPFrontChannelSLOService(); - sloReq.setDestination(sloService.getLocation()); - sendMessage(request, response, sloReq, sloService, relayState); - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) throws ConfigurationException, PVP2Exception { - X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, getConfig()); - if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) - PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState); - - else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) - PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState); - } - + private static final long serialVersionUID = -6280199681356977759L; + private static final Logger log = LoggerFactory + .getLogger(SLOFrontChannelServlet.class); + + /** + * @throws ConfigurationException + */ + public SLOFrontChannelServlet() throws ConfigurationException { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { + // process user initiated single logout process + final Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj == null) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } + + final AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; + + final String nameIDFormat = authUser.getNameIDFormat(); + final String nameID = authUser.getNameID(); + + // remove user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.removeActiveUser(authUser); + + if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } else { + log.info("Fount user information for user nameID: " + nameID + + " , nameIDFormat: " + nameIDFormat + + ". Build Single Log-Out request ..."); + } + + // build SLO request to IDP + final LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request); + + request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); + + // send message + sendMessage(request, response, sloReq, null); + + } else { + // process PVP 2.1 single logout process + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + PVP2Utils.getTrustEngine(getConfig())); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setSecurityPolicyResolver(resolver); + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + decode.decode(messageContext); + + signatureRule.evaluate(messageContext); + + processMessage(request, response, + messageContext.getInboundMessage(), messageContext.getRelayState()); + + } + + } catch (final SLOException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ConfigurationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final PVP2Exception e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityPolicyException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final MessageDecodingException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final NoSuchAlgorithmException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + decode.decode(messageContext); + + PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig()); + + processMessage(request, response, + messageContext.getInboundMessage(), messageContext.getRelayState()); + + } catch (final MessageDecodingException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ValidationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ConfigurationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final PVP2Exception e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final NoSuchAlgorithmException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } + } + + private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) { + + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + // check response destination + String serviceURL = getConfig().getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; + redirectURL = response.encodeRedirectURL(redirectURL); + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", redirectURL); + } + + private void processMessage(HttpServletRequest request, HttpServletResponse response, + XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, + NoSuchAlgorithmException { + if (xmlObject instanceof LogoutRequest) { + final LogoutResponse sloResp = + processLogOutRequest((LogoutRequest) xmlObject, request); + sendMessage(request, response, sloResp, relayState); + + } else if (xmlObject instanceof LogoutResponse) { + final LogoutResponse sloResp = (LogoutResponse) xmlObject; + + final String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID); + request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null); + validateLogOutResponse(sloResp, reqID, request, response); + + } + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception { + final SingleLogoutService sloService = findIDPFrontChannelSLOService(); + sloReq.setDestination(sloService.getLocation()); + sendMessage(request, response, sloReq, sloService, relayState); + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception { + final SingleLogoutService sloService = findIDPFrontChannelSLOService(); + sloReq.setDestination(sloService.getLocation()); + sendMessage(request, response, sloReq, sloService, relayState); + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) + throws ConfigurationException, PVP2Exception { + final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, + getConfig()); + if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), + relayState); + } else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), + relayState); + } + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index ef6c951c2..8eb4db4a2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -44,7 +44,6 @@ import java.util.jar.Manifest; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; -import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.xml.parse.BasicParserPool; @@ -68,649 +67,635 @@ import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.MiscUtil; import iaik.asn1.structures.AlgorithmID; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class ConfigurationProvider { - public static final String HTMLTEMPLATE_DIR = "/htmlTemplates"; - public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html"; - - private static final Logger log = Logger.getLogger(ConfigurationProvider.class); - - private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; - - private static ConfigurationProvider instance; - private Properties props; - private String configFileName; - private String configRootDir; - - private HTTPMetadataProvider idpMetadataProvider = null; - private KeyStore keyStore = null; - - private String publicURLPreFix = null; - - private boolean pvp2logininitialzied = false; - - private ClassPathXmlApplicationContext context = null; - private MOAIDConfigurationModul configModule = null; - private NewConfigurationDBRead deprecatedDBRead = null; - private FileBasedUserConfiguration userManagement = null; - - private ArrayList activeProfiles = new ArrayList(); - - public static ConfigurationProvider getInstance() throws ConfigurationException { - - if (instance == null) { - instance = new ConfigurationProvider(); - instance.inizialize(); - - } - - return instance; - } - - private void inizialize() throws ConfigurationException { - - log.info("Set SystemProperty for UTF-8 file.encoding as default"); - System.setProperty("file.encoding", "UTF-8"); - - configFileName = System.getProperty(SYSTEM_PROP_CONFIG); - - if (configFileName == null) { - throw new ConfigurationException("config.05"); - } - try { - URI fileURI = new URI(configFileName); - File propertiesFile = new File(fileURI); - - // determine the directory of the root config file - String rootConfigFileDir = propertiesFile.getParent(); - configRootDir = new File(rootConfigFileDir).toURI().toURL().toString();; - - log.info("Loading MOA-ID-AUTH configuration " + configFileName); - - //Initial Hibernate Framework - log.trace("Initializing Hibernate framework."); - - //Load MOAID-2.0 properties file - - - FileInputStream fis; - props = new Properties(); - - fis = new FileInputStream(propertiesFile); - props.load(fis); - fis.close(); + public static final String HTMLTEMPLATE_DIR = "/htmlTemplates"; + public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html"; + + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + + private static ConfigurationProvider instance; + private Properties props; + private String configFileName; + private String configRootDir; + + private HTTPMetadataProvider idpMetadataProvider = null; + private KeyStore keyStore = null; + + private String publicURLPreFix = null; + + private boolean pvp2logininitialzied = false; + + private ClassPathXmlApplicationContext context = null; + private MOAIDConfigurationModul configModule = null; + private NewConfigurationDBRead deprecatedDBRead = null; + private FileBasedUserConfiguration userManagement = null; + + private final ArrayList activeProfiles = new ArrayList<>(); + + public static ConfigurationProvider getInstance() throws ConfigurationException { + + if (instance == null) { + instance = new ConfigurationProvider(); + instance.inizialize(); + + } + + return instance; + } + + private void inizialize() throws ConfigurationException { + + log.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); + + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + + if (configFileName == null) { + throw new ConfigurationException("config.05"); + } + try { + final URI fileURI = new URI(configFileName); + final File propertiesFile = new File(fileURI); + + // determine the directory of the root config file + final String rootConfigFileDir = propertiesFile.getParent(); + configRootDir = new File(rootConfigFileDir).toURI().toURL().toString(); + + log.info("Loading MOA-ID-AUTH configuration " + configFileName); + + // Initial Hibernate Framework + log.trace("Initializing Hibernate framework."); + + // Load MOAID-2.0 properties file + + FileInputStream fis; + props = new Properties(); + + fis = new FileInputStream(propertiesFile); + props.load(fis); + fis.close(); // //Workaround -> can be removed in next version // if (MiscUtil.isEmpty(System.getProperty("spring.profiles.active"))) { // log.info("Set System-Property to activate 'byteBased' config values"); // System.setProperty("spring.profiles.active", "byteBasedConfig"); -// +// // } - - //initialize generic SpringContext to set profiles - GenericApplicationContext rootContext = new GenericApplicationContext(); + + // initialize generic SpringContext to set profiles + final GenericApplicationContext rootContext = new GenericApplicationContext(); // if (Boolean.valueOf(props.getProperty("configuration.database.byteBasedValues", "false"))) -// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG); +// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG); // for (String el: activeProfiles) // rootContext.getEnvironment().addActiveProfile(el); - //refresh generic context - rootContext.refresh(); - - //initialize SpringContext - context = new ClassPathXmlApplicationContext( - new String[] { "configuration.beans.xml", - "moaid.webgui.beans.xml", - "moaid.migration.beans.xml", - "moaid.configurationtool.beans.xml" - }, rootContext); - - - log.info("Spring-context was initialized with active profiles: " - + Arrays.asList(context.getEnvironment().getActiveProfiles())); - - //Autowire beans in these context - AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); - acbFactory.autowireBean(this); - - - log.info("Hibernate initialization finished."); - - DefaultBootstrap.bootstrap(); - log.info("OPENSAML initialized"); - - UserRequestCleaner.start(); - - fixJava8_141ProblemWithSSLAlgorithms(); - - log.info("MOA-ID-Configuration initialization completed"); - - - } catch (FileNotFoundException e) { - throw new ConfigurationException("config.01", new Object[]{configFileName}, e); - - } catch (IOException e) { - throw new ConfigurationException("config.02", new Object[]{configFileName}, e); - - } catch (org.opensaml.xml.ConfigurationException e) { - throw new ConfigurationException("config.04", e); - - } catch (URISyntaxException e) { - throw new ConfigurationException("config.01", new Object[]{configFileName}, e); - } - - } - - private static void fixJava8_141ProblemWithSSLAlgorithms() { - log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); - //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", - new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", - new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", - new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", - new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", - new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); - - log.info("Change AlgorithmIDs finished"); + // refresh generic context + rootContext.refresh(); + + // initialize SpringContext + context = new ClassPathXmlApplicationContext( + new String[] { "configuration.beans.xml", + "moaid.webgui.beans.xml", + "moaid.migration.beans.xml", + "moaid.configurationtool.beans.xml" + }, rootContext); + + log.info("Spring-context was initialized with active profiles: " + + Arrays.asList(context.getEnvironment().getActiveProfiles())); + + // Autowire beans in these context + final AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); + acbFactory.autowireBean(this); + + log.info("Hibernate initialization finished."); + + DefaultBootstrap.bootstrap(); + log.info("OPENSAML initialized"); + + UserRequestCleaner.start(); + + fixJava8_141ProblemWithSSLAlgorithms(); + + log.info("MOA-ID-Configuration initialization completed"); + + } catch (final FileNotFoundException e) { + throw new ConfigurationException("config.01", new Object[] { configFileName }, e); + + } catch (final IOException e) { + throw new ConfigurationException("config.02", new Object[] { configFileName }, e); + + } catch (final org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); + + } catch (final URISyntaxException e) { + throw new ConfigurationException("config.01", new Object[] { configFileName }, e); } - - @Autowired(required = true) - public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { - this.configModule = module; - } - - - - /** - * @param dbRead the dbRead to set - */ - @Autowired(required = true) - public void setDbRead(NewConfigurationDBRead dbRead) { - this.deprecatedDBRead = dbRead; - } - - - - /** - * @return the props - */ - public Properties getConfigurationProperties() { - return props; - } - - /** - * @return the deprecatedDBWrite - */ - public FileBasedUserConfiguration getUserManagement() { - return userManagement; - } - - /** - * @param deprecatedDBWrite the deprecatedDBWrite to set - */ - @Autowired(required = true) - public void setUserManagement(FileBasedUserConfiguration userManagement) { - this.userManagement = userManagement; - } - - - public String getPublicUrlPreFix(HttpServletRequest request) { - publicURLPreFix = props.getProperty("general.publicURLContext"); - - if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { - String url = request.getRequestURL().toString(); - String contextpath = request.getContextPath(); - int index = url.indexOf(contextpath); - publicURLPreFix = url.substring(0, index + contextpath.length() + 1); - } - - return publicURLPreFix; - } - - public int getUserRequestCleanUpDelay() { - String delay = props.getProperty("general.userrequests.cleanup.delay"); - return Integer.getInteger(delay, 12); - } - + + } + + private static void fixJava8_141ProblemWithSSLAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] + // { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } + + @Autowired(required = true) + public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { + this.configModule = module; + } + + /** + * @param dbRead the dbRead to set + */ + @Autowired(required = true) + public void setDbRead(NewConfigurationDBRead dbRead) { + this.deprecatedDBRead = dbRead; + } + + /** + * @return the props + */ + public Properties getConfigurationProperties() { + return props; + } + + /** + * @return the deprecatedDBWrite + */ + public FileBasedUserConfiguration getUserManagement() { + return userManagement; + } + + /** + * @param deprecatedDBWrite the deprecatedDBWrite to set + */ + @Autowired(required = true) + public void setUserManagement(FileBasedUserConfiguration userManagement) { + this.userManagement = userManagement; + } + + public String getPublicUrlPreFix(HttpServletRequest request) { + publicURLPreFix = props.getProperty("general.publicURLContext"); + + if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { + final String url = request.getRequestURL().toString(); + final String contextpath = request.getContextPath(); + final int index = url.indexOf(contextpath); + publicURLPreFix = url.substring(0, index + contextpath.length() + 1); + } + + return publicURLPreFix; + } + + public int getUserRequestCleanUpDelay() { + final String delay = props.getProperty("general.userrequests.cleanup.delay"); + return Integer.getInteger(delay, 12); + } + // public String getContactMailAddress() { // return props.getProperty("general.contact.mail"); // } - - public String getSSOLogOutURL() { - return props.getProperty("general.login.pvp2.idp.sso.logout.url"); - } - - public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { - if (keyStore == null) { - String keystoretype = getPVP2MetadataKeystoreType(); - if (MiscUtil.isEmpty(keystoretype)) { - log.debug("No KeyStoreType defined. Using default KeyStoreType."); - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - } else { - log.debug("Using " + keystoretype + " KeyStoreType."); - keyStore = KeyStore.getInstance(keystoretype); - - } - - - String fileURL = getPVP2MetadataKeystoreURL(); - log.debug("Load KeyStore from URL " + fileURL); - if (MiscUtil.isEmpty(fileURL)) { - log.info("Metadata KeyStoreURL is empty"); - throw new ConfigurationException("Metadata KeyStoreURL is empty"); - } - - URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir()))); - InputStream inputStream = keystoreURL.openStream(); - keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); - inputStream.close(); - } - - return keyStore; - - } - - public String getConfigFile() { - return configFileName; - } - - public String getConfigRootDir() { - return configRootDir; - } - - public boolean isMOAIDMode() { - String result = props.getProperty("general.moaidmode.active", "true"); - return Boolean.parseBoolean(result); - } - - public String getMOAIDInstanceURL() { - return props.getProperty("general.moaid.instance.url"); - } - - public boolean isLoginDeaktivated() { - String result = props.getProperty("general.login.deaktivate", "false"); - return Boolean.parseBoolean(result); - } - - public boolean isOATargetVerificationDeaktivated() { - String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); - return Boolean.parseBoolean(result); - } - - //PVP2 Login configuration - - public void initializePVP2Login() throws ConfigurationException { - if (!pvp2logininitialzied) - initalPVP2Login(); - } - - public boolean isPVP2LoginActive() { - - return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false")); - } - - public boolean isPVP2LoginBusinessService() { - String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); - return Boolean.parseBoolean(result); - } - - public String getPVP2LoginTarget() { - return props.getProperty("general.login.pvp2.target"); - } - - public String getPVP2LoginIdenificationValue() { - return props.getProperty("general.login.pvp2.identificationvalue"); - } - - public String getPVP2MetadataEntitiesName() { - return props.getProperty("general.login.pvp2.metadata.entities.name"); - } - - public String getPVP2MetadataKeystoreURL() { - return props.getProperty("general.login.pvp2.keystore.url"); - } - - public String getPVP2MetadataKeystorePassword() { - return props.getProperty("general.login.pvp2.keystore.password"); - } - - public String getPVP2MetadataKeystoreType() { - return props.getProperty("general.login.pvp2.keystore.type"); - } - - public String getPVP2KeystoreMetadataKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); - } - - public String getPVP2KeystoreMetadataKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); - } - - public String getPVP2KeystoreAuthRequestKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); - } - - public String getPVP2KeystoreAuthRequestKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); - } - - public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias"); - } - - public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password"); - } - - public String getPVP2IDPMetadataURL() { - return props.getProperty("general.login.pvp2.idp.metadata.url"); - } - - public String getPVP2IDPMetadataCertificate() { - return props.getProperty("general.login.pvp2.idp.metadata.certificate"); - } - - public String getPVP2IDPMetadataEntityName() { - return props.getProperty("general.login.pvp2.idp.metadata.entityID"); - } - - public HTTPMetadataProvider getMetaDataProvier() { - return idpMetadataProvider; - } - - - //SMTP Server - public String getSMTPMailHost() { - return props.getProperty("general.mail.host"); - } - - public String getSMTPMailPort() { - return props.getProperty("general.mail.host.port"); - } - - public String getSMTPMailUsername() { - return props.getProperty("general.mail.host.username"); - } - - public String getSMTPMailPassword() { - return props.getProperty("general.mail.host.password"); - } - - //Mail Configuration - public String getMailFromName() { - return props.getProperty("general.mail.from.name"); - } - - public String getMailFromAddress() { - return props.getProperty("general.mail.from.address"); - } - - public String getMailUserAcountVerificationSubject() { - return props.getProperty("general.mail.useraccountrequest.verification.subject"); - } - - public String getMailUserAcountVerificationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.verification.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); - - } - } - - public String getMailUserAcountActivationSubject() { - return props.getProperty("general.mail.useraccountrequest.isactive.subject"); - } - - public String getMailUserAcountActivationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountActivationTemplate is empty"); - throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); - - } - - } - - public String getMailOAActivationSubject() { - return props.getProperty("general.mail.createOArequest.isactive.subject"); - } - - public String getDefaultLanguage() { + + public String getSSOLogOutURL() { + return props.getProperty("general.login.pvp2.idp.sso.logout.url"); + } + + public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, + CertificateException, KeyStoreException { + if (keyStore == null) { + final String keystoretype = getPVP2MetadataKeystoreType(); + if (MiscUtil.isEmpty(keystoretype)) { + log.debug("No KeyStoreType defined. Using default KeyStoreType."); + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + } else { + log.debug("Using " + keystoretype + " KeyStoreType."); + keyStore = KeyStore.getInstance(keystoretype); + + } + + final String fileURL = getPVP2MetadataKeystoreURL(); + log.debug("Load KeyStore from URL " + fileURL); + if (MiscUtil.isEmpty(fileURL)) { + log.info("Metadata KeyStoreURL is empty"); + throw new ConfigurationException("Metadata KeyStoreURL is empty"); + } + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir())); + final InputStream inputStream = keystoreURL.openStream(); + keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); + inputStream.close(); + } + + return keyStore; + + } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + + public boolean isMOAIDMode() { + final String result = props.getProperty("general.moaidmode.active", "true"); + return Boolean.parseBoolean(result); + } + + public String getMOAIDInstanceURL() { + return props.getProperty("general.moaid.instance.url"); + } + + public boolean isLoginDeaktivated() { + final String result = props.getProperty("general.login.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + public boolean isOATargetVerificationDeaktivated() { + final String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + // PVP2 Login configuration + + public void initializePVP2Login() throws ConfigurationException { + if (!pvp2logininitialzied) { + initalPVP2Login(); + } + } + + public boolean isPVP2LoginActive() { + + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false")); + } + + public boolean isPVP2LoginBusinessService() { + final String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); + return Boolean.parseBoolean(result); + } + + public String getPVP2LoginTarget() { + return props.getProperty("general.login.pvp2.target"); + } + + public String getPVP2LoginIdenificationValue() { + return props.getProperty("general.login.pvp2.identificationvalue"); + } + + public String getPVP2MetadataEntitiesName() { + return props.getProperty("general.login.pvp2.metadata.entities.name"); + } + + public String getPVP2MetadataKeystoreURL() { + return props.getProperty("general.login.pvp2.keystore.url"); + } + + public String getPVP2MetadataKeystorePassword() { + return props.getProperty("general.login.pvp2.keystore.password"); + } + + public String getPVP2MetadataKeystoreType() { + return props.getProperty("general.login.pvp2.keystore.type"); + } + + public String getPVP2KeystoreMetadataKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); + } + + public String getPVP2KeystoreMetadataKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); + } + + public String getPVP2KeystoreAuthRequestKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); + } + + public String getPVP2KeystoreAuthRequestKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password"); + } + + public String getPVP2IDPMetadataURL() { + return props.getProperty("general.login.pvp2.idp.metadata.url"); + } + + public String getPVP2IDPMetadataCertificate() { + return props.getProperty("general.login.pvp2.idp.metadata.certificate"); + } + + public String getPVP2IDPMetadataEntityName() { + return props.getProperty("general.login.pvp2.idp.metadata.entityID"); + } + + public HTTPMetadataProvider getMetaDataProvier() { + return idpMetadataProvider; + } + + // SMTP Server + public String getSMTPMailHost() { + return props.getProperty("general.mail.host"); + } + + public String getSMTPMailPort() { + return props.getProperty("general.mail.host.port"); + } + + public String getSMTPMailUsername() { + return props.getProperty("general.mail.host.username"); + } + + public String getSMTPMailPassword() { + return props.getProperty("general.mail.host.password"); + } + + // Mail Configuration + public String getMailFromName() { + return props.getProperty("general.mail.from.name"); + } + + public String getMailFromAddress() { + return props.getProperty("general.mail.from.address"); + } + + public String getMailUserAcountVerificationSubject() { + return props.getProperty("general.mail.useraccountrequest.verification.subject"); + } + + public String getMailUserAcountVerificationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.verification.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); + + } + } + + public String getMailUserAcountActivationSubject() { + return props.getProperty("general.mail.useraccountrequest.isactive.subject"); + } + + public String getMailUserAcountActivationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountActivationTemplate is empty"); + throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); + + } + + } + + public String getMailOAActivationSubject() { + return props.getProperty("general.mail.createOArequest.isactive.subject"); + } + + public String getDefaultLanguage() { + try { + return props.getProperty("general.defaultlanguage", "de").toLowerCase(); + } catch (final Exception ex) { + return "de"; + } + } + + public String getMailOAActivationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.createOArequest.isactive.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailOAActivationTemplate is empty"); + throw new ConfigurationException("MailOAActivationTemplate is empty"); + + } + + } + + public String getMailUserAcountRevocationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); + + } + } + + public String getMailAdminSubject() { + return props.getProperty("general.mail.admin.subject"); + } + + public String getMailAdminTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.admin.adresses.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailAdminTemplate is empty"); + + } + } + + public String getMailAdminAddress() { + return props.getProperty("general.mail.admin.adress"); + } + + public String getConfigToolVersion() { + return parseVersionFromManifest(); + } + + public String getCertStoreDirectory() throws ConfigurationException { + final String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) { + return FileUtils.makeAbsoluteURL(dir, configRootDir); + } else { + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); + } + + } + + public String getTrustStoreDirectory() throws ConfigurationException { + final String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) { + return FileUtils.makeAbsoluteURL(dir, configRootDir); + } else { + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); + } + + } + + public String getConfigurationEncryptionKey() { + return props.getProperty("general.moaconfig.key"); + + } + + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + + /** + * @return + */ + private boolean isHostNameValidationEnabled() { + return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true")); + + } + + /** + * @return the context + */ + public ApplicationContext getContext() { + return context; + } + + /** + * @return the configModule + */ + public MOAIDConfigurationModul getConfigModule() { + return configModule; + } + + /** + * @return the dbRead + */ + public NewConfigurationDBRead getDbRead() { + return deprecatedDBRead; + } + + private void initalPVP2Login() throws ConfigurationException { + try { + + final String metadataCert = getPVP2IDPMetadataCertificate(); + if (MiscUtil.isEmpty(metadataCert)) { + log.info("NO IDP Certificate to verify IDP Metadata"); + throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); + } + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir())); + final InputStream certstream = keystoreURL.openStream(); + final X509Certificate cert = new X509Certificate(certstream); + final BasicX509Credential idpCredential = new BasicX509Credential(); + idpCredential.setEntityCertificate(cert); + + log.debug("IDP Certificate loading finished"); + + final String metadataurl = getPVP2IDPMetadataURL(); + if (MiscUtil.isEmpty(metadataurl)) { + log.info("NO IDP Metadata URL."); + throw new ConfigurationException("NO IDP Metadata URL."); + } + + final MOAHttpClient httpClient = new MOAHttpClient(); + + if (metadataurl.startsWith("https:")) { try { - return props.getProperty("general.defaultlanguage", "de").toLowerCase(); - } catch (Exception ex) { - return "de"; + final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + true, + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[] { "crl" }, + ConfigurationProvider.getInstance().isHostNameValidationEnabled()); + + httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); + + } catch (final MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + } + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl); + idpMetadataProvider.setRequireValidMetadata(true); + idpMetadataProvider.setParserPool(new BasicParserPool()); + idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); + idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12); // refresh Metadata every 12h + idpMetadataProvider.initialize(); + + pvp2logininitialzied = true; + + } catch (final Exception e) { + log.warn("PVP2 authentification can not be initialized."); + throw new ConfigurationException("error.initialization.pvplogin", e); } - - public String getMailOAActivationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.createOArequest.isactive.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailOAActivationTemplate is empty"); - throw new ConfigurationException("MailOAActivationTemplate is empty"); - - } - - } - - public String getMailUserAcountRevocationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); - - } - } - - public String getMailAdminSubject() { - return props.getProperty("general.mail.admin.subject"); - } - - public String getMailAdminTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.admin.adresses.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailAdminTemplate is empty"); - - } - } - - public String getMailAdminAddress() { - return props.getProperty("general.mail.admin.adress"); - } - - public String getConfigToolVersion() { - return parseVersionFromManifest(); - } - - public String getCertStoreDirectory() throws ConfigurationException { - String dir = props.getProperty("general.ssl.certstore"); - if (MiscUtil.isNotEmpty(dir)) - return FileUtils.makeAbsoluteURL(dir, configRootDir); - - else - throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); - - } - - public String getTrustStoreDirectory() throws ConfigurationException { - String dir = props.getProperty("general.ssl.truststore"); - if (MiscUtil.isNotEmpty(dir)) - return FileUtils.makeAbsoluteURL(dir, configRootDir); - - else - throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); - - } - - public String getConfigurationEncryptionKey() { - return props.getProperty("general.moaconfig.key"); - - } - - public boolean isPVPMetadataSchemaValidationActive() { - return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); - - } - - /** - * @return - */ - private boolean isHostNameValidationEnabled() { - return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true")); - - } - - /** - * @return the context - */ - public ApplicationContext getContext() { - return context; - } - - /** - * @return the configModule - */ - public MOAIDConfigurationModul getConfigModule() { - return configModule; - } - - - - /** - * @return the dbRead - */ - public NewConfigurationDBRead getDbRead() { - return deprecatedDBRead; - } - - private void initalPVP2Login() throws ConfigurationException { - try { - - String metadataCert = getPVP2IDPMetadataCertificate(); - if (MiscUtil.isEmpty(metadataCert)) { - log.info("NO IDP Certificate to verify IDP Metadata"); - throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); - } - - URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir()))); - InputStream certstream = keystoreURL.openStream(); - X509Certificate cert = new X509Certificate(certstream); - BasicX509Credential idpCredential = new BasicX509Credential(); - idpCredential.setEntityCertificate(cert); - - log.debug("IDP Certificate loading finished"); - - String metadataurl = getPVP2IDPMetadataURL(); - if (MiscUtil.isEmpty(metadataurl)) { - log.info("NO IDP Metadata URL."); - throw new ConfigurationException("NO IDP Metadata URL."); - } - - MOAHttpClient httpClient = new MOAHttpClient(); - - if (metadataurl.startsWith("https:")) { - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - true, - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - ConfigurationProvider.getInstance().isHostNameValidationEnabled()); - - httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); - - } - } - - idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl); - idpMetadataProvider.setRequireValidMetadata(true); - idpMetadataProvider.setParserPool(new BasicParserPool()); - idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); - idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h - idpMetadataProvider.initialize(); - - pvp2logininitialzied = true; - - } catch (Exception e) { - log.warn("PVP2 authentification can not be initialized."); - throw new ConfigurationException("error.initialization.pvplogin", e); - } - } - - private String parseVersionFromManifest() { - - - - try { - Class clazz = ConfigurationProvider.class; - String className = clazz.getSimpleName() + ".class"; - String classPath = clazz.getResource(className).toString(); - - if (classPath.startsWith("jar")) { - log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version"); - return Constants.DEFAULT_VERSION; - - } - - String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/") + "WEB-INF/classes/".length()) + - "../../META-INF/MANIFEST.MF"; - - Manifest manifest = new Manifest(new URL(manifestPath).openStream());; - - Attributes attributes = manifest.getMainAttributes(); - String version = attributes.getValue("version"); - - if (MiscUtil.isNotEmpty(version)) - return version; - - else { - log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version"); - return Constants.DEFAULT_VERSION; - - } - - } catch (Throwable e) { - log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version"); - - return Constants.DEFAULT_VERSION; - } - - - } + } + + private String parseVersionFromManifest() { + + try { + final Class clazz = ConfigurationProvider.class; + final String className = clazz.getSimpleName() + ".class"; + final String classPath = clazz.getResource(className).toString(); + + if (classPath.startsWith("jar")) { + log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version"); + return Constants.DEFAULT_VERSION; + + } + + final String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/") + + "WEB-INF/classes/".length()) + + "../../META-INF/MANIFEST.MF"; + + final Manifest manifest = new Manifest(new URL(manifestPath).openStream()); + + final Attributes attributes = manifest.getMainAttributes(); + final String version = attributes.getValue("version"); + + if (MiscUtil.isNotEmpty(version)) { + return version; + } else { + log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version"); + return Constants.DEFAULT_VERSION; + + } + + } catch (final Throwable e) { + log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version"); + + return Constants.DEFAULT_VERSION; + } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index ca0bb8ac4..a45bec654 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -34,8 +34,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -52,821 +50,815 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class FormularCustomization implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(FormularCustomization.class); - - private boolean showMandateLoginButton = true; - private boolean onlyMandateAllowed = false; - - private String fontType = null; - - private String frontColor = null; - private String backGroundColor = null; - private String header_FrontColor = null; - private String header_BackGroundColor = null; - private String header_text = null; - private String button_BackGroundColor = null; - private String button_BackGroundColorFocus = null; - private String button_FrontColor = null; - private String applet_height = null; - private String applet_width = null; - - private Map map = null; - - private String appletRedirectTarget = null; - public static List appletRedirectTargetList = null; - - public static List fontTypeList = null; - public String fontTypeListValue = null; - - private Map sendAssertionForm = new HashMap(); - private Map bkuSelectionForm = new HashMap(); - - private List bkuSelectionFileUpload = null; - private List bkuSelectionFileUploadContentType = null; - private List bkuSelectionFileUploadFileName = new ArrayList(); - private boolean deleteBKUTemplate = false; - - private List sendAssertionFileUpload = null; - private List sendAssertionFileUploadContentType = null; - private List sendAssertionFileUploadFileName = new ArrayList();; - private boolean deleteSendAssertionTemplate = false; - - private String aditionalAuthBlockText = null; - private boolean isHideBPKAuthBlock = false; - - private String saml2PostBindingTemplate = null; - private String mandateServiceSelectionTemplate = null; - - public FormularCustomization() { - new FormularCustomization(null); - } - - public FormularCustomization(Map map) { - appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top"); - fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman"); - Collections.sort(fontTypeList); - - if (map == null) - this.map = FormBuildUtils.getDefaultMap(); - else - this.map = map; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAFormularCustomization"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA auth = dbOA.getAuthComponentOA(); - - mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL(); - saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL(); - - if (dbOA.getAuthComponentOA() != null) - isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); - - if (auth != null) { - TemplatesType templates = auth.getTemplates(); - - if (templates != null) { - aditionalAuthBlockText = templates.getAditionalAuthBlockText(); - - TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); - if (bkuSelectTemplate != null - && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename()) - && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) - && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { - bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); - } - - TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); - if (sendAssertionTemplate != null - && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename()) - && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) - && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { - sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); - } - - BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); - if (formcustom != null) { - - if (formcustom.isMandateLoginButton() != null) { - showMandateLoginButton = formcustom.isMandateLoginButton(); - } - - if (formcustom.isOnlyMandateLoginAllowed() != null) { - onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); - } - - if (formcustom.getAppletHeight() != null) { - applet_height = formcustom.getAppletHeight(); - } - - if (formcustom.getAppletHeight() != null) { - applet_width = formcustom.getAppletWidth(); - } - - if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) - appletRedirectTarget = formcustom.getAppletRedirectTarget(); - - if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { - backGroundColor = formcustom.getBackGroundColor(); - map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { - button_BackGroundColor = formcustom.getButtonBackGroundColor(); - map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { - button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); - map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { - button_FrontColor = formcustom.getButtonFontColor(); - map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getFontType())) { - fontType = formcustom.getFontType(); - map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType()); - } - - if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { - frontColor = formcustom.getFrontColor(); - map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { - header_BackGroundColor = formcustom.getHeaderBackGroundColor(); - map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { - header_FrontColor = formcustom.getHeaderFrontColor(); - map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { - header_text = formcustom.getHeaderText(); - map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText()); - } - } - } - } - - request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); - - dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate); - dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate); - - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - - templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); - - //store BKU-selection and send-assertion templates - if (authUser.isAdmin()) { - - if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) { - //templates.setBKUSelectionTemplate(null); - templates.getBKUSelectionTemplate().setDelete(true); - } - - if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) { - //templates.setSendAssertionTemplate(null); - templates.getSendAssertionTemplate().setDelete(true); - } - - - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = bkuSelectionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(bkuSelectionForm.get( - template.getFilename())); - - templates.setBKUSelectionTemplate(template); - } - - if (sendAssertionForm != null && sendAssertionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = sendAssertionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(sendAssertionForm.get( - template.getFilename())); - - templates.setSendAssertionTemplate(template); - } + private boolean showMandateLoginButton = true; + private boolean onlyMandateAllowed = false; + + private String fontType = null; + + private String frontColor = null; + private String backGroundColor = null; + private String header_FrontColor = null; + private String header_BackGroundColor = null; + private String header_text = null; + private String button_BackGroundColor = null; + private String button_BackGroundColorFocus = null; + private String button_FrontColor = null; + private String applet_height = null; + private String applet_width = null; + + private Map map = null; + + private String appletRedirectTarget = null; + public static List appletRedirectTargetList = null; + + public static List fontTypeList = null; + public String fontTypeListValue = null; + + private Map sendAssertionForm = new HashMap<>(); + private Map bkuSelectionForm = new HashMap<>(); + + private List bkuSelectionFileUpload = null; + private List bkuSelectionFileUploadContentType = null; + private List bkuSelectionFileUploadFileName = new ArrayList<>(); + private boolean deleteBKUTemplate = false; + + private List sendAssertionFileUpload = null; + private List sendAssertionFileUploadContentType = null; + private List sendAssertionFileUploadFileName = new ArrayList<>(); + private boolean deleteSendAssertionTemplate = false; + + private String aditionalAuthBlockText = null; + private boolean isHideBPKAuthBlock = false; + + private String saml2PostBindingTemplate = null; + private String mandateServiceSelectionTemplate = null; + + public FormularCustomization() { + new FormularCustomization(null); + } + + public FormularCustomization(Map map) { + appletRedirectTargetList = Arrays.asList("", "_blank", "_self", "_parent", "_top"); + fontTypeList = Arrays.asList("", "Verdana", "Geneva", "Arial", "Helvetica", "sans-serif", + "Times New Roman"); + Collections.sort(fontTypeList); + + if (map == null) { + this.map = FormBuildUtils.getDefaultMap(); + } else { + this.map = map; + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAFormularCustomization"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA auth = dbOA.getAuthComponentOA(); + + mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL(); + saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL(); + + if (dbOA.getAuthComponentOA() != null) { + isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); + } + + if (auth != null) { + final TemplatesType templates = auth.getTemplates(); + + if (templates != null) { + aditionalAuthBlockText = templates.getAditionalAuthBlockText(); + + final TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); + if (bkuSelectTemplate != null + && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename()) + && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) + && !bkuSelectTemplate.getFilename().equals( + MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { + bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); } - - BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); - if (bkuselectioncustom == null) { - bkuselectioncustom = new BKUSelectionCustomizationType(); - templates.setBKUSelectionCustomization(bkuselectioncustom); + + final TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); + if (sendAssertionTemplate != null + && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename()) + && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) + && !sendAssertionTemplate.getFilename().equals( + MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { + sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); } - - if (authoa.getMandates() != null && - ((authoa.getMandates().getProfileName() != null - && authoa.getMandates().getProfileName().size() > 0) - || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) - - bkuselectioncustom.setMandateLoginButton(true); - else - bkuselectioncustom.setMandateLoginButton(false); - - bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); - - bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); - bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); - - bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); - bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); - bkuselectioncustom.setHeaderText(getHeader_text()); - - bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); - bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); - bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); - - if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) - bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); - - bkuselectioncustom.setFontType(getFontType()); - - bkuselectioncustom.setAppletHeight(getApplet_height()); - bkuselectioncustom.setAppletWidth(getApplet_width()); - - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - HttpSession session = request.getSession(); - List errors = new ArrayList(); - - String check = null; - if (authUser.isAdmin()) { - //validate aditionalAuthBlockText - check = getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - } - - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - //validate BKU-selection template - List templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName() - , getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); - if (templateError != null && templateError.size() == 0) { - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) - session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); - - else - bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - - } else { - errors.addAll(templateError); + final BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); + if (formcustom != null) { + + if (formcustom.isMandateLoginButton() != null) { + showMandateLoginButton = formcustom.isMandateLoginButton(); + } + + if (formcustom.isOnlyMandateLoginAllowed() != null) { + onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); + } + + if (formcustom.getAppletHeight() != null) { + applet_height = formcustom.getAppletHeight(); + } + + if (formcustom.getAppletHeight() != null) { + applet_width = formcustom.getAppletWidth(); + } + + if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) { + appletRedirectTarget = formcustom.getAppletRedirectTarget(); + } + + if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { + backGroundColor = formcustom.getBackGroundColor(); + map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { + button_BackGroundColor = formcustom.getButtonBackGroundColor(); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { + button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom + .getButtonBackGroundColorFocus()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { + button_FrontColor = formcustom.getButtonFontColor(); + map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFontType())) { + fontType = formcustom.getFontType(); + map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { + frontColor = formcustom.getFrontColor(); + map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { + header_BackGroundColor = formcustom.getHeaderBackGroundColor(); + map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { + header_FrontColor = formcustom.getHeaderFrontColor(); + map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { + header_text = formcustom.getHeaderText(); + map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText()); + } } + } + } + + request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } - //validate send-assertion template - templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName() - , getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); - if (templateError != null && templateError.size() == 0) { - if (sendAssertionForm != null && sendAssertionForm.size() > 0) - session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); - else - sendAssertionForm = (Map) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate); + dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate); - } else { - errors.addAll(templateError); + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } - } - - check = getSaml2PostBindingTemplate(); - if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("URL to SAML2 POST-Binding template is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", request)); - - } - - check = getMandateServiceSelectionTemplate(); - if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("URL to mandate-service selection-template is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", request)); - - } - - - //validate BKUFormCustomization - errors.addAll(new FormularCustomizationValitator().validate(this, request)); - - return errors; - } - - private String parseColor(String color) { - String value = ""; - - if (MiscUtil.isNotEmpty(color)) { - if (!color.startsWith("#")) - value = "#" + color; - else - value = color; - } - return value; + templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); + + // store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) { + // templates.setBKUSelectionTemplate(null); + templates.getBKUSelectionTemplate().setDelete(true); + } + + if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) { + // templates.setSendAssertionTemplate(null); + templates.getSendAssertionTemplate().setDelete(true); + } + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + final TransformsInfoType template = new TransformsInfoType(); + + final Iterator interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + final TransformsInfoType template = new TransformsInfoType(); + + final Iterator interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } } - /** - * @return the showMandateLoginButton - */ - public boolean isShowMandateLoginButton() { - return showMandateLoginButton; - } + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + if (authoa.getMandates() != null && + (authoa.getMandates().getProfileName() != null + && authoa.getMandates().getProfileName().size() > 0 + || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) { + bkuselectioncustom.setMandateLoginButton(true); + } else { + bkuselectioncustom.setMandateLoginButton(false); + } + bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); - /** - * @param showMandateLoginButton the showMandateLoginButton to set - */ - public void setShowMandateLoginButton(boolean showMandateLoginButton) { - this.showMandateLoginButton = showMandateLoginButton; - } + bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); + bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(getHeader_text()); - /** - * @return the onlyMandateAllowed - */ - public boolean isOnlyMandateAllowed() { - return onlyMandateAllowed; - } + bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); + if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) { + bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); + } + + bkuselectioncustom.setFontType(getFontType()); + + bkuselectioncustom.setAppletHeight(getApplet_height()); + bkuselectioncustom.setAppletWidth(getApplet_width()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final HttpSession session = request.getSession(); + final List errors = new ArrayList<>(); + + String check = null; + if (authUser.isAdmin()) { + // validate aditionalAuthBlockText + check = getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + } - /** - * @param onlyMandateAllowed the onlyMandateAllowed to set - */ - public void setOnlyMandateAllowed(boolean onlyMandateAllowed) { - this.onlyMandateAllowed = onlyMandateAllowed; - } + final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + // validate BKU-selection template + List templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName(), + getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + } else { + bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + } + } else { + errors.addAll(templateError); - /** - * @return the fontType - */ - public String getFontType() { - return fontType; - } + } + // validate send-assertion template + templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName(), + getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + } else { + sendAssertionForm = (Map) session.getAttribute( + Constants.SESSION_SENDASSERTIONTEMPLATE); + } - /** - * @param fontType the fontType to set - */ - public void setFontType(String fontType) { - this.fontType = fontType; - } + } else { + errors.addAll(templateError); + } - /** - * @return the frontColor - */ - public String getFrontColor() { - return frontColor; - } + check = getSaml2PostBindingTemplate(); + if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("URL to SAML2 POST-Binding template is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", + request)); + } - /** - * @param frontColor the frontColor to set - */ - public void setFrontColor(String frontColor) { - this.frontColor = frontColor; - } + check = getMandateServiceSelectionTemplate(); + if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("URL to mandate-service selection-template is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", + request)); + } - /** - * @return the backGroundColor - */ - public String getBackGroundColor() { - return backGroundColor; - } + // validate BKUFormCustomization + errors.addAll(new FormularCustomizationValitator().validate(this, request)); + return errors; + } - /** - * @param backGroundColor the backGroundColor to set - */ - public void setBackGroundColor(String backGroundColor) { - this.backGroundColor = backGroundColor; - } + private String parseColor(String color) { + String value = ""; + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) { + value = "#" + color; + } else { + value = color; + } + } + return value; + } + + /** + * @return the showMandateLoginButton + */ + public boolean isShowMandateLoginButton() { + return showMandateLoginButton; + } + + /** + * @param showMandateLoginButton the showMandateLoginButton to set + */ + public void setShowMandateLoginButton(boolean showMandateLoginButton) { + this.showMandateLoginButton = showMandateLoginButton; + } + + /** + * @return the onlyMandateAllowed + */ + public boolean isOnlyMandateAllowed() { + return onlyMandateAllowed; + } + + /** + * @param onlyMandateAllowed the onlyMandateAllowed to set + */ + public void setOnlyMandateAllowed(boolean onlyMandateAllowed) { + this.onlyMandateAllowed = onlyMandateAllowed; + } + + /** + * @return the fontType + */ + public String getFontType() { + return fontType; + } + + /** + * @param fontType the fontType to set + */ + public void setFontType(String fontType) { + this.fontType = fontType; + } + + /** + * @return the frontColor + */ + public String getFrontColor() { + return frontColor; + } + + /** + * @param frontColor the frontColor to set + */ + public void setFrontColor(String frontColor) { + this.frontColor = frontColor; + } + + /** + * @return the backGroundColor + */ + public String getBackGroundColor() { + return backGroundColor; + } + + /** + * @param backGroundColor the backGroundColor to set + */ + public void setBackGroundColor(String backGroundColor) { + this.backGroundColor = backGroundColor; + } + + /** + * @return the header_FrontColor + */ + public String getHeader_FrontColor() { + return header_FrontColor; + } + + /** + * @param header_FrontColor the header_FrontColor to set + */ + public void setHeader_FrontColor(String header_FrontColor) { + this.header_FrontColor = header_FrontColor; + } + + /** + * @return the header_BackGroundColor + */ + public String getHeader_BackGroundColor() { + return header_BackGroundColor; + } + + /** + * @param header_BackGroundColor the header_BackGroundColor to set + */ + public void setHeader_BackGroundColor(String header_BackGroundColor) { + this.header_BackGroundColor = header_BackGroundColor; + } + + /** + * @return the header_text + */ + public String getHeader_text() { + return header_text; + } + + /** + * @param header_text the header_text to set + */ + public void setHeader_text(String header_text) { + this.header_text = header_text; + } + + /** + * @return the button_BackGroundColor + */ + public String getButton_BackGroundColor() { + return button_BackGroundColor; + } + + /** + * @param button_BackGroundColor the button_BackGroundColor to set + */ + public void setButton_BackGroundColor(String button_BackGroundColor) { + this.button_BackGroundColor = button_BackGroundColor; + } + + /** + * @return the button_BackGroundColorFocus + */ + public String getButton_BackGroundColorFocus() { + return button_BackGroundColorFocus; + } + + /** + * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set + */ + public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) { + this.button_BackGroundColorFocus = button_BackGroundColorFocus; + } + + /** + * @return the button_FrontColor + */ + public String getButton_FrontColor() { + return button_FrontColor; + } + + /** + * @param button_FrontColor the button_FrontColor to set + */ + public void setButton_FrontColor(String button_FrontColor) { + this.button_FrontColor = button_FrontColor; + } + + /** + * @return the appletRedirectTarget + */ + public String getAppletRedirectTarget() { + return appletRedirectTarget; + } + + /** + * @param appletRedirectTarget the appletRedirectTarget to set + */ + public void setAppletRedirectTarget(String appletRedirectTarget) { + this.appletRedirectTarget = appletRedirectTarget; + } + + /** + * @return the appletredirecttargetlist + */ + public List getAppletRedirectTargetList() { + return appletRedirectTargetList; + } + + /** + * @return the fontTypeList + */ + public List getFontTypeList() { + return fontTypeList; + } + + /** + * @return the fontTypeListValue + */ + public String getFontTypeListValue() { + return fontTypeListValue; + } + + /** + * @param fontTypeListValue the fontTypeListValue to set + */ + public void setFontTypeListValue(String fontTypeListValue) { + this.fontTypeListValue = fontTypeListValue; + } + + /** + * @return the applet_height + */ + public String getApplet_height() { + return applet_height; + } + + /** + * @param applet_height the applet_height to set + */ + public void setApplet_height(String applet_height) { + this.applet_height = applet_height; + } + + /** + * @return the applet_width + */ + public String getApplet_width() { + return applet_width; + } + + /** + * @param applet_width the applet_width to set + */ + public void setApplet_width(String applet_width) { + this.applet_width = applet_width; + } + + /** + * @return the bkuSelectionFileUpload + */ + public List getBkuSelectionFileUpload() { + return bkuSelectionFileUpload; + } + + /** + * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set + */ + public void setBkuSelectionFileUpload(List bkuSelectionFileUpload) { + this.bkuSelectionFileUpload = bkuSelectionFileUpload; + } + + /** + * @return the bkuSelectionFileUploadContentType + */ + public List getBkuSelectionFileUploadContentType() { + return bkuSelectionFileUploadContentType; + } + + /** + * @param bkuSelectionFileUploadContentType the + * bkuSelectionFileUploadContentType to + * set + */ + public void setBkuSelectionFileUploadContentType( + List bkuSelectionFileUploadContentType) { + this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; + } + + /** + * @return the bkuSelectionFileUploadFileName + */ + public List getBkuSelectionFileUploadFileName() { + return bkuSelectionFileUploadFileName; + } + + /** + * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to + * set + */ + public void setBkuSelectionFileUploadFileName( + List bkuSelectionFileUploadFileName) { + this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; + } + + /** + * @return the sendAssertionFileUpload + */ + public List getSendAssertionFileUpload() { + return sendAssertionFileUpload; + } + + /** + * @param sendAssertionFileUpload the sendAssertionFileUpload to set + */ + public void setSendAssertionFileUpload(List sendAssertionFileUpload) { + this.sendAssertionFileUpload = sendAssertionFileUpload; + } + + /** + * @return the sendAssertionFileUploadContentType + */ + public List getSendAssertionFileUploadContentType() { + return sendAssertionFileUploadContentType; + } + + /** + * @param sendAssertionFileUploadContentType the + * sendAssertionFileUploadContentType + * to set + */ + public void setSendAssertionFileUploadContentType( + List sendAssertionFileUploadContentType) { + this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; + } + + /** + * @return the sendAssertionFileUploadFileName + */ + public List getSendAssertionFileUploadFileName() { + return sendAssertionFileUploadFileName; + } + + /** + * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to + * set + */ + public void setSendAssertionFileUploadFileName( + List sendAssertionFileUploadFileName) { + this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; + } + + /** + * @return the deleteBKUTemplate + */ + public boolean isDeleteBKUTemplate() { + return deleteBKUTemplate; + } + + /** + * @param deleteBKUTemplate the deleteBKUTemplate to set + */ + public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { + this.deleteBKUTemplate = deleteBKUTemplate; + } + + /** + * @return the deleteSendAssertionTemplate + */ + public boolean isDeleteSendAssertionTemplate() { + return deleteSendAssertionTemplate; + } + + /** + * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set + */ + public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { + this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; + } + + /** + * @return the aditionalAuthBlockText + */ + public String getAditionalAuthBlockText() { + return aditionalAuthBlockText; + } + + /** + * @param aditionalAuthBlockText the aditionalAuthBlockText to set + */ + public void setAditionalAuthBlockText(String aditionalAuthBlockText) { + this.aditionalAuthBlockText = aditionalAuthBlockText; + } + + /** + * @return the isHideBPKAuthBlock + */ + public boolean isHideBPKAuthBlock() { + return isHideBPKAuthBlock; + } + + /** + * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set + */ + public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { + this.isHideBPKAuthBlock = isHideBPKAuthBlock; + } + + /** + * @return the map + */ + public Map getFormMap() { + return map; + } + + /** + * @return the saml2PostBindingTemplate + */ + public String getSaml2PostBindingTemplate() { + return saml2PostBindingTemplate; + } + + /** + * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set + */ + public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) { + this.saml2PostBindingTemplate = saml2PostBindingTemplate; + } + + /** + * @return the mandateServiceSelectionTemplate + */ + public String getMandateServiceSelectionTemplate() { + return mandateServiceSelectionTemplate; + } + + /** + * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to + * set + */ + public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) { + this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate; + } - /** - * @return the header_FrontColor - */ - public String getHeader_FrontColor() { - return header_FrontColor; - } - - - /** - * @param header_FrontColor the header_FrontColor to set - */ - public void setHeader_FrontColor(String header_FrontColor) { - this.header_FrontColor = header_FrontColor; - } - - - /** - * @return the header_BackGroundColor - */ - public String getHeader_BackGroundColor() { - return header_BackGroundColor; - } - - - /** - * @param header_BackGroundColor the header_BackGroundColor to set - */ - public void setHeader_BackGroundColor(String header_BackGroundColor) { - this.header_BackGroundColor = header_BackGroundColor; - } - - - /** - * @return the header_text - */ - public String getHeader_text() { - return header_text; - } - - - /** - * @param header_text the header_text to set - */ - public void setHeader_text(String header_text) { - this.header_text = header_text; - } - - - /** - * @return the button_BackGroundColor - */ - public String getButton_BackGroundColor() { - return button_BackGroundColor; - } - - - /** - * @param button_BackGroundColor the button_BackGroundColor to set - */ - public void setButton_BackGroundColor(String button_BackGroundColor) { - this.button_BackGroundColor = button_BackGroundColor; - } - - - /** - * @return the button_BackGroundColorFocus - */ - public String getButton_BackGroundColorFocus() { - return button_BackGroundColorFocus; - } - - - /** - * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set - */ - public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) { - this.button_BackGroundColorFocus = button_BackGroundColorFocus; - } - - - /** - * @return the button_FrontColor - */ - public String getButton_FrontColor() { - return button_FrontColor; - } - - - /** - * @param button_FrontColor the button_FrontColor to set - */ - public void setButton_FrontColor(String button_FrontColor) { - this.button_FrontColor = button_FrontColor; - } - - - /** - * @return the appletRedirectTarget - */ - public String getAppletRedirectTarget() { - return appletRedirectTarget; - } - - /** - * @param appletRedirectTarget the appletRedirectTarget to set - */ - public void setAppletRedirectTarget(String appletRedirectTarget) { - this.appletRedirectTarget = appletRedirectTarget; - } - - - /** - * @return the appletredirecttargetlist - */ - public List getAppletRedirectTargetList() { - return appletRedirectTargetList; - } - - /** - * @return the fontTypeList - */ - public List getFontTypeList() { - return fontTypeList; - } - - /** - * @return the fontTypeListValue - */ - public String getFontTypeListValue() { - return fontTypeListValue; - } - - /** - * @param fontTypeListValue the fontTypeListValue to set - */ - public void setFontTypeListValue(String fontTypeListValue) { - this.fontTypeListValue = fontTypeListValue; - } - - /** - * @return the applet_height - */ - public String getApplet_height() { - return applet_height; - } - - /** - * @param applet_height the applet_height to set - */ - public void setApplet_height(String applet_height) { - this.applet_height = applet_height; - } - - /** - * @return the applet_width - */ - public String getApplet_width() { - return applet_width; - } - - /** - * @param applet_width the applet_width to set - */ - public void setApplet_width(String applet_width) { - this.applet_width = applet_width; - } - - - - /** - * @return the bkuSelectionFileUpload - */ - public List getBkuSelectionFileUpload() { - return bkuSelectionFileUpload; - } - - - /** - * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set - */ - public void setBkuSelectionFileUpload(List bkuSelectionFileUpload) { - this.bkuSelectionFileUpload = bkuSelectionFileUpload; - } - - - /** - * @return the bkuSelectionFileUploadContentType - */ - public List getBkuSelectionFileUploadContentType() { - return bkuSelectionFileUploadContentType; - } - - - /** - * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set - */ - public void setBkuSelectionFileUploadContentType( - List bkuSelectionFileUploadContentType) { - this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; - } - - - /** - * @return the bkuSelectionFileUploadFileName - */ - public List getBkuSelectionFileUploadFileName() { - return bkuSelectionFileUploadFileName; - } - - - /** - * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set - */ - public void setBkuSelectionFileUploadFileName( - List bkuSelectionFileUploadFileName) { - this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; - } - - - /** - * @return the sendAssertionFileUpload - */ - public List getSendAssertionFileUpload() { - return sendAssertionFileUpload; - } - - - /** - * @param sendAssertionFileUpload the sendAssertionFileUpload to set - */ - public void setSendAssertionFileUpload(List sendAssertionFileUpload) { - this.sendAssertionFileUpload = sendAssertionFileUpload; - } - - - /** - * @return the sendAssertionFileUploadContentType - */ - public List getSendAssertionFileUploadContentType() { - return sendAssertionFileUploadContentType; - } - - - /** - * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set - */ - public void setSendAssertionFileUploadContentType( - List sendAssertionFileUploadContentType) { - this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; - } - - - /** - * @return the sendAssertionFileUploadFileName - */ - public List getSendAssertionFileUploadFileName() { - return sendAssertionFileUploadFileName; - } - - - /** - * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set - */ - public void setSendAssertionFileUploadFileName( - List sendAssertionFileUploadFileName) { - this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; - } - - - /** - * @return the deleteBKUTemplate - */ - public boolean isDeleteBKUTemplate() { - return deleteBKUTemplate; - } - - - /** - * @param deleteBKUTemplate the deleteBKUTemplate to set - */ - public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { - this.deleteBKUTemplate = deleteBKUTemplate; - } - - - /** - * @return the deleteSendAssertionTemplate - */ - public boolean isDeleteSendAssertionTemplate() { - return deleteSendAssertionTemplate; - } - - - /** - * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set - */ - public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { - this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; - } - - /** - * @return the aditionalAuthBlockText - */ - public String getAditionalAuthBlockText() { - return aditionalAuthBlockText; - } - - /** - * @param aditionalAuthBlockText the aditionalAuthBlockText to set - */ - public void setAditionalAuthBlockText(String aditionalAuthBlockText) { - this.aditionalAuthBlockText = aditionalAuthBlockText; - } - - /** - * @return the isHideBPKAuthBlock - */ - public boolean isHideBPKAuthBlock() { - return isHideBPKAuthBlock; - } - - /** - * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set - */ - public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { - this.isHideBPKAuthBlock = isHideBPKAuthBlock; - } - - /** - * @return the map - */ - public Map getFormMap() { - return map; - } - - /** - * @return the saml2PostBindingTemplate - */ - public String getSaml2PostBindingTemplate() { - return saml2PostBindingTemplate; - } - - /** - * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set - */ - public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) { - this.saml2PostBindingTemplate = saml2PostBindingTemplate; - } - - /** - * @return the mandateServiceSelectionTemplate - */ - public String getMandateServiceSelectionTemplate() { - return mandateServiceSelectionTemplate; - } - - /** - * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to set - */ - public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) { - this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 3929238f6..e7b4bfa3b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -63,434 +63,444 @@ import at.gv.egovernment.moa.util.MiscUtil; public class GeneralMOAIDConfig { - public static final long DEFAULTTIMEOUTASSERTION = 120; //sec - public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; //sec - public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; //sec - - public static final String LINE_DELIMITER = ";"; - - private String alternativeSourceID = null; + public static final long DEFAULTTIMEOUTASSERTION = 120; // sec + public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; // sec + public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; // sec + + public static final String LINE_DELIMITER = ";"; + + private String alternativeSourceID = null; // private String certStoreDirectory = null; - private boolean trustmanagerrevocationcheck = true; - - private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); - private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); - private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); - - private String moaspssURL = null; - private String moaspssAuthTrustProfile = null; - private String moaspssAuthTransformations = ""; - private List authTransformList = null; - private String moaspssIdlTrustProfile = null; - - private String moaspssIdlTrustProfileTest = null; - private String moaspssAuthTrustProfileTest = null; - - private String mandateURL = null; - private String szrgwURL = null; - private String elgaMandateServiceURL = null; - private String eidSystemServiceURL = null; - - private boolean protocolActiveSAML1 = false; - private boolean protocolActivePVP21 = true; - private boolean protocolActiveOAuth = true; - - private boolean legacy_saml1 = false; - private boolean legacy_pvp2 = false; - - private String saml1SourceID = null; - - private String pvp2IssuerName = null; - private String pvp2OrgName = null; - private String pvp2OrgDisplayName = null; - private String pvp2OrgURL = null; - private ContactForm pvp2Contact = null; - - private List fileUpload = null; - private List fileUploadContentType; - private List fileUploadFileName = new ArrayList(); - private Map secLayerTransformation = null; - - private String ssoTarget = null; - private String ssoFriendlyName = null; - private String ssoSpecialText = null; - private String ssoIdentificationNumber = null; - - private String defaultchainigmode = null; - private static Map chainigmodelist; - - private String trustedCACerts = null; - - - private String defaultBKUOnline = ""; - private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; - private String defaultBKUHandy = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; - - private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html"; - private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html"; - private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; - - private String publicURLPrefix = null; - private boolean virtualPublicURLPrefixEnabled = false; - - private boolean moaidMode = false; - - public GeneralMOAIDConfig() { - try { - this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - e.printStackTrace(); - - } - - chainigmodelist = new HashMap(); - ChainingModeType[] values = ChainingModeType.values(); - for (int i=0; i authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo(); - - if (authBlockTrans != null && !authBlockTrans.isEmpty()) { - if (secLayerTransformation == null) - secLayerTransformation = new HashMap(); - for (TransformsInfoType el : authBlockTrans) - secLayerTransformation.put(el.getFilename(), el.getTransformation()); - - } - } - - } catch (Exception e) { - - } - - } - - public void parse(MOAIDConfiguration config) { - - if (config != null) { - AuthComponentGeneral auth = config.getAuthComponentGeneral(); - - //get ELGA mandate service URLs from configuration - if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) { - if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs())) - eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs()); - - else { - if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0, - config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - eidSystemServiceURL = config.getEidSystemServiceURLs(); - - } - } - - - //get ELGA mandate service URLs from configuration - if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) { - if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) - elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs()); - - else { - if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0, - config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - elgaMandateServiceURL = config.getElgaMandateServiceURLs(); - - } - } - - - - if (auth != null) { - - GeneralConfiguration authgen = auth.getGeneralConfiguration(); - if (authgen != null) { - alternativeSourceID = authgen.getAlternativeSourceID(); - //certStoreDirectory = authgen.getCertStoreDirectory(); - if (authgen.isTrustManagerRevocationChecking() != null) - trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); - - virtualPublicURLPrefixEnabled = - KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); - - if (virtualPublicURLPrefixEnabled) { - //format CSV values with newlines - publicURLPrefix = KeyValueUtils.normalizeCSVValueString( - authgen.getPublicURLPreFix()); - - } else { - String tmp = authgen.getPublicURLPreFix(); - if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - publicURLPrefix = tmp.substring(0, - tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - publicURLPrefix = tmp; - } - - TimeOuts timeouts = authgen.getTimeOuts(); - if (timeouts != null) { - - if(timeouts.getAssertion() != null) - timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue()); - if(timeouts.getMOASessionCreated() != null) - timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue()); - if(timeouts.getMOASessionUpdated() != null) - timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue()); - - } - - - //deactive STORK - if (isMoaidMode()) { - ForeignIdentities foreign = auth.getForeignIdentities(); - if (foreign != null) { - ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); - if (connect_foreign != null) { - if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { - if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) - szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); - - else { - if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - szrgwURL = connect_foreign.getURL().substring(0, - connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - szrgwURL = connect_foreign.getURL(); - - } - - } - } - - STORK stork = foreign.getSTORK(); - if (stork != null) { - //TODO: add Stork config - - } - } - } - - } - - if (isMoaidMode()) { - MOASP moaspss = auth.getMOASP(); - if (moaspss != null) { - ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); - if (con != null) - moaspssURL = con.getURL(); - - VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); - if (authblock != null) { - moaspssAuthTrustProfile = authblock.getTrustProfileID(); - moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); - - List list = authblock.getVerifyTransformsInfoProfileID(); - if (list.size() == 1) - moaspssAuthTransformations += list.get(0); - else { - for (String el : list) - moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; - } - } - - VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); - if (idl != null) { - moaspssIdlTrustProfile = idl.getTrustProfileID(); - moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); - } - } - - OnlineMandates mandates = auth.getOnlineMandates(); - if (mandates != null) { - ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); - if (con != null) { - if (MiscUtil.isNotEmpty(con.getURL())) { - if (KeyValueUtils.isCSVValueString(con.getURL())) - mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); - - else { - if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - mandateURL = con.getURL().substring(0, - con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - mandateURL = con.getURL(); - - } - - } - - } - } - } - - Protocols protocols = auth.getProtocols(); - if (protocols != null) { - LegacyAllowed legacy = protocols.getLegacyAllowed(); - - if (legacy != null) { - List list = legacy.getProtocolName(); - if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) - legacy_saml1 = true; - - if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) - legacy_pvp2 = true; - } - - SAML1 saml1 = protocols.getSAML1(); - if (saml1 != null) { - protocolActiveSAML1 = saml1.isIsActive(); - saml1SourceID = saml1.getSourceID(); - - //TODO: could removed in a later version - if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) - saml1SourceID = alternativeSourceID; - - } - - if (isMoaidMode()) { - OAuth oauth = protocols.getOAuth(); - if (oauth != null) { - protocolActiveOAuth = oauth.isIsActive(); - - } - - } - - PVP2 pvp2 = protocols.getPVP2(); - if (pvp2 != null) { - - protocolActivePVP21 = pvp2.isIsActive(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = pvp2.getPublicURLPrefix(); - - pvp2IssuerName = pvp2.getIssuerName(); - - List con = pvp2.getContact(); - - //TODO: change to support more contacts - if (con != null && con.size() > 0) { - pvp2Contact = new ContactForm(con.get(0)); - - } - - Organization org = pvp2.getOrganization(); - if (org != null) { - pvp2OrgDisplayName = org.getDisplayName(); - pvp2OrgName = org.getName(); - pvp2OrgURL = org.getURL(); - } - } - - } - - if (isMoaidMode()) { - SecurityLayer seclayer = auth.getSecurityLayer(); - if (seclayer != null) { - List list = seclayer.getTransformsInfo(); - - for (TransformsInfoType el : list) { - fileUploadFileName.add(el.getFilename()); - } - } - - SSO sso = auth.getSSO(); - if (sso != null) { - ssoFriendlyName = sso.getFriendlyName(); - - // IdentificationNumber idl = sso.getIdentificationNumber(); - // if (idl != null) - // ssoIdentificationNumber = idl.getValue(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = sso.getPublicURL(); - - ssoSpecialText = sso.getSpecialText(); - - if (MiscUtil.isNotEmpty(sso.getTarget()) && - sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { - ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). - replace("+", ""); - - } else - ssoTarget = sso.getTarget(); - - } - } - - ChainingModes modes = config.getChainingModes(); - if (modes != null) { - ChainingModeType defaultmode = modes.getSystemDefaultMode(); - if (defaultmode != null) { - - defaultchainigmode = defaultmode.value(); - - } - - List trustanchor = modes.getTrustAnchor(); - if (trustanchor != null) { - //TODO: set addional trust anchors!!!! - } - } - - DefaultBKUs defaultbkus = config.getDefaultBKUs(); - if (defaultbkus != null) { - defaultBKUHandy = defaultbkus.getHandyBKU(); - defaultBKULocal = defaultbkus.getLocalBKU(); - defaultBKUOnline = defaultbkus.getOnlineBKU(); - } - - SLRequestTemplates slreq = config.getSLRequestTemplates(); - if (slreq != null) { - SLRequestTemplateHandy = slreq.getHandyBKU(); - SLRequestTemplateLocal = slreq.getLocalBKU(); - SLRequestTemplateOnline = slreq.getOnlineBKU(); - } - - } - - trustedCACerts = config.getTrustedCACertificates(); - - - - } - } - - /** - * @return the szrgwURL - */ - public String getSzrgwURL() { - return szrgwURL; - } - - /** - * @param szrgwURL the szrgwURL to set - */ - public void setSzrgwURL(String szrgwURL) { - if (MiscUtil.isNotEmpty(szrgwURL)) - this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL); - else - this.szrgwURL = szrgwURL; - } + private boolean trustmanagerrevocationcheck = true; + + private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); + private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); + private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); + + private String moaspssURL = null; + private String moaspssAuthTrustProfile = null; + private String moaspssAuthTransformations = ""; + private List authTransformList = null; + private String moaspssIdlTrustProfile = null; + + private String moaspssIdlTrustProfileTest = null; + private String moaspssAuthTrustProfileTest = null; + + private String mandateURL = null; + private String szrgwURL = null; + private String elgaMandateServiceURL = null; + private String eidSystemServiceURL = null; + + private boolean protocolActiveSAML1 = false; + private boolean protocolActivePVP21 = true; + private boolean protocolActiveOAuth = true; + + private boolean legacy_saml1 = false; + private boolean legacy_pvp2 = false; + + private String saml1SourceID = null; + + private String pvp2IssuerName = null; + private String pvp2OrgName = null; + private String pvp2OrgDisplayName = null; + private String pvp2OrgURL = null; + private ContactForm pvp2Contact = null; + + private List fileUpload = null; + private List fileUploadContentType; + private List fileUploadFileName = new ArrayList<>(); + private Map secLayerTransformation = null; + + private String ssoTarget = null; + private String ssoFriendlyName = null; + private String ssoSpecialText = null; + private String ssoIdentificationNumber = null; + + private String defaultchainigmode = null; + private static Map chainigmodelist; + + private String trustedCACerts = null; + + private String defaultBKUOnline = ""; + private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; + private String defaultBKUHandy = + "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; + + private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html"; + private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html"; + private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; + + private String publicURLPrefix = null; + private boolean virtualPublicURLPrefixEnabled = false; + + private boolean moaidMode = false; + + public GeneralMOAIDConfig() { + try { + this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + e.printStackTrace(); + + } + + chainigmodelist = new HashMap<>(); + final ChainingModeType[] values = ChainingModeType.values(); + for (final ChainingModeType value : values) { + chainigmodelist.put(value.value(), value.value()); + } + + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + if (config != null) { + final MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration(); + final List authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer() + .getTransformsInfo(); + + if (authBlockTrans != null && !authBlockTrans.isEmpty()) { + if (secLayerTransformation == null) { + secLayerTransformation = new HashMap<>(); + } + for (final TransformsInfoType el : authBlockTrans) { + secLayerTransformation.put(el.getFilename(), el.getTransformation()); + } + + } + } + + } catch (final Exception e) { + + } + + } + + public void parse(MOAIDConfiguration config) { + + if (config != null) { + final AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + // get ELGA mandate service URLs from configuration + if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) { + if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs())) { + eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs()); + } else { + if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0, + config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + eidSystemServiceURL = config.getEidSystemServiceURLs(); + } + + } + } + + // get ELGA mandate service URLs from configuration + if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) { + if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) { + elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs()); + } else { + if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0, + config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + elgaMandateServiceURL = config.getElgaMandateServiceURLs(); + } + + } + } + + if (auth != null) { + + final GeneralConfiguration authgen = auth.getGeneralConfiguration(); + if (authgen != null) { + alternativeSourceID = authgen.getAlternativeSourceID(); + // certStoreDirectory = authgen.getCertStoreDirectory(); + if (authgen.isTrustManagerRevocationChecking() != null) { + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + } + + virtualPublicURLPrefixEnabled = + KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); + + if (virtualPublicURLPrefixEnabled) { + // format CSV values with newlines + publicURLPrefix = KeyValueUtils.normalizeCSVValueString( + authgen.getPublicURLPreFix()); + + } else { + final String tmp = authgen.getPublicURLPreFix(); + if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + publicURLPrefix = tmp.substring(0, + tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + publicURLPrefix = tmp; + } + } + + final TimeOuts timeouts = authgen.getTimeOuts(); + if (timeouts != null) { + + if (timeouts.getAssertion() != null) { + timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue()); + } + if (timeouts.getMOASessionCreated() != null) { + timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue()); + } + if (timeouts.getMOASessionUpdated() != null) { + timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue()); + } + + } + + // deactive STORK + if (isMoaidMode()) { + final ForeignIdentities foreign = auth.getForeignIdentities(); + if (foreign != null) { + final ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); + if (connect_foreign != null) { + if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { + if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) { + szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); + } else { + if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + szrgwURL = connect_foreign.getURL().substring(0, + connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + szrgwURL = connect_foreign.getURL(); + } + + } + + } + } + + final STORK stork = foreign.getSTORK(); + if (stork != null) { + // TODO: add Stork config + + } + } + } + + } + + if (isMoaidMode()) { + final MOASP moaspss = auth.getMOASP(); + if (moaspss != null) { + final ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); + if (con != null) { + moaspssURL = con.getURL(); + } + + final VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); + if (authblock != null) { + moaspssAuthTrustProfile = authblock.getTrustProfileID(); + moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); + + final List list = authblock.getVerifyTransformsInfoProfileID(); + if (list.size() == 1) { + moaspssAuthTransformations += list.get(0); + } else { + for (final String el : list) { + moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; + } + } + } + + final VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); + if (idl != null) { + moaspssIdlTrustProfile = idl.getTrustProfileID(); + moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); + } + } + + final OnlineMandates mandates = auth.getOnlineMandates(); + if (mandates != null) { + final ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); + if (con != null) { + if (MiscUtil.isNotEmpty(con.getURL())) { + if (KeyValueUtils.isCSVValueString(con.getURL())) { + mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + } else { + if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + mandateURL = con.getURL().substring(0, + con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + mandateURL = con.getURL(); + } + + } + + } + + } + } + } + + final Protocols protocols = auth.getProtocols(); + if (protocols != null) { + final LegacyAllowed legacy = protocols.getLegacyAllowed(); + + if (legacy != null) { + final List list = legacy.getProtocolName(); + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { + legacy_saml1 = true; + } + + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { + legacy_pvp2 = true; + } + } + + final SAML1 saml1 = protocols.getSAML1(); + if (saml1 != null) { + protocolActiveSAML1 = saml1.isIsActive(); + saml1SourceID = saml1.getSourceID(); + + // TODO: could removed in a later version + if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) { + saml1SourceID = alternativeSourceID; + } + + } + + if (isMoaidMode()) { + final OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = oauth.isIsActive(); + + } + + } + + final PVP2 pvp2 = protocols.getPVP2(); + if (pvp2 != null) { + + protocolActivePVP21 = pvp2.isIsActive(); + + // INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) { + publicURLPrefix = pvp2.getPublicURLPrefix(); + } + + pvp2IssuerName = pvp2.getIssuerName(); + + final List con = pvp2.getContact(); + + // TODO: change to support more contacts + if (con != null && con.size() > 0) { + pvp2Contact = new ContactForm(con.get(0)); + + } + + final Organization org = pvp2.getOrganization(); + if (org != null) { + pvp2OrgDisplayName = org.getDisplayName(); + pvp2OrgName = org.getName(); + pvp2OrgURL = org.getURL(); + } + } + + } + + if (isMoaidMode()) { + final SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer != null) { + final List list = seclayer.getTransformsInfo(); + + for (final TransformsInfoType el : list) { + fileUploadFileName.add(el.getFilename()); + } + } + + final SSO sso = auth.getSSO(); + if (sso != null) { + ssoFriendlyName = sso.getFriendlyName(); + + // IdentificationNumber idl = sso.getIdentificationNumber(); + // if (idl != null) + // ssoIdentificationNumber = idl.getValue(); + + // INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) { + publicURLPrefix = sso.getPublicURL(); + } + + ssoSpecialText = sso.getSpecialText(); + + if (MiscUtil.isNotEmpty(sso.getTarget()) && + sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { + ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()).replace("+", ""); + + } else { + ssoTarget = sso.getTarget(); + } + + } + } + + final ChainingModes modes = config.getChainingModes(); + if (modes != null) { + final ChainingModeType defaultmode = modes.getSystemDefaultMode(); + if (defaultmode != null) { + + defaultchainigmode = defaultmode.value(); + + } + + final List trustanchor = modes.getTrustAnchor(); + if (trustanchor != null) { + // TODO: set addional trust anchors!!!! + } + } + + final DefaultBKUs defaultbkus = config.getDefaultBKUs(); + if (defaultbkus != null) { + defaultBKUHandy = defaultbkus.getHandyBKU(); + defaultBKULocal = defaultbkus.getLocalBKU(); + defaultBKUOnline = defaultbkus.getOnlineBKU(); + } + + final SLRequestTemplates slreq = config.getSLRequestTemplates(); + if (slreq != null) { + SLRequestTemplateHandy = slreq.getHandyBKU(); + SLRequestTemplateLocal = slreq.getLocalBKU(); + SLRequestTemplateOnline = slreq.getOnlineBKU(); + } + + } + + trustedCACerts = config.getTrustedCACertificates(); + + } + } + + /** + * @return the szrgwURL + */ + public String getSzrgwURL() { + return szrgwURL; + } + + /** + * @param szrgwURL the szrgwURL to set + */ + public void setSzrgwURL(String szrgwURL) { + if (MiscUtil.isNotEmpty(szrgwURL)) { + this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL); + } else { + this.szrgwURL = szrgwURL; + } + } // /** // * @return the certStoreDirectory @@ -506,662 +516,665 @@ public class GeneralMOAIDConfig { // this.certStoreDirectory = certStoreDirectory; // } - /** - * @return the timeoutAssertion - */ - public String getTimeoutAssertion() { - return timeoutAssertion; - } - - /** - * @param timeoutAssertion the timeoutAssertion to set - */ - public void setTimeoutAssertion(String timeoutAssertion) { - this.timeoutAssertion = timeoutAssertion; - } - - /** - * @return the timeoutMOASessionCreated - */ - public String getTimeoutMOASessionCreated() { - return timeoutMOASessionCreated; - } - - /** - * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set - */ - public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) { - this.timeoutMOASessionCreated = timeoutMOASessionCreated; - } - - /** - * @return the timeoutMOASessionUpdated - */ - public String getTimeoutMOASessionUpdated() { - return timeoutMOASessionUpdated; - } - - /** - * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set - */ - public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) { - this.timeoutMOASessionUpdated = timeoutMOASessionUpdated; - } - - /** - * @return the moaspssURL - */ - public String getMoaspssURL() { - return moaspssURL; - } - - /** - * @param moaspssURL the moaspssURL to set - */ - public void setMoaspssURL(String moaspssURL) { - this.moaspssURL = moaspssURL; - } - - /** - * @return the moaspssAuthTrustProfile - */ - public String getMoaspssAuthTrustProfile() { - return moaspssAuthTrustProfile; - } - - /** - * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set - */ - public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) { - this.moaspssAuthTrustProfile = moaspssAuthTrustProfile; - } - - /** - * @return the moaspssAuthTransformations - */ - public String getMoaspssAuthTransformations() { - return moaspssAuthTransformations; - } - - /** - * @param moaspssAuthTransformations the moaspssAuthTransformations to set - */ - public void setMoaspssAuthTransformations(String moaspssAuthTransformations) { - this.moaspssAuthTransformations = moaspssAuthTransformations; - } - - /** - * @return the moaspssIdlTrustProfile - */ - public String getMoaspssIdlTrustProfile() { - return moaspssIdlTrustProfile; - } - - /** - * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set - */ - public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) { - this.moaspssIdlTrustProfile = moaspssIdlTrustProfile; - } - - /** - * @return the mandateURL - */ - public String getMandateURL() { - return mandateURL; - } - - /** - * @param mandateURL the mandateURL to set - */ - public void setMandateURL(String mandateURL) { - if (MiscUtil.isNotEmpty(mandateURL)) - this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL); - else - this.mandateURL = mandateURL; - } - - /** - * @return the legacy_saml1 - */ - public boolean isLegacy_saml1() { - return legacy_saml1; - } - - /** - * @param legacy_saml1 the legacy_saml1 to set - */ - public void setLegacy_saml1(boolean legacy_saml1) { - this.legacy_saml1 = legacy_saml1; - } - - /** - * @return the legacy_pvp2 - */ - public boolean isLegacy_pvp2() { - return legacy_pvp2; - } - - /** - * @param legacy_pvp2 the legacy_pvp2 to set - */ - public void setLegacy_pvp2(boolean legacy_pvp2) { - this.legacy_pvp2 = legacy_pvp2; - } - - /** - * @return the pvp2IssuerName - */ - public String getPvp2IssuerName() { - return pvp2IssuerName; - } - - /** - * @param pvp2IssuerName the pvp2IssuerName to set - */ - public void setPvp2IssuerName(String pvp2IssuerName) { - this.pvp2IssuerName = pvp2IssuerName; - } - - /** - * @return the pvp2OrgName - */ - public String getPvp2OrgName() { - return pvp2OrgName; - } - - /** - * @param pvp2OrgName the pvp2OrgName to set - */ - public void setPvp2OrgName(String pvp2OrgName) { - this.pvp2OrgName = pvp2OrgName; - } - - /** - * @return the pvp2OrgDisplayName - */ - public String getPvp2OrgDisplayName() { - return pvp2OrgDisplayName; - } - - /** - * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set - */ - public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) { - this.pvp2OrgDisplayName = pvp2OrgDisplayName; - } - - /** - * @return the pvp2OrgURL - */ - public String getPvp2OrgURL() { - return pvp2OrgURL; - } - - /** - * @param pvp2OrgURL the pvp2OrgURL to set - */ - public void setPvp2OrgURL(String pvp2OrgURL) { - this.pvp2OrgURL = pvp2OrgURL; - } - - /** - * @return the pvp2Contact - */ - public ContactForm getPvp2Contact() { - return pvp2Contact; - } - - /** - * @param pvp2Contact the pvp2Contact to set - */ - public void setPvp2Contact(ContactForm pvp2Contact) { - this.pvp2Contact = pvp2Contact; - } - - /** - * @return the fileUpload - */ - public List getFileUpload() { - return fileUpload; - } - - /** - * @param fileUpload the fileUpload to set - */ - public void setFileUpload(List fileUpload) { - this.fileUpload = fileUpload; - } - - /** - * @return the fileUploadContentType - */ - public List getFileUploadContentType() { - return fileUploadContentType; - } - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(List fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - /** - * @return the fileUploadFileName - */ - public List getFileUploadFileName() { - return fileUploadFileName; - } - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(List fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - /** - * @return the ssoTarget - */ - public String getSsoTarget() { - return ssoTarget; - } - - /** - * @param ssoTarget the ssoTarget to set - */ - public void setSsoTarget(String ssoTarget) { - this.ssoTarget = ssoTarget; - } - - /** - * @return the ssoFriendlyName - */ - public String getSsoFriendlyName() { - return ssoFriendlyName; - } - - /** - * @param ssoFriendlyName the ssoFriendlyName to set - */ - public void setSsoFriendlyName(String ssoFriendlyName) { - this.ssoFriendlyName = ssoFriendlyName; - } - - /** - * @return the ssoSpecialText - */ - public String getSsoSpecialText() { - return ssoSpecialText; - } - - /** - * @param ssoSpecialText the ssoSpecialText to set - */ - public void setSsoSpecialText(String ssoSpecialText) { - this.ssoSpecialText = ssoSpecialText; - } - - /** - * @return the ssoIdentificationNumber - */ - public String getSsoIdentificationNumber() { - return ssoIdentificationNumber; - } - - /** - * @param ssoIdentificationNumber the ssoIdentificationNumber to set - */ - public void setSsoIdentificationNumber(String ssoIdentificationNumber) { - this.ssoIdentificationNumber = ssoIdentificationNumber; - } - - /** - * @return the defaultchainigmode - */ - public String getDefaultchainigmode() { - return defaultchainigmode; - } - - /** - * @param defaultchainigmode the defaultchainigmode to set - */ - public void setDefaultchainigmode(String defaultchainigmode) { - this.defaultchainigmode = defaultchainigmode; - } - - /** - * @return the defaultBKUOnline - */ - public String getDefaultBKUOnline() { - return defaultBKUOnline; - } - - /** - * @param defaultBKUOnline the defaultBKUOnline to set - */ - public void setDefaultBKUOnline(String defaultBKUOnline) { - this.defaultBKUOnline = defaultBKUOnline; - } - - /** - * @return the defaultBKULocal - */ - public String getDefaultBKULocal() { - return defaultBKULocal; - } - - /** - * @param defaultBKULocal the defaultBKULocal to set - */ - public void setDefaultBKULocal(String defaultBKULocal) { - this.defaultBKULocal = defaultBKULocal; - } - - /** - * @return the defaultBKUHandy - */ - public String getDefaultBKUHandy() { - return defaultBKUHandy; - } - - /** - * @param defaultBKUHandy the defaultBKUHandy to set - */ - public void setDefaultBKUHandy(String defaultBKUHandy) { - this.defaultBKUHandy = defaultBKUHandy; - } - - /** - * @return the sLRequestTemplateOnline - */ - public String getSLRequestTemplateOnline() { - return SLRequestTemplateOnline; - } - - /** - * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set - */ - public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) { - SLRequestTemplateOnline = sLRequestTemplateOnline; - } - - /** - * @return the sLRequestTemplateLocal - */ - public String getSLRequestTemplateLocal() { - return SLRequestTemplateLocal; - } - - /** - * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set - */ - public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) { - SLRequestTemplateLocal = sLRequestTemplateLocal; - } - - /** - * @return the sLRequestTemplateHandy - */ - public String getSLRequestTemplateHandy() { - return SLRequestTemplateHandy; - } - - /** - * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set - */ - public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) { - SLRequestTemplateHandy = sLRequestTemplateHandy; - } - - /** - * @return the trustmanagerrevocationcheck - */ - public boolean isTrustmanagerrevocationcheck() { - return trustmanagerrevocationcheck; - } - - /** - * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set - */ - public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) { - this.trustmanagerrevocationcheck = trustmanagerrevocationcheck; - } - - /** - * @return the trustedCACerts - */ - public String getTrustedCACerts() { - return trustedCACerts; - } - - /** - * @param trustedCACerts the trustedCACerts to set - */ - public void setTrustedCACerts(String trustedCACerts) { - this.trustedCACerts = trustedCACerts; - } - - /** - * @return the chainigmodelist - */ - public Map getChainigmodelist() { - return chainigmodelist; - } - - /** - * @param chainigmodelist the chainigmodelist to set - */ - public void setChainigmodelist(Map chainigmodelist) { - GeneralMOAIDConfig.chainigmodelist = chainigmodelist; - } - - /** - * @return the secLayerTransformation - */ - public Map getSecLayerTransformation() { - - return secLayerTransformation; - } - - /** - * @param secLayerTransformation the secLayerTransformation to set - */ - public void setSecLayerTransformation(Map secLayerTransformation) { - this.secLayerTransformation = secLayerTransformation; - } - - /** - * @return the authTransformList - */ - public List getAuthTransformList() { - return authTransformList; - } - - /** - * @param authTransformList the authTransformList to set - */ - public void setAuthTransformList(List authTransformList) { - this.authTransformList = authTransformList; - } - - - - - public void setFileUpload(File fileUpload) { - if (this.fileUpload == null) - this.fileUpload = new ArrayList(); - this.fileUpload.add(fileUpload); - } - - public void setFileUploadContentType(String fileUploadContentType) { - if (this.fileUploadContentType == null) - this.fileUploadContentType = new ArrayList(); - this.fileUploadContentType.add(fileUploadContentType); - } - - public void setFileUploadFileName(String fileUploadFileName) { - if (this.fileUploadFileName == null) - this.fileUploadFileName = new ArrayList(); - this.fileUploadFileName.add(fileUploadFileName); - } - - /** - * @return the protocolActiveSAML1 - */ - public boolean isProtocolActiveSAML1() { - return protocolActiveSAML1; - } - - /** - * @param protocolActiveSAML1 the protocolActiveSAML1 to set - */ - public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { - this.protocolActiveSAML1 = protocolActiveSAML1; - } - - /** - * @return the protocolActivePVP21 - */ - public boolean isProtocolActivePVP21() { - return protocolActivePVP21; - } - - /** - * @param protocolActivePVP21 the protocolActivePVP21 to set - */ - public void setProtocolActivePVP21(boolean protocolActivePVP21) { - this.protocolActivePVP21 = protocolActivePVP21; - } - - /** - * @return the protocolActiveOAuth - */ - public boolean isProtocolActiveOAuth() { - return protocolActiveOAuth; - } - - /** - * @param protocolActiveOAuth the protocolActiveOAuth to set - */ - public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { - this.protocolActiveOAuth = protocolActiveOAuth; - } - - /** - * @return the saml1SourceID - */ - public String getSaml1SourceID() { - return saml1SourceID; - } - - /** - * @param saml1SourceID the saml1SourceID to set - */ - public void setSaml1SourceID(String saml1SourceID) { - this.saml1SourceID = saml1SourceID; - } - - /** - * @return the publicURLPrefix - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - /** - * @param publicURLPrefix the publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - if (MiscUtil.isNotEmpty(publicURLPrefix)) - this.publicURLPrefix = - KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); - else - this.publicURLPrefix = publicURLPrefix; - - } - - /** - * @return the moaspssIdlTrustProfileTest - */ - public String getMoaspssIdlTrustProfileTest() { - return moaspssIdlTrustProfileTest; - } - - /** - * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set - */ - public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) { - this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest; - } - - /** - * @return the moaspssAuthTrustProfileTest - */ - public String getMoaspssAuthTrustProfileTest() { - return moaspssAuthTrustProfileTest; - } - - /** - * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set - */ - public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { - this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; - } - - /** - * @return the virtualPublicURLPrefixEnabled - */ - public boolean isVirtualPublicURLPrefixEnabled() { - return virtualPublicURLPrefixEnabled; - } - - /** - * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set - */ - public void setVirtualPublicURLPrefixEnabled( - boolean virtualPublicURLPrefixEnabled) { - this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; - } - - /** - * @return the elgaMandateServiceURL - */ - public String getElgaMandateServiceURL() { - return elgaMandateServiceURL; - } - - /** - * @param elgaMandateServiceURL the elgaMandateServiceURL to set - */ - public void setElgaMandateServiceURL(String elgaMandateServiceURL) { - if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) - this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL); - else - this.elgaMandateServiceURL = elgaMandateServiceURL; - } - - /** - * @return the eidSystemServiceURL - */ - public String getEidSystemServiceURL() { - return eidSystemServiceURL; - } - - public boolean isMoaidMode() { - return moaidMode; - } - - /** - * @param eidSystemServiceURL the E-ID Service URL to set - */ - public void setEidSystemServiceURL(String eidSystemServiceURL) { - if (MiscUtil.isNotEmpty(eidSystemServiceURL)) - this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); - else - this.eidSystemServiceURL = eidSystemServiceURL; - } - - + /** + * @return the timeoutAssertion + */ + public String getTimeoutAssertion() { + return timeoutAssertion; + } + + /** + * @param timeoutAssertion the timeoutAssertion to set + */ + public void setTimeoutAssertion(String timeoutAssertion) { + this.timeoutAssertion = timeoutAssertion; + } + + /** + * @return the timeoutMOASessionCreated + */ + public String getTimeoutMOASessionCreated() { + return timeoutMOASessionCreated; + } + + /** + * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set + */ + public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) { + this.timeoutMOASessionCreated = timeoutMOASessionCreated; + } + + /** + * @return the timeoutMOASessionUpdated + */ + public String getTimeoutMOASessionUpdated() { + return timeoutMOASessionUpdated; + } + + /** + * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set + */ + public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) { + this.timeoutMOASessionUpdated = timeoutMOASessionUpdated; + } + + /** + * @return the moaspssURL + */ + public String getMoaspssURL() { + return moaspssURL; + } + + /** + * @param moaspssURL the moaspssURL to set + */ + public void setMoaspssURL(String moaspssURL) { + this.moaspssURL = moaspssURL; + } + + /** + * @return the moaspssAuthTrustProfile + */ + public String getMoaspssAuthTrustProfile() { + return moaspssAuthTrustProfile; + } + + /** + * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set + */ + public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) { + this.moaspssAuthTrustProfile = moaspssAuthTrustProfile; + } + + /** + * @return the moaspssAuthTransformations + */ + public String getMoaspssAuthTransformations() { + return moaspssAuthTransformations; + } + + /** + * @param moaspssAuthTransformations the moaspssAuthTransformations to set + */ + public void setMoaspssAuthTransformations(String moaspssAuthTransformations) { + this.moaspssAuthTransformations = moaspssAuthTransformations; + } + + /** + * @return the moaspssIdlTrustProfile + */ + public String getMoaspssIdlTrustProfile() { + return moaspssIdlTrustProfile; + } + + /** + * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set + */ + public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) { + this.moaspssIdlTrustProfile = moaspssIdlTrustProfile; + } + + /** + * @return the mandateURL + */ + public String getMandateURL() { + return mandateURL; + } + + /** + * @param mandateURL the mandateURL to set + */ + public void setMandateURL(String mandateURL) { + if (MiscUtil.isNotEmpty(mandateURL)) { + this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL); + } else { + this.mandateURL = mandateURL; + } + } + + /** + * @return the legacy_saml1 + */ + public boolean isLegacy_saml1() { + return legacy_saml1; + } + + /** + * @param legacy_saml1 the legacy_saml1 to set + */ + public void setLegacy_saml1(boolean legacy_saml1) { + this.legacy_saml1 = legacy_saml1; + } + + /** + * @return the legacy_pvp2 + */ + public boolean isLegacy_pvp2() { + return legacy_pvp2; + } + + /** + * @param legacy_pvp2 the legacy_pvp2 to set + */ + public void setLegacy_pvp2(boolean legacy_pvp2) { + this.legacy_pvp2 = legacy_pvp2; + } + + /** + * @return the pvp2IssuerName + */ + public String getPvp2IssuerName() { + return pvp2IssuerName; + } + + /** + * @param pvp2IssuerName the pvp2IssuerName to set + */ + public void setPvp2IssuerName(String pvp2IssuerName) { + this.pvp2IssuerName = pvp2IssuerName; + } + + /** + * @return the pvp2OrgName + */ + public String getPvp2OrgName() { + return pvp2OrgName; + } + + /** + * @param pvp2OrgName the pvp2OrgName to set + */ + public void setPvp2OrgName(String pvp2OrgName) { + this.pvp2OrgName = pvp2OrgName; + } + + /** + * @return the pvp2OrgDisplayName + */ + public String getPvp2OrgDisplayName() { + return pvp2OrgDisplayName; + } + + /** + * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set + */ + public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) { + this.pvp2OrgDisplayName = pvp2OrgDisplayName; + } + + /** + * @return the pvp2OrgURL + */ + public String getPvp2OrgURL() { + return pvp2OrgURL; + } + + /** + * @param pvp2OrgURL the pvp2OrgURL to set + */ + public void setPvp2OrgURL(String pvp2OrgURL) { + this.pvp2OrgURL = pvp2OrgURL; + } + + /** + * @return the pvp2Contact + */ + public ContactForm getPvp2Contact() { + return pvp2Contact; + } + + /** + * @param pvp2Contact the pvp2Contact to set + */ + public void setPvp2Contact(ContactForm pvp2Contact) { + this.pvp2Contact = pvp2Contact; + } + + /** + * @return the fileUpload + */ + public List getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(List fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public List getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(List fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public List getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(List fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the ssoTarget + */ + public String getSsoTarget() { + return ssoTarget; + } + + /** + * @param ssoTarget the ssoTarget to set + */ + public void setSsoTarget(String ssoTarget) { + this.ssoTarget = ssoTarget; + } + + /** + * @return the ssoFriendlyName + */ + public String getSsoFriendlyName() { + return ssoFriendlyName; + } + + /** + * @param ssoFriendlyName the ssoFriendlyName to set + */ + public void setSsoFriendlyName(String ssoFriendlyName) { + this.ssoFriendlyName = ssoFriendlyName; + } + + /** + * @return the ssoSpecialText + */ + public String getSsoSpecialText() { + return ssoSpecialText; + } + + /** + * @param ssoSpecialText the ssoSpecialText to set + */ + public void setSsoSpecialText(String ssoSpecialText) { + this.ssoSpecialText = ssoSpecialText; + } + + /** + * @return the ssoIdentificationNumber + */ + public String getSsoIdentificationNumber() { + return ssoIdentificationNumber; + } + + /** + * @param ssoIdentificationNumber the ssoIdentificationNumber to set + */ + public void setSsoIdentificationNumber(String ssoIdentificationNumber) { + this.ssoIdentificationNumber = ssoIdentificationNumber; + } + + /** + * @return the defaultchainigmode + */ + public String getDefaultchainigmode() { + return defaultchainigmode; + } + + /** + * @param defaultchainigmode the defaultchainigmode to set + */ + public void setDefaultchainigmode(String defaultchainigmode) { + this.defaultchainigmode = defaultchainigmode; + } + + /** + * @return the defaultBKUOnline + */ + public String getDefaultBKUOnline() { + return defaultBKUOnline; + } + + /** + * @param defaultBKUOnline the defaultBKUOnline to set + */ + public void setDefaultBKUOnline(String defaultBKUOnline) { + this.defaultBKUOnline = defaultBKUOnline; + } + + /** + * @return the defaultBKULocal + */ + public String getDefaultBKULocal() { + return defaultBKULocal; + } + + /** + * @param defaultBKULocal the defaultBKULocal to set + */ + public void setDefaultBKULocal(String defaultBKULocal) { + this.defaultBKULocal = defaultBKULocal; + } + + /** + * @return the defaultBKUHandy + */ + public String getDefaultBKUHandy() { + return defaultBKUHandy; + } + + /** + * @param defaultBKUHandy the defaultBKUHandy to set + */ + public void setDefaultBKUHandy(String defaultBKUHandy) { + this.defaultBKUHandy = defaultBKUHandy; + } + + /** + * @return the sLRequestTemplateOnline + */ + public String getSLRequestTemplateOnline() { + return SLRequestTemplateOnline; + } + + /** + * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set + */ + public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) { + SLRequestTemplateOnline = sLRequestTemplateOnline; + } + + /** + * @return the sLRequestTemplateLocal + */ + public String getSLRequestTemplateLocal() { + return SLRequestTemplateLocal; + } + + /** + * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set + */ + public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) { + SLRequestTemplateLocal = sLRequestTemplateLocal; + } + + /** + * @return the sLRequestTemplateHandy + */ + public String getSLRequestTemplateHandy() { + return SLRequestTemplateHandy; + } + + /** + * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set + */ + public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) { + SLRequestTemplateHandy = sLRequestTemplateHandy; + } + + /** + * @return the trustmanagerrevocationcheck + */ + public boolean isTrustmanagerrevocationcheck() { + return trustmanagerrevocationcheck; + } + + /** + * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set + */ + public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) { + this.trustmanagerrevocationcheck = trustmanagerrevocationcheck; + } + + /** + * @return the trustedCACerts + */ + public String getTrustedCACerts() { + return trustedCACerts; + } + + /** + * @param trustedCACerts the trustedCACerts to set + */ + public void setTrustedCACerts(String trustedCACerts) { + this.trustedCACerts = trustedCACerts; + } + + /** + * @return the chainigmodelist + */ + public Map getChainigmodelist() { + return chainigmodelist; + } + + /** + * @param chainigmodelist the chainigmodelist to set + */ + public void setChainigmodelist(Map chainigmodelist) { + GeneralMOAIDConfig.chainigmodelist = chainigmodelist; + } + + /** + * @return the secLayerTransformation + */ + public Map getSecLayerTransformation() { + + return secLayerTransformation; + } + + /** + * @param secLayerTransformation the secLayerTransformation to set + */ + public void setSecLayerTransformation(Map secLayerTransformation) { + this.secLayerTransformation = secLayerTransformation; + } + + /** + * @return the authTransformList + */ + public List getAuthTransformList() { + return authTransformList; + } + + /** + * @param authTransformList the authTransformList to set + */ + public void setAuthTransformList(List authTransformList) { + this.authTransformList = authTransformList; + } + + public void setFileUpload(File fileUpload) { + if (this.fileUpload == null) { + this.fileUpload = new ArrayList<>(); + } + this.fileUpload.add(fileUpload); + } + + public void setFileUploadContentType(String fileUploadContentType) { + if (this.fileUploadContentType == null) { + this.fileUploadContentType = new ArrayList<>(); + } + this.fileUploadContentType.add(fileUploadContentType); + } + + public void setFileUploadFileName(String fileUploadFileName) { + if (this.fileUploadFileName == null) { + this.fileUploadFileName = new ArrayList<>(); + } + this.fileUploadFileName.add(fileUploadFileName); + } + + /** + * @return the protocolActiveSAML1 + */ + public boolean isProtocolActiveSAML1() { + return protocolActiveSAML1; + } + + /** + * @param protocolActiveSAML1 the protocolActiveSAML1 to set + */ + public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { + this.protocolActiveSAML1 = protocolActiveSAML1; + } + + /** + * @return the protocolActivePVP21 + */ + public boolean isProtocolActivePVP21() { + return protocolActivePVP21; + } + + /** + * @param protocolActivePVP21 the protocolActivePVP21 to set + */ + public void setProtocolActivePVP21(boolean protocolActivePVP21) { + this.protocolActivePVP21 = protocolActivePVP21; + } + + /** + * @return the protocolActiveOAuth + */ + public boolean isProtocolActiveOAuth() { + return protocolActiveOAuth; + } + + /** + * @param protocolActiveOAuth the protocolActiveOAuth to set + */ + public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { + this.protocolActiveOAuth = protocolActiveOAuth; + } + + /** + * @return the saml1SourceID + */ + public String getSaml1SourceID() { + return saml1SourceID; + } + + /** + * @param saml1SourceID the saml1SourceID to set + */ + public void setSaml1SourceID(String saml1SourceID) { + this.saml1SourceID = saml1SourceID; + } + + /** + * @return the publicURLPrefix + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * @param publicURLPrefix the publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + if (MiscUtil.isNotEmpty(publicURLPrefix)) { + this.publicURLPrefix = + KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); + } else { + this.publicURLPrefix = publicURLPrefix; + } + + } + + /** + * @return the moaspssIdlTrustProfileTest + */ + public String getMoaspssIdlTrustProfileTest() { + return moaspssIdlTrustProfileTest; + } + + /** + * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set + */ + public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) { + this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest; + } + + /** + * @return the moaspssAuthTrustProfileTest + */ + public String getMoaspssAuthTrustProfileTest() { + return moaspssAuthTrustProfileTest; + } + + /** + * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set + */ + public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { + this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; + } + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + /** + * @return the elgaMandateServiceURL + */ + public String getElgaMandateServiceURL() { + return elgaMandateServiceURL; + } + + /** + * @param elgaMandateServiceURL the elgaMandateServiceURL to set + */ + public void setElgaMandateServiceURL(String elgaMandateServiceURL) { + if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) { + this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL); + } else { + this.elgaMandateServiceURL = elgaMandateServiceURL; + } + } + + /** + * @return the eidSystemServiceURL + */ + public String getEidSystemServiceURL() { + return eidSystemServiceURL; + } + + public boolean isMoaidMode() { + return moaidMode; + } + + /** + * @param eidSystemServiceURL the E-ID Service URL to set + */ + public void setEidSystemServiceURL(String eidSystemServiceURL) { + if (MiscUtil.isNotEmpty(eidSystemServiceURL)) { + this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); + } else { + this.eidSystemServiceURL = eidSystemServiceURL; + } + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index b5c996c72..c833372c9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; @@ -36,141 +34,147 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class GeneralStorkConfig { - private List cpepslist; - private List attributes; - private String qaa; - private static final Logger log = Logger.getLogger(GeneralStorkConfig.class); - - private MOAIDConfiguration dbconfig = null; - - /** - * - */ - public GeneralStorkConfig() { - try { - dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - - } - - public void parse(MOAIDConfiguration config) { - log.info("Initializing general Stork config"); - - cpepslist = new ArrayList(); - attributes = new ArrayList(); - - if (config != null) { - AuthComponentGeneral auth = config.getAuthComponentGeneral(); - - if (auth != null) { - ForeignIdentities foreign = auth.getForeignIdentities(); - - if (foreign != null) { - STORK stork = foreign.getSTORK(); - - if (stork != null) { - // deep clone all the things - // to foreclose lazyloading session timeouts - if (stork.getCPEPS() != null) { - for(CPEPS current : stork.getCPEPS()) { - cpepslist.add(current); - } - } - - List tmp = stork.getAttributes(); - if(null != tmp) { - - for(StorkAttribute current : tmp) - attributes.add(current); - } - - try { - qaa = stork.getGeneral_eIDAS_LOA(); - - } catch(NullPointerException e) { - qaa = MOAIDConstants.eIDAS_LOA_HIGH; - } - } - - } - } - } - - if (cpepslist.isEmpty()) { - CPEPS defaultCPEPS = new CPEPS(); - defaultCPEPS.setCountryCode("CC"); - defaultCPEPS.setURL("http://"); - defaultCPEPS.setSupportsXMLSignature(true); - cpepslist.add(defaultCPEPS ); - - } - if(attributes.isEmpty()) - attributes.add(new StorkAttribute()); - } - - public List getAllowedLoALevels() { - return MOAIDConstants.ALLOWED_eIDAS_LOA; - } - - public List getRawCPEPSList() { - return cpepslist; + private List cpepslist; + private List attributes; + private String qaa; + + private MOAIDConfiguration dbconfig = null; + + /** + * + */ + public GeneralStorkConfig() { + try { + dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + + } + + public void parse(MOAIDConfiguration config) { + log.info("Initializing general Stork config"); + + cpepslist = new ArrayList<>(); + attributes = new ArrayList<>(); + + if (config != null) { + final AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + if (auth != null) { + final ForeignIdentities foreign = auth.getForeignIdentities(); + + if (foreign != null) { + final STORK stork = foreign.getSTORK(); + + if (stork != null) { + // deep clone all the things + // to foreclose lazyloading session timeouts + if (stork.getCPEPS() != null) { + for (final CPEPS current : stork.getCPEPS()) { + cpepslist.add(current); + } + } + + final List tmp = stork.getAttributes(); + if (null != tmp) { + + for (final StorkAttribute current : tmp) { + attributes.add(current); + } + } + + try { + qaa = stork.getGeneral_eIDAS_LOA(); + + } catch (final NullPointerException e) { + qaa = MOAIDConstants.eIDAS_LOA_HIGH; + } + } + + } + } } - - public List getCpepslist() { - if (null == cpepslist) - return null; - - //MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - try { - List cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); - - if (cpepss != null) { - // make CountryCode "readonly" - for (CPEPS newone : cpepslist) { - for (CPEPS current : cpepss) { - if (null != newone) - if (current.getHjid().equals(newone.getHjid())) { - newone.setCountryCode(current.getCountryCode()); - break; - } - } - } - } - - return cpepslist; - - } catch (NullPointerException e) { - return null; - - } - - } - - public void setCpepslist(List list) { - cpepslist = list; - } - - public List getAttributes() { - return attributes; - } - - public void setAttributes(List attributes) { - this.attributes = attributes; - } - - public String getDefaultQaa() { - return qaa; - } - - public void setDefaultQaa(String qaa) { - this.qaa = qaa; - } + + if (cpepslist.isEmpty()) { + final CPEPS defaultCPEPS = new CPEPS(); + defaultCPEPS.setCountryCode("CC"); + defaultCPEPS.setURL("http://"); + defaultCPEPS.setSupportsXMLSignature(true); + cpepslist.add(defaultCPEPS); + + } + if (attributes.isEmpty()) { + attributes.add(new StorkAttribute()); + } + } + + public List getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + + public List getRawCPEPSList() { + return cpepslist; + } + + public List getCpepslist() { + if (null == cpepslist) { + return null; + } + + // MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + try { + final List cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS(); + + if (cpepss != null) { + // make CountryCode "readonly" + for (final CPEPS newone : cpepslist) { + for (final CPEPS current : cpepss) { + if (null != newone) { + if (current.getHjid().equals(newone.getHjid())) { + newone.setCountryCode(current.getCountryCode()); + break; + } + } + } + } + } + + return cpepslist; + + } catch (final NullPointerException e) { + return null; + + } + + } + + public void setCpepslist(List list) { + cpepslist = list; + } + + public List getAttributes() { + return attributes; + } + + public void setAttributes(List attributes) { + this.attributes = attributes; + } + + public String getDefaultQaa() { + return qaa; + } + + public void setDefaultQaa(String qaa) { + this.qaa = qaa; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java index 28eba9f34..c7de7e369 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java @@ -23,92 +23,103 @@ package at.gv.egovernment.moa.id.configuration.data; public class OAListElement { - - public enum ServiceType {OA, VIDP, IDP, GWAY} - - private long dataBaseID; - private String oaIdentifier; - private String oaFriendlyName; - private String oaType; - private boolean isActive; - private ServiceType serviceType; - - /** - * - */ - public OAListElement(ServiceType type) { - this.serviceType = type; - } - - - /** - * @return the dataBaseID - */ - public long getDataBaseID() { - return dataBaseID; - } - /** - * @param dataBaseID the dataBaseID to set - */ - public void setDataBaseID(long dataBaseID) { - this.dataBaseID = dataBaseID; - } - /** - * @return the oaIdentifier - */ - public String getOaIdentifier() { - return oaIdentifier; - } - /** - * @param oaIdentifier the oaIdentifier to set - */ - public void setOaIdentifier(String oaIdentifier) { - this.oaIdentifier = oaIdentifier; - } - /** - * @return the oaFriendlyName - */ - public String getOaFriendlyName() { - return oaFriendlyName; - } - /** - * @param oaFriendlyName the oaFriendlyName to set - */ - public void setOaFriendlyName(String oaFriendlyName) { - this.oaFriendlyName = oaFriendlyName; - } - /** - * @return the oaType - */ - public String getOaType() { - return oaType; - } - /** - * @param oaType the oaType to set - */ - public void setOaType(String oaType) { - this.oaType = oaType; - } - /** - * @return the isActive - */ - public boolean isActive() { - return isActive; - } - /** - * @param isActive the isActive to set - */ - public void setActive(boolean isActive) { - this.isActive = isActive; - } - - public String getIsActive(){ - return String.valueOf(isActive); - } - /** - * @return the serviceType - */ - public String getServiceType() { - return serviceType.name(); - } + + public enum ServiceType { + OA, VIDP, IDP, GWAY + } + + private long dataBaseID; + private String oaIdentifier; + private String oaFriendlyName; + private String oaType; + private boolean isActive; + private final ServiceType serviceType; + + /** + * + */ + public OAListElement(ServiceType type) { + this.serviceType = type; + } + + /** + * @return the dataBaseID + */ + public long getDataBaseID() { + return dataBaseID; + } + + /** + * @param dataBaseID the dataBaseID to set + */ + public void setDataBaseID(long dataBaseID) { + this.dataBaseID = dataBaseID; + } + + /** + * @return the oaIdentifier + */ + public String getOaIdentifier() { + return oaIdentifier; + } + + /** + * @param oaIdentifier the oaIdentifier to set + */ + public void setOaIdentifier(String oaIdentifier) { + this.oaIdentifier = oaIdentifier; + } + + /** + * @return the oaFriendlyName + */ + public String getOaFriendlyName() { + return oaFriendlyName; + } + + /** + * @param oaFriendlyName the oaFriendlyName to set + */ + public void setOaFriendlyName(String oaFriendlyName) { + this.oaFriendlyName = oaFriendlyName; + } + + /** + * @return the oaType + */ + public String getOaType() { + return oaType; + } + + /** + * @param oaType the oaType to set + */ + public void setOaType(String oaType) { + this.oaType = oaType; + } + + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + public String getIsActive() { + return String.valueOf(isActive); + } + + /** + * @return the serviceType + */ + public String getServiceType() { + return serviceType.name(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java index a1bcf4aa4..af4548779 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java @@ -24,27 +24,25 @@ package at.gv.egovernment.moa.id.configuration.data; public class StorkAttributes { + public AttributValues eIdentifier; - public AttributValues eIdentifier; - - - public void parse() { - eIdentifier = AttributValues.MANDATORY; - } - - - public enum AttributValues { - MANDATORY, OPTIONAL, NOT; - - public String getValue() { - if (this == MANDATORY) - return MANDATORY.name(); - if (this == OPTIONAL) - return OPTIONAL.name(); - else - return NOT.name(); - } - } - -} + public void parse() { + eIdentifier = AttributValues.MANDATORY; + } + + public enum AttributValues { + MANDATORY, OPTIONAL, NOT; + public String getValue() { + if (this == MANDATORY) { + return MANDATORY.name(); + } + if (this == OPTIONAL) { + return OPTIONAL.name(); + } else { + return NOT.name(); + } + } + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java index 8f4746d69..8f94fa642 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java @@ -26,328 +26,310 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.util.MiscUtil; public class UserDatabaseFrom { - - private String bpk; - private String familyName; - private String givenName; - private String institut; - private String mail; - private String phone; - private String username; - private String password; - private String password_second; - private boolean active = false; - private boolean admin = false; - private boolean passwordActive; - private boolean isusernamepasswordallowed = false; - private boolean isadminrequest = true; - private boolean ismandateuser = false; - private boolean isPVPGenerated; - private String userID = null; - - public UserDatabaseFrom() { - - } - - public UserDatabaseFrom(UserDatabase db) { - bpk = db.getBpk(); - familyName = db.getFamilyname(); - givenName = db.getGivenname(); - institut = db.getInstitut(); - mail = db.getMail(); - phone = db.getPhone(); - username = db.getUsername(); - - if (MiscUtil.isNotEmpty(db.getPassword())) - passwordActive = true; - else - passwordActive = false; - - active = db.isIsActive(); - admin = db.isIsAdmin(); - - if (db.isIsUsernamePasswordAllowed() != null) - isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); - else - isusernamepasswordallowed = true; - - if (db.isIsAdminRequest() != null) - isadminrequest = db.isIsAdminRequest(); - else - isadminrequest = false; - - if (db.isIsMandateUser() != null) - ismandateuser = db.isIsMandateUser(); - else - ismandateuser = false; - - if (db.isIsPVP2Generated() != null) - isPVPGenerated = db.isIsPVP2Generated(); - else - isPVPGenerated = false; - - userID = String.valueOf(db.getHjid()); - } - - - /** - * @return the bpk - */ - public String getBpk() { - return bpk; - } - - - /** - * @param bpk the bpk to set - */ - public void setBpk(String bpk) { - this.bpk = bpk; - } - - - /** - * @return the familyName - */ - public String getFamilyName() { - return familyName; - } - - - /** - * @param familyName the familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - - /** - * @return the givenName - */ - public String getGivenName() { - return givenName; - } - - - /** - * @param givenName the givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - - /** - * @return the institut - */ - public String getInstitut() { - return institut; - } - - - /** - * @param institut the institut to set - */ - public void setInstitut(String institut) { - this.institut = institut; - } - - - /** - * @return the mail - */ - public String getMail() { - return mail; - } - - - /** - * @param mail the mail to set - */ - public void setMail(String mail) { - this.mail = mail; - } - - - /** - * @return the phone - */ - public String getPhone() { - return phone; - } - - - /** - * @param phone the phone to set - */ - public void setPhone(String phone) { - this.phone = phone; - } - - - /** - * @return the username - */ - public String getUsername() { - return username; - } - - - /** - * @param username the username to set - */ - public void setUsername(String username) { - this.username = username; - } - - - /** - * @return the password - */ - public String getPassword() { - return password; - } - - - /** - * @param password the password to set - */ - public void setPassword(String password) { - this.password = password; - } - - - /** - * @return the active - */ - public boolean isActive() { - return active; - } - - - /** - * @param active the active to set - */ - public void setActive(boolean active) { - this.active = active; - } - - - /** - * @return the admin - */ - public boolean isAdmin() { - return admin; - } - - - /** - * @param admin the admin to set - */ - public void setAdmin(boolean admin) { - this.admin = admin; - } - - - /** - * @return the passwordActive - */ - public boolean isPasswordActive() { - return passwordActive; - } - - - /** - * @param passwordActive the passwordActive to set - */ - public void setPasswordActive(boolean passwordActive) { - this.passwordActive = passwordActive; - } - - /** - * @return the userID - */ - public String getUserID() { - return userID; - } - - /** - * @param userID the userID to set - */ - public void setUserID(String userID) { - this.userID = userID; - } - - /** - * @return the password_second - */ - public String getPassword_second() { - return password_second; - } - - /** - * @param password_second the password_second to set - */ - public void setPassword_second(String password_second) { - this.password_second = password_second; - } - - /** - * @return the isusernamepasswordallowed - */ - public boolean isIsusernamepasswordallowed() { - return isusernamepasswordallowed; - } - - /** - * @param isusernamepasswordallowed the isusernamepasswordallowed to set - */ - public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { - this.isusernamepasswordallowed = isusernamepasswordallowed; - } - - /** - * @return the ismandateuser - */ - public boolean isIsmandateuser() { - return ismandateuser; - } - - - /** - * @param ismandateuser the ismandateuser to set - */ - public void setIsmandateuser(boolean ismandateuser) { - this.ismandateuser = ismandateuser; - } - - /** - * @return the isadminrequest - */ - public boolean isIsadminrequest() { - return isadminrequest; - } - - /** - * @param isadminrequest the isadminrequest to set - */ - public void setIsadminrequest(boolean isadminrequest) { - this.isadminrequest = isadminrequest; - } - - /** - * @return the isPVPGenerated - */ - public boolean isPVPGenerated() { - return isPVPGenerated; - } - - /** - * @param isPVPGenerated the isPVPGenerated to set - */ - public void setPVPGenerated(boolean isPVPGenerated) { - this.isPVPGenerated = isPVPGenerated; - } - + + private String bpk; + private String familyName; + private String givenName; + private String institut; + private String mail; + private String phone; + private String username; + private String password; + private String password_second; + private boolean active = false; + private boolean admin = false; + private boolean passwordActive; + private boolean isusernamepasswordallowed = false; + private boolean isadminrequest = true; + private boolean ismandateuser = false; + private boolean isPVPGenerated; + private String userID = null; + + public UserDatabaseFrom() { + + } + + public UserDatabaseFrom(UserDatabase db) { + bpk = db.getBpk(); + familyName = db.getFamilyname(); + givenName = db.getGivenname(); + institut = db.getInstitut(); + mail = db.getMail(); + phone = db.getPhone(); + username = db.getUsername(); + + if (MiscUtil.isNotEmpty(db.getPassword())) { + passwordActive = true; + } else { + passwordActive = false; + } + + active = db.isIsActive(); + admin = db.isIsAdmin(); + + if (db.isIsUsernamePasswordAllowed() != null) { + isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); + } else { + isusernamepasswordallowed = true; + } + + if (db.isIsAdminRequest() != null) { + isadminrequest = db.isIsAdminRequest(); + } else { + isadminrequest = false; + } + + if (db.isIsMandateUser() != null) { + ismandateuser = db.isIsMandateUser(); + } else { + ismandateuser = false; + } + + if (db.isIsPVP2Generated() != null) { + isPVPGenerated = db.isIsPVP2Generated(); + } else { + isPVPGenerated = false; + } + + userID = String.valueOf(db.getHjid()); + } + + /** + * @return the bpk + */ + public String getBpk() { + return bpk; + } + + /** + * @param bpk the bpk to set + */ + public void setBpk(String bpk) { + this.bpk = bpk; + } + + /** + * @return the familyName + */ + public String getFamilyName() { + return familyName; + } + + /** + * @param familyName the familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * @return the givenName + */ + public String getGivenName() { + return givenName; + } + + /** + * @param givenName the givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * @return the institut + */ + public String getInstitut() { + return institut; + } + + /** + * @param institut the institut to set + */ + public void setInstitut(String institut) { + this.institut = institut; + } + + /** + * @return the mail + */ + public String getMail() { + return mail; + } + + /** + * @param mail the mail to set + */ + public void setMail(String mail) { + this.mail = mail; + } + + /** + * @return the phone + */ + public String getPhone() { + return phone; + } + + /** + * @param phone the phone to set + */ + public void setPhone(String phone) { + this.phone = phone; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the active + */ + public boolean isActive() { + return active; + } + + /** + * @param active the active to set + */ + public void setActive(boolean active) { + this.active = active; + } + + /** + * @return the admin + */ + public boolean isAdmin() { + return admin; + } + + /** + * @param admin the admin to set + */ + public void setAdmin(boolean admin) { + this.admin = admin; + } + + /** + * @return the passwordActive + */ + public boolean isPasswordActive() { + return passwordActive; + } + + /** + * @param passwordActive the passwordActive to set + */ + public void setPasswordActive(boolean passwordActive) { + this.passwordActive = passwordActive; + } + + /** + * @return the userID + */ + public String getUserID() { + return userID; + } + + /** + * @param userID the userID to set + */ + public void setUserID(String userID) { + this.userID = userID; + } + + /** + * @return the password_second + */ + public String getPassword_second() { + return password_second; + } + + /** + * @param password_second the password_second to set + */ + public void setPassword_second(String password_second) { + this.password_second = password_second; + } + + /** + * @return the isusernamepasswordallowed + */ + public boolean isIsusernamepasswordallowed() { + return isusernamepasswordallowed; + } + + /** + * @param isusernamepasswordallowed the isusernamepasswordallowed to set + */ + public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { + this.isusernamepasswordallowed = isusernamepasswordallowed; + } + + /** + * @return the ismandateuser + */ + public boolean isIsmandateuser() { + return ismandateuser; + } + + /** + * @param ismandateuser the ismandateuser to set + */ + public void setIsmandateuser(boolean ismandateuser) { + this.ismandateuser = ismandateuser; + } + + /** + * @return the isadminrequest + */ + public boolean isIsadminrequest() { + return isadminrequest; + } + + /** + * @param isadminrequest the isadminrequest to set + */ + public void setIsadminrequest(boolean isadminrequest) { + this.isadminrequest = isadminrequest; + } + + /** + * @return the isPVPGenerated + */ + public boolean isPVPGenerated() { + return isPVPGenerated; + } + + /** + * @param isPVPGenerated the isPVPGenerated to set + */ + public void setPVPGenerated(boolean isPVPGenerated) { + this.isPVPGenerated = isPVPGenerated; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java index 63c82037f..c2344e059 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java @@ -4,61 +4,61 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAStorkAttribut import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; public class AttributeHelper { - private boolean isUsed = false; - private String name; - private boolean mandatory; - private boolean readonly; + private boolean isUsed = false; + private String name; + private boolean mandatory; + private boolean readonly; - public AttributeHelper() { - // TODO Auto-generated constructor stub - } + public AttributeHelper() { + // TODO Auto-generated constructor stub + } - public AttributeHelper(OAStorkAttribute attribute) { - isUsed = true; - name = attribute.getName(); - mandatory = attribute.isMandatory(); - } + public AttributeHelper(OAStorkAttribute attribute) { + isUsed = true; + name = attribute.getName(); + mandatory = attribute.isMandatory(); + } - public AttributeHelper(StorkAttribute attribute) { - name = attribute.getName(); - mandatory = false; - if (attribute.isMandatory()==null) { // TODO check details - attribute.setMandatory(false); - } else { - readonly = attribute.isMandatory(); - } - isUsed = readonly; - } + public AttributeHelper(StorkAttribute attribute) { + name = attribute.getName(); + mandatory = false; + if (attribute.isMandatory() == null) { // TODO check details + attribute.setMandatory(false); + } else { + readonly = attribute.isMandatory(); + } + isUsed = readonly; + } - public boolean isUsed() { - return isUsed; - } + public boolean isUsed() { + return isUsed; + } - public void setUsed(boolean used) { - isUsed = used; - } + public void setUsed(boolean used) { + isUsed = used; + } - public String getName() { - return name; - } + public String getName() { + return name; + } - public void setName(String newname) { - name = newname; - } + public void setName(String newname) { + name = newname; + } - public boolean isMandatory() { - return mandatory; - } + public boolean isMandatory() { + return mandatory; + } - public void setMandatory(boolean value) { - mandatory = value; - } + public void setMandatory(boolean value) { + mandatory = value; + } - public boolean isReadOnly() { - return readonly; - } + public boolean isReadOnly() { + return readonly; + } - public void setReadOnly(boolean value) { - // we do not allow setting the readonly field - } + public void setReadOnly(boolean value) { + // we do not allow setting the readonly field + } } \ No newline at end of file diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java index 8195c993d..0ba3ed36c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java @@ -34,31 +34,34 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; * */ public interface IOnlineApplicationData { - - public String getName(); - - /** - * Parse OnlineApplication database object to formData - * @param dbOAConfig - * @return List of Errors - */ - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); - - /** - * Store formData to OnlineApplication database object - * @param dboa: Database data object - * @param authUser - * @param request: - * @return Error description - */ - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); - - /** - * Validate formData - * @param general - * @param request - * @return - */ - public List validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); + + String getName(); + + /** + * Parse OnlineApplication database object to formData + * + * @param dbOAConfig + * @return List of Errors + */ + List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Store formData to OnlineApplication database object + * + * @param dboa: Database data object + * @param authUser + * @param request: + * @return Error description + */ + String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Validate formData + * + * @param general + * @param request + * @return + */ + List validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index b3db074a2..b3f0620f0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -29,8 +29,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; @@ -47,105 +45,105 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAAuthenticationData implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OAAuthenticationData.class); - - private String bkuOnlineURL = null; - private String bkuHandyURL = null; - private String bkuLocalURL = null; - - private String mandateProfiles = null; - private boolean useMandates = false; - - private List misServicesList = new ArrayList(); - private List elgaServicesList = new ArrayList(); - private List szrgwServicesList = new ArrayList(); - private List eidServicesList = new ArrayList(); - private String misServiceSelected = null; - private String elgaServiceSelected = null; - private String szrgwServiceSelected = null; - private String eidServiceSelected = null; - - private boolean calculateHPI = false; - - private String keyBoxIdentifier = null; - private static Map keyBoxIdentifierList; - - private boolean legacy = false; - List SLTemplates = null; - - private Map transformations; - - private boolean enableTestCredentials = false; - private List testCredentialOIDs = null; - private boolean useTestIDLValidationTrustStore = false; - private boolean useTestAuthblockValidationTrustStore = false; - - - //SL2.0 - private boolean sl20Active = false; - private String sl20EndPoints = null; - - private boolean isMoaidMode = false; - - /** - * @param isMoaidMode - * - */ - public OAAuthenticationData() { - try { - this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - e.printStackTrace(); - - } - - keyBoxIdentifierList = new HashMap(); - MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); - for (int i=0; i misServicesList = new ArrayList<>(); + private List elgaServicesList = new ArrayList<>(); + private List szrgwServicesList = new ArrayList<>(); + private List eidServicesList = new ArrayList<>(); + private String misServiceSelected = null; + private String elgaServiceSelected = null; + private String szrgwServiceSelected = null; + private String eidServiceSelected = null; + + private boolean calculateHPI = false; + + private String keyBoxIdentifier = null; + private static Map keyBoxIdentifierList; + + private boolean legacy = false; + List SLTemplates = null; + + private Map transformations; + + private boolean enableTestCredentials = false; + private List testCredentialOIDs = null; + private boolean useTestIDLValidationTrustStore = false; + private boolean useTestAuthblockValidationTrustStore = false; + + // SL2.0 + private boolean sl20Active = false; + private String sl20EndPoints = null; + + private boolean isMoaidMode = false; + + /** + * @param isMoaidMode + * + */ + public OAAuthenticationData() { + try { + this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + e.printStackTrace(); + + } + + keyBoxIdentifierList = new HashMap<>(); + final MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); + for (final MOAKeyBoxSelector value : values) { + keyBoxIdentifierList.put(value.value(), value.value()); + } + + keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); + + try { + final MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead() + .getMOAIDConfiguration(); + + if (this.isMoaidMode) { + try { + elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); + misServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL()); + } catch (final NullPointerException e) { + } + + try { + szrgwServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL()); + } catch (final NullPointerException e) { + } + + } + + try { + eidServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getEidSystemServiceURLs()); + } catch (final NullPointerException e) { + } + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + // bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; // bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; -// +// // MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); // if (moaidconfig != null) { // DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); @@ -155,34 +153,43 @@ public class OAAuthenticationData implements IOnlineApplicationData { // setBkuOnlineURL(defaultbkus.getOnlineBKU()); // } // } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAAuthenticationData"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); - - szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); - eidServiceSelected = dbOA.getSelectedEIDServiceURL(); - - AuthComponentOA oaauth = dbOA.getAuthComponentOA(); - if (oaauth != null) { - BKUURLS bkuurls = oaauth.getBKUURLS(); - - String defaulthandy = ""; - String defaultlocal = ""; - String defaultonline = ""; - + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAAuthenticationData"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); + + szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + eidServiceSelected = dbOA.getSelectedEIDServiceURL(); + + final AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + final BKUURLS bkuurls = oaauth.getBKUURLS(); + + final String defaulthandy = ""; + final String defaultlocal = ""; + final String defaultonline = ""; + // MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); // if (dbconfig != null) { // DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); @@ -192,674 +199,685 @@ public class OAAuthenticationData implements IOnlineApplicationData { // defaultonline = defaultbkus.getOnlineBKU(); // } // } - - if (bkuurls != null) { - - if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) - bkuHandyURL = defaulthandy; - else - bkuHandyURL = bkuurls.getHandyBKU(); - - if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) - bkuLocalURL = defaultlocal; - else - bkuLocalURL = bkuurls.getLocalBKU(); - - if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) - bkuOnlineURL = defaultonline; - else - bkuOnlineURL = bkuurls.getOnlineBKU(); - } - - Mandates mandates = oaauth.getMandates(); - if (mandates != null) { - - mandateProfiles = null; - - List profileList = mandates.getProfileName(); - for (String el : profileList) { - if (mandateProfiles == null) - mandateProfiles = el; - - else - mandateProfiles += "," + el; - } - - //TODO: only for RC1 - if (MiscUtil.isNotEmpty(mandates.getProfiles())) { - if (mandateProfiles == null) - mandateProfiles = mandates.getProfiles(); - - else - mandateProfiles += "," + mandates.getProfiles(); - - } - - if (mandateProfiles != null) - useMandates = true; - - else - useMandates = false; - - misServiceSelected = mandates.getSelectedMISServiceURL(); - elgaServiceSelected = mandates.getSelecteELGAServiceURL(); - - } - - TemplatesType templates = oaauth.getTemplates(); - if (templates != null) { - List templatetype = templates.getTemplate(); - - if (templatetype != null) { - if (SLTemplates == null) { - SLTemplates = new ArrayList(); - } - - for (TemplateType el : templatetype) { - SLTemplates.add(el.getURL()); - } - } - } - - if (SLTemplates != null && SLTemplates.size() > 0) - legacy = true; - - List transforminfos = oaauth.getTransformsInfo(); - transformations = new HashMap(); - for (TransformsInfoType el : transforminfos) { - transformations.put(el.getFilename(), el.getTransformation()); - } - } - - if (oaauth.getTestCredentials() != null) { - enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); - testCredentialOIDs = new ArrayList(); - testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); - - useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore(); - useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); - } - - //parse SL2.0 information - if (oaauth.isSl20Active()) { - //parse SL2.0 endpoint information - if (oaauth.getSl20EndPoints() != null) { - if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) - sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); - - else { - if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - sl20EndPoints = oaauth.getSl20EndPoints().substring(0, - oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - sl20EndPoints = oaauth.getSl20EndPoints(); - - } - } - sl20Active = oaauth.isSl20Active(); - - } - - - return null; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + + if (bkuurls != null) { + + if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) { + bkuHandyURL = defaulthandy; + } else { + bkuHandyURL = bkuurls.getHandyBKU(); + } + + if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) { + bkuLocalURL = defaultlocal; + } else { + bkuLocalURL = bkuurls.getLocalBKU(); + } + + if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) { + bkuOnlineURL = defaultonline; + } else { + bkuOnlineURL = bkuurls.getOnlineBKU(); + } + } + + final Mandates mandates = oaauth.getMandates(); + if (mandates != null) { + + mandateProfiles = null; + + final List profileList = mandates.getProfileName(); + for (final String el : profileList) { + if (mandateProfiles == null) { + mandateProfiles = el; + } else { + mandateProfiles += "," + el; + } + } + + // TODO: only for RC1 + if (MiscUtil.isNotEmpty(mandates.getProfiles())) { + if (mandateProfiles == null) { + mandateProfiles = mandates.getProfiles(); + } else { + mandateProfiles += "," + mandates.getProfiles(); + } + + } + + if (mandateProfiles != null) { + useMandates = true; + } else { + useMandates = false; + } + + misServiceSelected = mandates.getSelectedMISServiceURL(); + elgaServiceSelected = mandates.getSelecteELGAServiceURL(); + + } + + final TemplatesType templates = oaauth.getTemplates(); + if (templates != null) { + final List templatetype = templates.getTemplate(); + + if (templatetype != null) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + + for (final TemplateType el : templatetype) { + SLTemplates.add(el.getURL()); + } } - - dbOA.setCalculateHPI(isCalculateHPI()); - - if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) - dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); - - - if (MiscUtil.isNotEmpty(getEidServiceSelected())) - dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); - - if (authUser.isAdmin()) { - - //store BKU-URLs - BKUURLS bkuruls = new BKUURLS(); - authoa.setBKUURLS(bkuruls); - bkuruls.setHandyBKU(getBkuHandyURL()); - bkuruls.setLocalBKU(getBkuLocalURL()); - bkuruls.setOnlineBKU(getBkuOnlineURL()); - - //store SecurtiyLayerTemplates - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - List template = templates.getTemplate(); - if (isLegacy()) { - - if (template == null) - template = new ArrayList(); - else - template.clear(); - - if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL1()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL2()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL3()); - template.add(el); - } else - template.add(new TemplateType()); - - } else { - if (template != null && template.size() > 0) template.clear(); - } - - - //store keyBox Identifier - dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } + + if (SLTemplates != null && SLTemplates.size() > 0) { + legacy = true; + } + + final List transforminfos = oaauth.getTransformsInfo(); + transformations = new HashMap<>(); + for (final TransformsInfoType el : transforminfos) { + transformations.put(el.getFilename(), el.getTransformation()); + } + } + + if (oaauth.getTestCredentials() != null) { + enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); + testCredentialOIDs = new ArrayList<>(); + testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); + + useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore(); + useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); + } + + // parse SL2.0 information + if (oaauth.isSl20Active()) { + // parse SL2.0 endpoint information + if (oaauth.getSl20EndPoints() != null) { + if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) { + sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); } else { - if (dbOA.isIsNew()) dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + sl20EndPoints = oaauth.getSl20EndPoints().substring(0, + oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + sl20EndPoints = oaauth.getSl20EndPoints(); + } + } - - Mandates mandates = new Mandates(); - if (isUseMandates()) { - - String[] profileList = getMandateProfiles().split(","); - - List dbProfiles = mandates.getProfileName(); - if (dbProfiles == null) { - dbProfiles = new ArrayList(); - mandates.setProfileName(dbProfiles); - - } - - for (String el: profileList) - dbProfiles.add(el.trim()); - - mandates.setProfiles(null); - - if (MiscUtil.isNotEmpty(getMisServiceSelected())) - mandates.setSelectedMISServiceURL(getMisServiceSelected()); - - if (MiscUtil.isNotEmpty(getElgaServiceSelected())) - mandates.setSelecteELGAServiceURL(getElgaServiceSelected()); - + } + sl20Active = oaauth.isSl20Active(); + + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + dbOA.setCalculateHPI(isCalculateHPI()); + + if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) { + dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); + } + + if (MiscUtil.isNotEmpty(getEidServiceSelected())) { + dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); + } + + if (authUser.isAdmin()) { + + // store BKU-URLs + final BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + bkuruls.setHandyBKU(getBkuHandyURL()); + bkuruls.setLocalBKU(getBkuLocalURL()); + bkuruls.setOnlineBKU(getBkuOnlineURL()); + + // store SecurtiyLayerTemplates + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + List template = templates.getTemplate(); + if (isLegacy()) { + + if (template == null) { + template = new ArrayList<>(); } else { - mandates.setProfiles(null); - mandates.getProfileName().clear(); - + template.clear(); } - authoa.setMandates(mandates); - // set default transformation if it is empty - List transformsInfo = authoa.getTransformsInfo(); - if (transformsInfo == null) { - // TODO: set OA specific transformation if it is required + if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL1()); + template.add(el); + } else { + template.add(new TemplateType()); + } + if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL2()); + template.add(el); + } else { + template.add(new TemplateType()); + } + if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL3()); + template.add(el); + } else { + template.add(new TemplateType()); + } + } else { + if (template != null && template.size() > 0) { + template.clear(); } - - if (enableTestCredentials) { - TestCredentials testing = authoa.getTestCredentials(); + } + + // store keyBox Identifier + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } else { + if (dbOA.isIsNew()) { + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + } + + final Mandates mandates = new Mandates(); + if (isUseMandates()) { + + final String[] profileList = getMandateProfiles().split(","); + + List dbProfiles = mandates.getProfileName(); + if (dbProfiles == null) { + dbProfiles = new ArrayList<>(); + mandates.setProfileName(dbProfiles); + + } + + for (final String el : profileList) { + dbProfiles.add(el.trim()); + } + + mandates.setProfiles(null); + + if (MiscUtil.isNotEmpty(getMisServiceSelected())) { + mandates.setSelectedMISServiceURL(getMisServiceSelected()); + } + + if (MiscUtil.isNotEmpty(getElgaServiceSelected())) { + mandates.setSelecteELGAServiceURL(getElgaServiceSelected()); + } + + } else { + mandates.setProfiles(null); + mandates.getProfileName().clear(); + + } + authoa.setMandates(mandates); + + // set default transformation if it is empty + final List transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + // TODO: set OA specific transformation if it is required + + } + + if (enableTestCredentials) { + TestCredentials testing = authoa.getTestCredentials(); // if (testing != null) // ConfigurationDBUtils.delete(testing); - testing = new TestCredentials(); - authoa.setTestCredentials(testing); - testing.setEnableTestCredentials(enableTestCredentials); - testing.setCredentialOID(testCredentialOIDs); - + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + testing.setEnableTestCredentials(enableTestCredentials); + testing.setCredentialOID(testCredentialOIDs); + + } else { + final TestCredentials testing = authoa.getTestCredentials(); + if (testing != null) { + testing.setEnableTestCredentials(false); + } + + } + + TestCredentials testing = authoa.getTestCredentials(); + if (testing == null) { + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + + } + testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore); + testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); + + // store SL2.0 information + authoa.setSl20Active(isSl20Active()); + authoa.setSl20EndPoints(getSl20EndPoints()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); + } + + /** + * @return the bkuOnlineURL + */ + public String getBkuOnlineURL() { + return bkuOnlineURL; + } + + /** + * @param bkuOnlineURL the bkuOnlineURL to set + */ + public void setBkuOnlineURL(String bkuOnlineURL) { + this.bkuOnlineURL = bkuOnlineURL; + } + + /** + * @return the bkuHandyURL + */ + public String getBkuHandyURL() { + return bkuHandyURL; + } + + /** + * @param bkuHandyURL the bkuHandyURL to set + */ + public void setBkuHandyURL(String bkuHandyURL) { + this.bkuHandyURL = bkuHandyURL; + } + + /** + * @return the bkuLocalURL + */ + public String getBkuLocalURL() { + return bkuLocalURL; + } + + /** + * @param bkuLocalURL the bkuLocalURL to set + */ + public void setBkuLocalURL(String bkuLocalURL) { + this.bkuLocalURL = bkuLocalURL; + } + + /** + * @return the mandateProfiles + */ + public String getMandateProfiles() { + return mandateProfiles; + } + + /** + * @param mandateProfiles the mandateProfiles to set + */ + public void setMandateProfiles(String mandateProfiles) { + this.mandateProfiles = mandateProfiles; + } + + /** + * @return the useMandates + */ + public boolean isUseMandates() { + return useMandates; + } + + /** + * @param useMandates the useMandates to set + */ + public void setUseMandates(boolean useMandates) { + this.useMandates = useMandates; + } + + /** + * @return the calculateHPI + */ + public boolean isCalculateHPI() { + return calculateHPI; + } + + /** + * @param calculateHPI the calculateHPI to set + */ + public void setCalculateHPI(boolean calculateHPI) { + this.calculateHPI = calculateHPI; + } + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * @param keyBoxIdentifier the keyBoxIdentifier to set + */ + public void setKeyBoxIdentifier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * @return the keyBoxIdentifierList + */ + public Map getKeyBoxIdentifierList() { + return keyBoxIdentifierList; + } + + /** + * @return the legacy + */ + public boolean isLegacy() { + return legacy; + } + + /** + * @param legacy the legacy to set + */ + public void setLegacy(boolean legacy) { + this.legacy = legacy; + } + + /** + * @return the transformations + */ + public Map getTransformations() { + return transformations; + } + + /** + * @param transformations the transformations to set + */ + public void setTransformations(Map transformations) { + this.transformations = transformations; + } + + /** + * @return the sLTemplates + */ + public List getSLTemplates() { + return SLTemplates; + } + + /** + * @return the sLTemplateURL1 + */ + public String getSLTemplateURL1() { + if (SLTemplates != null && SLTemplates.size() > 0) { + return SLTemplates.get(0); + } else { + return null; + } + } + + /** + * @param sLTemplateURL1 the sLTemplateURL1 to set + */ + public void setSLTemplateURL1(String sLTemplateURL1) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL1); + } + + /** + * @return the sLTemplateURL2 + */ + public String getSLTemplateURL2() { + if (SLTemplates != null && SLTemplates.size() > 1) { + return SLTemplates.get(1); + } else { + return null; + } + } + + /** + * @param sLTemplateURL2 the sLTemplateURL2 to set + */ + public void setSLTemplateURL2(String sLTemplateURL2) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL2); + } + + /** + * @return the sLTemplateURL3 + */ + public String getSLTemplateURL3() { + if (SLTemplates != null && SLTemplates.size() > 2) { + return SLTemplates.get(2); + } else { + return null; + } + } + + /** + * @param sLTemplateURL3 the sLTemplateURL3 to set + */ + public void setSLTemplateURL3(String sLTemplateURL3) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL3); + } + + /** + * @return the enableTestCredentials + */ + public boolean isEnableTestCredentials() { + return enableTestCredentials; + } + + /** + * @param enableTestCredentials the enableTestCredentials to set + */ + public void setEnableTestCredentials(boolean enableTestCredentials) { + this.enableTestCredentials = enableTestCredentials; + } + + /** + * @return the testCredentialOIDs + */ + public String getTestCredentialOIDs() { + String value = null; + if (testCredentialOIDs != null) { + for (final String el : testCredentialOIDs) { + if (value == null) { + value = el; } else { - TestCredentials testing = authoa.getTestCredentials(); - if (testing != null) { - testing.setEnableTestCredentials(false); - } - + value += "," + el; } - - TestCredentials testing = authoa.getTestCredentials(); - if (testing == null) { - testing = new TestCredentials(); - authoa.setTestCredentials(testing); - - } - testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore); - testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); - - - //store SL2.0 information - authoa.setSl20Active(isSl20Active()); - authoa.setSl20EndPoints(getSl20EndPoints()); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); - } - - - /** - * @return the bkuOnlineURL - */ - public String getBkuOnlineURL() { - return bkuOnlineURL; - } - - - /** - * @param bkuOnlineURL the bkuOnlineURL to set - */ - public void setBkuOnlineURL(String bkuOnlineURL) { - this.bkuOnlineURL = bkuOnlineURL; - } - - - /** - * @return the bkuHandyURL - */ - public String getBkuHandyURL() { - return bkuHandyURL; - } - - - /** - * @param bkuHandyURL the bkuHandyURL to set - */ - public void setBkuHandyURL(String bkuHandyURL) { - this.bkuHandyURL = bkuHandyURL; - } - - - /** - * @return the bkuLocalURL - */ - public String getBkuLocalURL() { - return bkuLocalURL; - } - - - /** - * @param bkuLocalURL the bkuLocalURL to set - */ - public void setBkuLocalURL(String bkuLocalURL) { - this.bkuLocalURL = bkuLocalURL; - } - - - /** - * @return the mandateProfiles - */ - public String getMandateProfiles() { - return mandateProfiles; - } - - - /** - * @param mandateProfiles the mandateProfiles to set - */ - public void setMandateProfiles(String mandateProfiles) { - this.mandateProfiles = mandateProfiles; - } - - - /** - * @return the useMandates - */ - public boolean isUseMandates() { - return useMandates; - } - - - /** - * @param useMandates the useMandates to set - */ - public void setUseMandates(boolean useMandates) { - this.useMandates = useMandates; - } - - - /** - * @return the calculateHPI - */ - public boolean isCalculateHPI() { - return calculateHPI; - } - - - /** - * @param calculateHPI the calculateHPI to set - */ - public void setCalculateHPI(boolean calculateHPI) { - this.calculateHPI = calculateHPI; - } - - - /** - * @return the keyBoxIdentifier - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - - /** - * @param keyBoxIdentifier the keyBoxIdentifier to set - */ - public void setKeyBoxIdentifier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - - /** - * @return the keyBoxIdentifierList - */ - public Map getKeyBoxIdentifierList() { - return keyBoxIdentifierList; - } - - - /** - * @return the legacy - */ - public boolean isLegacy() { - return legacy; - } - - - /** - * @param legacy the legacy to set - */ - public void setLegacy(boolean legacy) { - this.legacy = legacy; - } - - - /** - * @return the transformations - */ - public Map getTransformations() { - return transformations; - } - - - /** - * @param transformations the transformations to set - */ - public void setTransformations(Map transformations) { - this.transformations = transformations; - } - - - /** - * @return the sLTemplates - */ - public List getSLTemplates() { - return SLTemplates; - } - - /** - * @return the sLTemplateURL1 - */ - public String getSLTemplateURL1() { - if (SLTemplates != null && SLTemplates.size() > 0) - return SLTemplates.get(0); - else - return null; - } - - - /** - * @param sLTemplateURL1 the sLTemplateURL1 to set - */ - public void setSLTemplateURL1(String sLTemplateURL1) { - if (SLTemplates == null) - SLTemplates = new ArrayList(); - SLTemplates.add(sLTemplateURL1); - } - - - /** - * @return the sLTemplateURL2 - */ - public String getSLTemplateURL2() { - if (SLTemplates != null && SLTemplates.size() > 1) - return SLTemplates.get(1); - else - return null; - } - - - /** - * @param sLTemplateURL2 the sLTemplateURL2 to set - */ - public void setSLTemplateURL2(String sLTemplateURL2) { - if (SLTemplates == null) - SLTemplates = new ArrayList(); - SLTemplates.add(sLTemplateURL2); - } - - - /** - * @return the sLTemplateURL3 - */ - public String getSLTemplateURL3() { - if (SLTemplates != null && SLTemplates.size() > 2) - return SLTemplates.get(2); - else - return null; - } - - - /** - * @param sLTemplateURL3 the sLTemplateURL3 to set - */ - public void setSLTemplateURL3(String sLTemplateURL3) { - if (SLTemplates == null) - SLTemplates = new ArrayList(); - SLTemplates.add(sLTemplateURL3); - } - - /** - * @return the enableTestCredentials - */ - public boolean isEnableTestCredentials() { - return enableTestCredentials; - } - - /** - * @param enableTestCredentials the enableTestCredentials to set - */ - public void setEnableTestCredentials(boolean enableTestCredentials) { - this.enableTestCredentials = enableTestCredentials; - } - - /** - * @return the testCredentialOIDs - */ - public String getTestCredentialOIDs() { - String value = null; - if (testCredentialOIDs != null) { - for (String el : testCredentialOIDs) { - if (value == null) - value = el; - else - value += "," + el; - - } - } - - return value; - } - - public List getTestCredialOIDList() { - return this.testCredentialOIDs; - } - - /** - * @param testCredentialOIDs the testCredentialOIDs to set - */ - public void setTestCredentialOIDs(String testCredentialOIDs) { - if (MiscUtil.isNotEmpty(testCredentialOIDs)) { - String[] oidList = testCredentialOIDs.split(","); - - this.testCredentialOIDs = new ArrayList(); - for (int i=0; i getMisServicesList() { - return misServicesList; - } - - /** - * @return the elgaServicesList - */ - public List getElgaServicesList() { - return elgaServicesList; - } - - /** - * @return the szrgwServicesList - */ - public List getSzrgwServicesList() { - return szrgwServicesList; - } - - public List getEidServicesList() { - return eidServicesList; - } - - public String getEidServiceSelected() { - return eidServiceSelected; - } - - public void setEidServiceSelected(String eidServiceSelected) { - this.eidServiceSelected = eidServiceSelected; - } - - public boolean isSl20Active() { - return sl20Active; - } - - public void setSl20Active(boolean sl20Active) { - this.sl20Active = sl20Active; - } - - public String getSl20EndPoints() { - return sl20EndPoints; - } - - public void setSl20EndPoints(String sl20EndPoints) { - if (MiscUtil.isNotEmpty(sl20EndPoints)) - this.sl20EndPoints = - KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); - else - this.sl20EndPoints = sl20EndPoints; - } - - public boolean isMoaidMode() { - return isMoaidMode; - } - + + } + } + + return value; + } + + public List getTestCredialOIDList() { + return this.testCredentialOIDs; + } + + /** + * @param testCredentialOIDs the testCredentialOIDs to set + */ + public void setTestCredentialOIDs(String testCredentialOIDs) { + if (MiscUtil.isNotEmpty(testCredentialOIDs)) { + final String[] oidList = testCredentialOIDs.split(","); + + this.testCredentialOIDs = new ArrayList<>(); + for (final String element : oidList) { + this.testCredentialOIDs.add(element.trim()); + } + } + } + + /** + * @return the useTestIDLValidationTrustStore + */ + public boolean isUseTestIDLValidationTrustStore() { + return useTestIDLValidationTrustStore; + } + + /** + * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to + * set + */ + public void setUseTestIDLValidationTrustStore( + boolean useTestIDLValidationTrustStore) { + this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore; + } + + /** + * @return the useTestAuthblockValidationTrustStore + */ + public boolean isUseTestAuthblockValidationTrustStore() { + return useTestAuthblockValidationTrustStore; + } + + /** + * @param useTestAuthblockValidationTrustStore the + * useTestAuthblockValidationTrustStore + * to set + */ + public void setUseTestAuthblockValidationTrustStore( + boolean useTestAuthblockValidationTrustStore) { + this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore; + } + + /** + * @return the misServiceSelected + */ + public String getMisServiceSelected() { + return misServiceSelected; + } + + /** + * @param misServiceSelected the misServiceSelected to set + */ + public void setMisServiceSelected(String misServiceSelected) { + this.misServiceSelected = misServiceSelected; + } + + /** + * @return the elgaServiceSelected + */ + public String getElgaServiceSelected() { + return elgaServiceSelected; + } + + /** + * @param elgaServiceSelected the elgaServiceSelected to set + */ + public void setElgaServiceSelected(String elgaServiceSelected) { + this.elgaServiceSelected = elgaServiceSelected; + } + + /** + * @return the szrgwServiceSelected + */ + public String getSzrgwServiceSelected() { + return szrgwServiceSelected; + } + + /** + * @param szrgwServiceSelected the szrgwServiceSelected to set + */ + public void setSzrgwServiceSelected(String szrgwServiceSelected) { + this.szrgwServiceSelected = szrgwServiceSelected; + } + + /** + * @return the misServicesList + */ + public List getMisServicesList() { + return misServicesList; + } + + /** + * @return the elgaServicesList + */ + public List getElgaServicesList() { + return elgaServicesList; + } + + /** + * @return the szrgwServicesList + */ + public List getSzrgwServicesList() { + return szrgwServicesList; + } + + public List getEidServicesList() { + return eidServicesList; + } + + public String getEidServiceSelected() { + return eidServiceSelected; + } + + public void setEidServiceSelected(String eidServiceSelected) { + this.eidServiceSelected = eidServiceSelected; + } + + public boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + if (MiscUtil.isNotEmpty(sl20EndPoints)) { + this.sl20EndPoints = + KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); + } else { + this.sl20EndPoints = sl20EndPoints; + } + } + + public boolean isMoaidMode() { + return isMoaidMode; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java index bac69cf34..1f4d842ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.SerializationUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; @@ -49,322 +48,342 @@ import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OABPKEncryption implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OABPKEncryption.class); - - private static final String MODULENAME = "bPKEncryptionDecryption"; - - private String keyStorePassword = null; - private String keyAlias = null; - private String keyPassword = null; - - private Map keyStoreForm = new HashMap(); - - private List keyStoreFileUpload = null; - private List keyStoreFileUploadContentType = null; - private List keyStoreFileUploadFileName = new ArrayList();; - private boolean deletekeyStore = false; - private boolean validationError = false; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - // TODO Auto-generated method stub - return MODULENAME; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth != null) { - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec != null) { - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec != null) { - keyAlias = bPKDec.getKeyAlias(); - if (bPKDec.getKeyStoreFileName() != null) - keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); - - } - } - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth == null) { - oaAuth = new AuthComponentOA(); - dbOA.setAuthComponentOA(oaAuth); - - } - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec == null) { - bPKEncDec = new EncBPKInformation(); - oaAuth.setEncBPKInformation(bPKEncDec); - - } - - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec == null) { - bPKDec = new BPKDecryption(); - bPKEncDec.setBPKDecryption(bPKDec); - } - - if (isDeletekeyStore()) { - bPKDec.setIv(null); - bPKDec.setKeyAlias(null); - bPKDec.setKeyInformation(null); - bPKDec.setKeyStoreFileName(null); - - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - if (keyStoreForm != null && keyStoreForm.size() > 0) { - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - - Iterator interator = keyStoreForm.keySet().iterator(); - bPKDec.setKeyStoreFileName(interator.next()); - bPKDec.setKeyAlias(keyAlias); - keyInfo.setKeyStore(keyStoreForm.get( - bPKDec.getKeyStoreFileName())); - - //encrypt key information - byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); - try { - EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); - bPKDec.setIv(encryptkeyInfo.getIv()); - bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); - - } catch (BuildException e) { - log.error("Configuration encryption FAILED.", e); - return LanguageHelper.getErrorString("error.general.text", request); - - } - } - - request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - HttpSession session = request.getSession(); - List errors = new ArrayList(); - - String check = null; - - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - //validate BKU-selection template - List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName() - , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); - if (templateError != null && templateError.size() == 0) { - if (keyStoreForm != null && keyStoreForm.size() > 0) { - session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); - - } else - keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); - - } else { - errors.addAll(templateError); + private static final String MODULENAME = "bPKEncryptionDecryption"; + + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + private Map keyStoreForm = new HashMap<>(); + + private List keyStoreFileUpload = null; + private List keyStoreFileUploadContentType = null; + private List keyStoreFileUploadFileName = new ArrayList<>(); + private boolean deletekeyStore = false; + private boolean validationError = false; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + // TODO Auto-generated method stub + return MODULENAME; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth != null) { + final EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec != null) { + final BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec != null) { + keyAlias = bPKDec.getKeyAlias(); + if (bPKDec.getKeyStoreFileName() != null) { + keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); + } } - - if (keyStoreForm != null && keyStoreForm.size() > 0) { - check = getKeyStorePassword(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption keystore password is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyAlias(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption key alias is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key alias contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyPassword(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - Iterator interator = keyStoreForm.keySet().iterator(); - String fileName = interator.next(); - keyInfo.setKeyStore(keyStoreForm.get(fileName)); - if (keyInfo.getPrivateKey() == null) { - log.info("Open keyStore FAILED."); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); - - } + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth == null) { + oaAuth = new AuthComponentOA(); + dbOA.setAuthComponentOA(oaAuth); + + } + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec == null) { + bPKEncDec = new EncBPKInformation(); + oaAuth.setEncBPKInformation(bPKEncDec); + + } + + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec == null) { + bPKDec = new BPKDecryption(); + bPKEncDec.setBPKDecryption(bPKDec); + } + + if (isDeletekeyStore()) { + bPKDec.setIv(null); + bPKDec.setKeyAlias(null); + bPKDec.setKeyInformation(null); + bPKDec.setKeyStoreFileName(null); + + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + if (keyStoreForm != null && keyStoreForm.size() > 0) { + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + + final Iterator interator = keyStoreForm.keySet().iterator(); + bPKDec.setKeyStoreFileName(interator.next()); + bPKDec.setKeyAlias(keyAlias); + keyInfo.setKeyStore(keyStoreForm.get( + bPKDec.getKeyStoreFileName())); + + // encrypt key information + final byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); + try { + final EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); + bPKDec.setIv(encryptkeyInfo.getIv()); + bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); + + } catch (final BuildException e) { + log.error("Configuration encryption FAILED.", e); + return LanguageHelper.getErrorString("error.general.text", request); + + } + } + + request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + final HttpSession session = request.getSession(); + final List errors = new ArrayList<>(); + + String check = null; + + final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + // validate BKU-selection template + final List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName(), + getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); + if (templateError != null && templateError.size() == 0) { + if (keyStoreForm != null && keyStoreForm.size() > 0) { + session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); + + } else { + keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); + } + + } else { + errors.addAll(templateError); + + } + + if (keyStoreForm != null && keyStoreForm.size() > 0) { + check = getKeyStorePassword(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption keystore password is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - if (errors.size() > 0) { - validationError = true; - + } + + check = getKeyAlias(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption key alias is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key alias contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - return errors; - - } - - /** - * @return the keyStorePassword - */ - public String getKeyStorePassword() { - return keyStorePassword; - } - - /** - * @param keyStorePassword the keyStorePassword to set - */ - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - - /** - * @return the keyAlias - */ - public String getKeyAlias() { - return keyAlias; - } - - /** - * @param keyAlias the keyAlias to set - */ - public void setKeyAlias(String keyAlias) { - this.keyAlias = keyAlias; - } - - /** - * @return the keyPassword - */ - public String getKeyPassword() { - return keyPassword; - } - - /** - * @param keyPassword the keyPassword to set - */ - public void setKeyPassword(String keyPassword) { - this.keyPassword = keyPassword; - } - - /** - * @return the keyStoreFileUpload - */ - public List getKeyStoreFileUpload() { - return keyStoreFileUpload; - } - - /** - * @param keyStoreFileUpload the keyStoreFileUpload to set - */ - public void setKeyStoreFileUpload(List keyStoreFileUpload) { - this.keyStoreFileUpload = keyStoreFileUpload; - } - - /** - * @return the keyStoreFileUploadContentType - */ - public List getKeyStoreFileUploadContentType() { - return keyStoreFileUploadContentType; - } - - /** - * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set - */ - public void setKeyStoreFileUploadContentType( - List keyStoreFileUploadContentType) { - this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; - } - - /** - * @return the keyStoreFileUploadFileName - */ - public List getKeyStoreFileUploadFileName() { - return keyStoreFileUploadFileName; - } - - /** - * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set - */ - public void setKeyStoreFileUploadFileName( - List keyStoreFileUploadFileName) { - this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; - } - - /** - * @return the deletekeyStore - */ - public boolean isDeletekeyStore() { - return deletekeyStore; - } - - /** - * @param deletekeyStore the deletekeyStore to set - */ - public void setDeletekeyStore(boolean deletekeyStore) { - this.deletekeyStore = deletekeyStore; - } - - /** - * @return the validationError - */ - public boolean isValidationError() { - return validationError; - } - - + } + + check = getKeyPassword(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + + } + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + final Iterator interator = keyStoreForm.keySet().iterator(); + final String fileName = interator.next(); + keyInfo.setKeyStore(keyStoreForm.get(fileName)); + if (keyInfo.getPrivateKey() == null) { + log.info("Open keyStore FAILED."); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); + + } + } + + if (errors.size() > 0) { + validationError = true; + + } + + return errors; + + } + + /** + * @return the keyStorePassword + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @return the keyAlias + */ + public String getKeyAlias() { + return keyAlias; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @return the keyPassword + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + /** + * @return the keyStoreFileUpload + */ + public List getKeyStoreFileUpload() { + return keyStoreFileUpload; + } + + /** + * @param keyStoreFileUpload the keyStoreFileUpload to set + */ + public void setKeyStoreFileUpload(List keyStoreFileUpload) { + this.keyStoreFileUpload = keyStoreFileUpload; + } + + /** + * @return the keyStoreFileUploadContentType + */ + public List getKeyStoreFileUploadContentType() { + return keyStoreFileUploadContentType; + } + + /** + * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set + */ + public void setKeyStoreFileUploadContentType( + List keyStoreFileUploadContentType) { + this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; + } + + /** + * @return the keyStoreFileUploadFileName + */ + public List getKeyStoreFileUploadFileName() { + return keyStoreFileUploadFileName; + } + + /** + * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set + */ + public void setKeyStoreFileUploadFileName( + List keyStoreFileUploadFileName) { + this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; + } + + /** + * @return the deletekeyStore + */ + public boolean isDeletekeyStore() { + return deletekeyStore; + } + + /** + * @param deletekeyStore the deletekeyStore to set + */ + public void setDeletekeyStore(boolean deletekeyStore) { + this.deletekeyStore = deletekeyStore; + } + + /** + * @return the validationError + */ + public boolean isValidationError() { + return validationError; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index c51513193..45a3dba1b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -36,130 +34,151 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; - - -public class OAGeneralConfig implements IOnlineApplicationData{ - private static final Logger log = Logger.getLogger(OAGeneralConfig.class); - - private boolean isActive = false; - - private String identifier = null; - private String friendlyName = null; - private boolean businessService = false; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAGeneralInformation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - isActive = dbOAConfig.isIsActive(); - - friendlyName = dbOAConfig.getFriendlyName(); - identifier = dbOAConfig.getPublicURLPrefix(); - - if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) - businessService = true; - else - businessService = false; - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - if (authUser.isAdmin()) dbOA.setIsActive(isActive()); - - dbOA.setPublicURLPrefix(getIdentifier()); - dbOA.setFriendlyName(getFriendlyName()); - - if (isBusinessService() || authUser.isOnlyBusinessService()) { - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - } else { - dbOA.setType(null); - } - - return null; - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - //check OA FriendlyName - check = getFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("OAFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.info("OA friendlyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - } - - return errors; - - } - - public boolean isBusinessService() { - return businessService; - } - - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - public String getIdentifier() { - return identifier; - } - - public void setIdentifier(String identifier) { - this.identifier = identifier; - } - - public String getFriendlyName() { - return friendlyName; - } - - public void setFriendlyName(String friendlyName) { - this.friendlyName = friendlyName; - } - - public boolean isActive() { - return isActive; - } - - public void setActive(boolean isActive) { - this.isActive = isActive; - } +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class OAGeneralConfig implements IOnlineApplicationData { + + private boolean isActive = false; + + private String identifier = null; + private String friendlyName = null; + private boolean businessService = false; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAGeneralInformation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + isActive = dbOAConfig.isIsActive(); + + friendlyName = dbOAConfig.getFriendlyName(); + identifier = dbOAConfig.getPublicURLPrefix(); + + if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) { + businessService = true; + } else { + businessService = false; + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) { + dbOA.setIsActive(isActive()); + } + + dbOA.setPublicURLPrefix(getIdentifier()); + dbOA.setFriendlyName(getFriendlyName()); + + if (isBusinessService() || authUser.isOnlyBusinessService()) { + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + } else { + dbOA.setType(null); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + // check OA FriendlyName + check = getFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.info("OA friendlyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + } + + return errors; + + } + + public boolean isBusinessService() { + return businessService; + } + + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + + public String getIdentifier() { + return identifier; + } + + public void setIdentifier(String identifier) { + this.identifier = identifier; + } + + public String getFriendlyName() { + return friendlyName; + } + + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + public boolean isActive() { + return isActive; + } + + public void setActive(boolean isActive) { + this.isActive = isActive; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java index a4d71f0ed..ef5658ca4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -27,194 +27,212 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OAMOAIDPInterfederationConfig.class); - - private String queryURL; - private Boolean inboundSSO = true; - private Boolean outboundSSO = true; - private Boolean storeSSOSession = true; - private Boolean passiveRequest = true; - private Boolean localAuthOnError = true; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "MOAIDPInterfederation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); - if (moaIDP != null) { - this.queryURL = moaIDP.getAttributeQueryURL(); - this.inboundSSO = moaIDP.isInboundSSO(); - this.outboundSSO = moaIDP.isOutboundSSO(); - this.storeSSOSession = moaIDP.isStoreSSOSession(); - this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError(); - this.passiveRequest = moaIDP.isPerformPassivRequest(); - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - if (authUser.isAdmin()) { - dbOA.setIsInterfederationIDP(true); - - InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); - if (moaIDP == null) { - moaIDP = new InterfederationIDPType(); - dbOA.setInterfederationIDP(moaIDP); - } - - moaIDP.setAttributeQueryURL(queryURL); - moaIDP.setInboundSSO(inboundSSO); - moaIDP.setOutboundSSO(outboundSSO); - moaIDP.setStoreSSOSession(storeSSOSession); - moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError); - moaIDP.setPerformPassivRequest(passiveRequest); - - } - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (MiscUtil.isNotEmpty(queryURL)) { - if (!ValidationHelper.validateURL(queryURL)) { - log.info("AttributeQuery URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request)); - - } - } - + private String queryURL; + private Boolean inboundSSO = true; + private Boolean outboundSSO = true; + private Boolean storeSSOSession = true; + private Boolean passiveRequest = true; + private Boolean localAuthOnError = true; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "MOAIDPInterfederation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + final InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP != null) { + this.queryURL = moaIDP.getAttributeQueryURL(); + this.inboundSSO = moaIDP.isInboundSSO(); + this.outboundSSO = moaIDP.isOutboundSSO(); + this.storeSSOSession = moaIDP.isStoreSSOSession(); + this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError(); + this.passiveRequest = moaIDP.isPerformPassivRequest(); + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationIDP(true); + + InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP == null) { + moaIDP = new InterfederationIDPType(); + dbOA.setInterfederationIDP(moaIDP); + } + + moaIDP.setAttributeQueryURL(queryURL); + moaIDP.setInboundSSO(inboundSSO); + moaIDP.setOutboundSSO(outboundSSO); + moaIDP.setStoreSSOSession(storeSSOSession); + moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError); + moaIDP.setPerformPassivRequest(passiveRequest); + + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", + request)); + + } + } + // if (inboundSSO && MiscUtil.isEmpty(queryURL)) { // log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); // errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); // } - - return errors; - } - - /** - * @return the queryURL - */ - public String getQueryURL() { - return queryURL; - } - - /** - * @param queryURL the queryURL to set - */ - public void setQueryURL(String queryURL) { - this.queryURL = queryURL; - } - - /** - * @return the inboundSSO - */ - public boolean isInboundSSO() { - return inboundSSO.booleanValue(); - } - - /** - * @param inboundSSO the inboundSSO to set - */ - public void setInboundSSO(boolean inboundSSO) { - this.inboundSSO = inboundSSO; - } - - /** - * @return the outboundSSO - */ - public boolean isOutboundSSO() { - return outboundSSO.booleanValue(); - } - - /** - * @param outboundSSO the outboundSSO to set - */ - public void setOutboundSSO(boolean outboundSSO) { - this.outboundSSO = outboundSSO; - } - - /** - * @return the storeSSOSession - */ - public boolean isStoreSSOSession() { - return storeSSOSession.booleanValue(); - } - - /** - * @param storeSSOSession the storeSSOSession to set - */ - public void setStoreSSOSession(boolean storeSSOSession) { - this.storeSSOSession = storeSSOSession; - } - - /** - * @return the passiveRequest - */ - public boolean isPassiveRequest() { - return passiveRequest.booleanValue(); - } - - /** - * @param passiveRequest the passiveRequest to set - */ - public void setPassiveRequest(boolean passiveRequest) { - this.passiveRequest = passiveRequest; - } - - /** - * @return the localAuthOnError - */ - public boolean isLocalAuthOnError() { - return localAuthOnError.booleanValue(); - } - - /** - * @param localAuthOnError the localAuthOnError to set - */ - public void setLocalAuthOnError(boolean localAuthOnError) { - this.localAuthOnError = localAuthOnError; - } - - + + return errors; + } + + /** + * @return the queryURL + */ + public String getQueryURL() { + return queryURL; + } + + /** + * @param queryURL the queryURL to set + */ + public void setQueryURL(String queryURL) { + this.queryURL = queryURL; + } + + /** + * @return the inboundSSO + */ + public boolean isInboundSSO() { + return inboundSSO.booleanValue(); + } + + /** + * @param inboundSSO the inboundSSO to set + */ + public void setInboundSSO(boolean inboundSSO) { + this.inboundSSO = inboundSSO; + } + + /** + * @return the outboundSSO + */ + public boolean isOutboundSSO() { + return outboundSSO.booleanValue(); + } + + /** + * @param outboundSSO the outboundSSO to set + */ + public void setOutboundSSO(boolean outboundSSO) { + this.outboundSSO = outboundSSO; + } + + /** + * @return the storeSSOSession + */ + public boolean isStoreSSOSession() { + return storeSSOSession.booleanValue(); + } + + /** + * @param storeSSOSession the storeSSOSession to set + */ + public void setStoreSSOSession(boolean storeSSOSession) { + this.storeSSOSession = storeSSOSession; + } + + /** + * @return the passiveRequest + */ + public boolean isPassiveRequest() { + return passiveRequest.booleanValue(); + } + + /** + * @param passiveRequest the passiveRequest to set + */ + public void setPassiveRequest(boolean passiveRequest) { + this.passiveRequest = passiveRequest; + } + + /** + * @return the localAuthOnError + */ + public boolean isLocalAuthOnError() { + return localAuthOnError.booleanValue(); + } + + /** + * @param localAuthOnError the localAuthOnError to set + */ + public void setLocalAuthOnError(boolean localAuthOnError) { + this.localAuthOnError = localAuthOnError; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java index ce50c847a..bae37b531 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java @@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAOAUTH20; @@ -40,132 +39,150 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import lombok.extern.slf4j.Slf4j; -public class OAOAuth20Config implements IOnlineApplicationData{ - - private final Logger log = Logger.getLogger(OAOAuth20Config.class); - - private String clientId = null; - private String clientSecret = null; - private String redirectUri = null; - - public OAOAuth20Config() { - this.generateClientSecret(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAOpenIDConnect"; - } - - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - List errors = new ArrayList(); - - HttpSession session = request.getSession(); - - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - // set client id to public url prefix - this.clientId = dbOAConfig.getPublicURLPrefix(); - - OAOAUTH20 config = authdata.getOAOAUTH20(); - - if (config != null) { - // validate secret - if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { - this.clientSecret = config.getOAuthClientSecret(); - } else { - this.generateClientSecret(); - } - - // validate redirectUri - if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) { - this.redirectUri = config.getOAuthRedirectUri(); - } else { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); - } - } else { - this.generateClientSecret(); - } - } - - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAOAUTH20ConfigValidation().validate(this, request); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); +@Slf4j +public class OAOAuth20Config implements IOnlineApplicationData { + + private String clientId = null; + private String clientSecret = null; + private String redirectUri = null; + + public OAOAuth20Config() { + this.generateClientSecret(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAOpenIDConnect"; + } + + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final List errors = new ArrayList<>(); + + final HttpSession session = request.getSession(); + + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + // set client id to public url prefix + this.clientId = dbOAConfig.getPublicURLPrefix(); + + final OAOAUTH20 config = authdata.getOAOAUTH20(); + + if (config != null) { + // validate secret + if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { + this.clientSecret = config.getOAuthClientSecret(); + } else { + this.generateClientSecret(); } - - log.debug("Saving OAuth 2.0 configuration:"); - OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); - if (oaOAuth20 == null) { - oaOAuth20 = new OAOAUTH20(); - authoa.setOAOAUTH20(oaOAuth20); + + // validate redirectUri + if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config + .getOAuthRedirectUri())) { + this.redirectUri = config.getOAuthRedirectUri(); + } else { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); } + } else { + this.generateClientSecret(); + } + } + + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAOAUTH20ConfigValidation().validate(this, request); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(getRedirectUri()); + log.debug("client id: " + getClientId()); + log.debug("client secret: " + getClientSecret()); + log.debug("redirect uri:" + getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute( + Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + return null; + } + + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getClientSecret() { + return clientSecret; + } + + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + + public String getRedirectUri() { + return redirectUri; + } + + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } - oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); - // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); - oaOAuth20.setOAuthRedirectUri(getRedirectUri()); - log.debug("client id: " + getClientId()); - log.debug("client secret: " + getClientSecret()); - log.debug("redirect uri:" + getRedirectUri()); - - oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); - request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); - - return null; - } - - public String getClientId() { - return clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public String getClientSecret() { - return clientSecret; - } - - public void setClientSecret(String clientSecret) { - this.clientSecret = clientSecret; - } - - public String getRedirectUri() { - return redirectUri; - } - - public void setRedirectUri(String redirectUri) { - this.redirectUri = redirectUri; - } - - public void generateClientSecret() { - this.clientSecret = UUID.randomUUID().toString(); - } + public void generateClientSecret() { + this.clientSecret = UUID.randomUUID().toString(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index 4be1a81de..008617e76 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -32,228 +32,247 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - -import iaik.x509.X509Certificate; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; -import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; -public class OAPVP2Config implements IOnlineApplicationData{ - - private final Logger log = Logger.getLogger(OAPVP2Config.class); - - private boolean reLoad = false; - - private String metaDataURL = null; - private String certificateDN = null; - - private File fileUpload = null; - private String fileUploadContentType; - private String fileUploadFileName; - - private byte[] storedCert = null; - - public OAPVP2Config() { - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAPVP2"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) - */ - @Override - public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - OAPVP2 pvp2 = authoa.getOAPVP2(); - if (pvp2 == null) { - pvp2 = new OAPVP2(); - authoa.setOAPVP2(pvp2); - } +@Slf4j +public class OAPVP2Config implements IOnlineApplicationData { + + private boolean reLoad = false; + + private String metaDataURL = null; + private String certificateDN = null; + + private File fileUpload = null; + private String fileUploadContentType; + private String fileUploadFileName; + + private byte[] storedCert = null; + + public OAPVP2Config() { + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAPVP2"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) + */ + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + try { + + if (getFileUpload() != null) { + pvp2.setCertificate(getCertificate()); + setReLoad(true); + + } else if (storedCert != null) { + pvp2.setCertificate(storedCert); + } + + } catch (final CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); + } catch (final IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + } + + if (getMetaDataURL() != null && + !getMetaDataURL().equals(pvp2.getMetadataURL())) { + setReLoad(true); + } + pvp2.setMetadataURL(getMetaDataURL()); + + if (isReLoad()) { + pvp2.setUpdateRequiredItem(new Date()); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); + } - try { - - if (getFileUpload() != null) { - pvp2.setCertificate(getCertificate()); - setReLoad(true); - - } else if (storedCert != null) - pvp2.setCertificate(storedCert); - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); - } catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) + */ + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final List errors = new ArrayList<>(); + + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OAPVP2 pvp2 = authdata.getOAPVP2(); + if (pvp2 != null) { + metaDataURL = pvp2.getMetadataURL(); + + if (pvp2.getCertificate() != null && + !new String(pvp2.getCertificate()).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + try { + // byte[] cert = pvp2.getCertificate(); + final byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false); + if (MiscUtil.isNotEmpty(cert)) { + final X509Certificate x509 = new X509Certificate(cert); + certificateDN = x509.getSubjectDN().getName(); + } + } catch (final CertificateException e) { + try { + final byte[] cert = pvp2.getCertificate(); + if (MiscUtil.isNotEmpty(cert)) { + final X509Certificate x509 = new X509Certificate(cert); + certificateDN = x509.getSubjectDN().getName(); + } + + } catch (final CertificateException e1) { + log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig + .getPublicURLPrefix(), e1); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); + + } + + } catch (final IOException e) { + log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig + .getPublicURLPrefix()); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); + } } + } + } + return errors; + } - if (getMetaDataURL() != null && - !getMetaDataURL().equals(pvp2.getMetadataURL())) - setReLoad(true); - pvp2.setMetadataURL(getMetaDataURL()); - - if (isReLoad()) - pvp2.setUpdateRequiredItem(new Date()); - - return null; - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) - */ - @Override - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - List errors = new ArrayList(); - - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OAPVP2 pvp2 = authdata.getOAPVP2(); - if (pvp2 != null) { - metaDataURL = pvp2.getMetadataURL(); - - if (pvp2.getCertificate() != null && - !(new String(pvp2.getCertificate())).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { - try { - //byte[] cert = pvp2.getCertificate(); - byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false); - if (MiscUtil.isNotEmpty(cert)) { - X509Certificate x509 = new X509Certificate(cert); - certificateDN = x509.getSubjectDN().getName(); - } - } catch (CertificateException e) { - try { - byte[] cert = pvp2.getCertificate(); - if (MiscUtil.isNotEmpty(cert)) { - X509Certificate x509 = new X509Certificate(cert); - certificateDN = x509.getSubjectDN().getName(); - } - - } catch (CertificateException e1) { - log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix(), e1); - errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); - - } - - } catch (IOException e) { - log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix()); - errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); - } - } - } - } - return errors; - } - - public byte[] getCertificate() throws CertificateException, IOException { - - FileInputStream filestream = new FileInputStream(fileUpload); - X509Certificate x509 = new X509Certificate(filestream); - return x509.getEncoded(); - } - - public void setStoredCert(byte[] storedCert) { - this.storedCert = storedCert; - } - - public String getMetaDataURL() { - return metaDataURL; - } - public void setMetaDataURL(String metaDataURL) { - this.metaDataURL = metaDataURL; - } - - /** - * @return the certificateDN - */ - public String getCertificateDN() { - return certificateDN; - } - - /** - * @return the fileUpLoad - */ - public File getFileUpload() { - return fileUpload; - } - - /** - * @param fileUpLoad the fileUpLoad to set - */ - public void setFileUpload(File fileUpload) { - this.fileUpload = fileUpload; - } - - /** - * @return the fileUploadContentType - */ - public String getFileUploadContentType() { - return fileUploadContentType; - } - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(String fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - /** - * @return the fileUploadFileName - */ - public String getFileUploadFileName() { - return fileUploadFileName; - } - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(String fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - /** - * @return the reLoad - */ - public boolean isReLoad() { - return reLoad; - } - - /** - * @param reLoad the reLoad to set - */ - public void setReLoad(boolean reLoad) { - this.reLoad = reLoad; - } - -} + public byte[] getCertificate() throws CertificateException, IOException { + + final FileInputStream filestream = new FileInputStream(fileUpload); + final X509Certificate x509 = new X509Certificate(filestream); + return x509.getEncoded(); + } + + public void setStoredCert(byte[] storedCert) { + this.storedCert = storedCert; + } + + public String getMetaDataURL() { + return metaDataURL; + } + + public void setMetaDataURL(String metaDataURL) { + this.metaDataURL = metaDataURL; + } + /** + * @return the certificateDN + */ + public String getCertificateDN() { + return certificateDN; + } + /** + * @return the fileUpLoad + */ + public File getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpLoad the fileUpLoad to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the reLoad + */ + public boolean isReLoad() { + return reLoad; + } + + /** + * @param reLoad the reLoad to set + */ + public void setReLoad(boolean reLoad) { + this.reLoad = reLoad; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java index 18bebf9d8..76fd31ccd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java @@ -39,113 +39,134 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class OARevisionsLogData implements IOnlineApplicationData { - private boolean active = false; - private String eventCodes = null; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OARevisionsLogging"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - if (dbOA.getIsRevisionsLogActive() != null) - active = dbOA.getIsRevisionsLogActive(); - - if (MiscUtil.isNotEmpty(dbOA.getEventCodes())) - eventCodes = dbOA.getEventCodes(); - - return null; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - dbOA.setIsRevisionsLogActive(active); - - if (MiscUtil.isNotEmpty(eventCodes)) { - dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes)); - - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - List errors = new ArrayList(); - - if (active && MiscUtil.isEmpty(eventCodes)) { - errors.add(LanguageHelper.getErrorString( - "error.oa.reversion.log.enabled")); - - } - - if (MiscUtil.isNotEmpty(eventCodes)) { - String[] codes = eventCodes.split(","); - for (String el: codes) { - try { - Integer.parseInt(el.trim()); - - } catch (NumberFormatException e) { - errors.add(LanguageHelper.getErrorString( - "error.oa.reversion.log.eventcodes")); - break; - - } - - } - - } - - return errors; - } - - /** - * @return the active - */ - public boolean isActive() { - return active; - } - - /** - * @param active the active to set - */ - public void setActive(boolean active) { - this.active = active; - } - - /** - * @return the eventCodes - */ - public String getEventCodes() { - return eventCodes; - } - - /** - * @param eventCodes the eventCodes to set - */ - public void setEventCodes(String eventCodes) { - this.eventCodes = eventCodes; - } - - + private boolean active = false; + private String eventCodes = null; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OARevisionsLogging"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + if (dbOA.getIsRevisionsLogActive() != null) { + active = dbOA.getIsRevisionsLogActive(); + } + + if (MiscUtil.isNotEmpty(dbOA.getEventCodes())) { + eventCodes = dbOA.getEventCodes(); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + dbOA.setIsRevisionsLogActive(active); + + if (MiscUtil.isNotEmpty(eventCodes)) { + dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes)); + + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + final List errors = new ArrayList<>(); + + if (active && MiscUtil.isEmpty(eventCodes)) { + errors.add(LanguageHelper.getErrorString( + "error.oa.reversion.log.enabled")); + + } + + if (MiscUtil.isNotEmpty(eventCodes)) { + final String[] codes = eventCodes.split(","); + for (final String el : codes) { + try { + Integer.parseInt(el.trim()); + + } catch (final NumberFormatException e) { + errors.add(LanguageHelper.getErrorString( + "error.oa.reversion.log.eventcodes")); + break; + + } + + } + + } + + return errors; + } + + /** + * @return the active + */ + public boolean isActive() { + return active; + } + + /** + * @param active the active to set + */ + public void setActive(boolean active) { + this.active = active; + } + + /** + * @return the eventCodes + */ + public String getEventCodes() { + return eventCodes; + } + + /** + * @param eventCodes the eventCodes to set + */ + public void setEventCodes(String eventCodes) { + this.eventCodes = eventCodes; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java index 2922231b3..f1ee853ae 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -33,178 +33,213 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; -public class OASAML1Config implements IOnlineApplicationData{ - - private Boolean isActive = false; - private Boolean provideStammZahl = false; - private Boolean provideAuthBlock = false; - private Boolean provideIdentityLink = false; - private Boolean provideCertificate = false; - private Boolean provideFullMandateData = false; - private Boolean useCondition = false; - private Boolean provideAllErrors = true; - private int conditionLength = -1; - - - public OASAML1Config() { - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASAML1"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOA.getAuthComponentOA(); - if (authdata != null) { - OASAML1 saml1 = authdata.getOASAML1(); - if (saml1 != null) { - provideAuthBlock = saml1.isProvideAUTHBlock(); - provideCertificate = saml1.isProvideCertificate(); - provideFullMandateData = saml1.isProvideFullMandatorData(); - provideIdentityLink = saml1.isProvideIdentityLink(); - provideStammZahl = saml1.isProvideStammzahl(); - - if (saml1.isProvideAllErrors() != null) - provideAllErrors = saml1.isProvideAllErrors(); - - if (saml1.isUseCondition() != null) - useCondition = saml1.isUseCondition(); - - if (saml1.getConditionLength() != null) - conditionLength = saml1.getConditionLength().intValue(); - - if (saml1.isIsActive() != null) - isActive = saml1.isIsActive(); - } - } - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OASAML1ConfigValidation().validate(this, general, request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - OASAML1 saml1 = authoa.getOASAML1(); - if (saml1 == null) { - saml1 = new OASAML1(); - authoa.setOASAML1(saml1); - saml1.setIsActive(false); - } - - if (authUser.isAdmin()) { - saml1.setIsActive(isActive()); - } - - if (saml1.isIsActive() != null && saml1.isIsActive()) { - saml1.setProvideAUTHBlock(isProvideAuthBlock()); - saml1.setProvideCertificate(isProvideCertificate()); - saml1.setProvideFullMandatorData(isProvideFullMandateData()); - saml1.setProvideIdentityLink(isProvideIdentityLink()); - saml1.setProvideStammzahl(isProvideStammZahl()); - saml1.setUseCondition(isUseCondition()); - saml1.setProvideAllErrors(provideAllErrors); - saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); - // TODO: set sourceID - // saml1.setSourceID(""); - } - - return null; - } - - public boolean isProvideStammZahl() { - return provideStammZahl; - } - public void setProvideStammZahl(boolean provideStammZahl) { - this.provideStammZahl = provideStammZahl; - } - public boolean isProvideAuthBlock() { - return provideAuthBlock; - } - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } - public boolean isProvideIdentityLink() { - return provideIdentityLink; - } - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } - public boolean isProvideCertificate() { - return provideCertificate; - } - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - public boolean isProvideFullMandateData() { - return provideFullMandateData; - } - public void setProvideFullMandateData(boolean provideFullMandateData) { - this.provideFullMandateData = provideFullMandateData; - } - public boolean isUseCondition() { - return useCondition; - } - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - public int getConditionLength() { - return conditionLength; - } - public void setConditionLength(int conditionLength) { - this.conditionLength = conditionLength; - } - - /** - * @return the isActive - */ - public boolean isActive() { - return isActive; - } - - /** - * @param isActive the isActive to set - */ - public void setActive(boolean isActive) { - this.isActive = isActive; - } - - /** - * @return the provideAllErrors - */ - public Boolean getProvideAllErrors() { - return provideAllErrors; - } - - /** - * @param provideAllErrors the provideAllErrors to set - */ - public void setProvideAllErrors(Boolean provideAllErrors) { - this.provideAllErrors = provideAllErrors; - } - - +public class OASAML1Config implements IOnlineApplicationData { + + private Boolean isActive = false; + private Boolean provideStammZahl = false; + private Boolean provideAuthBlock = false; + private Boolean provideIdentityLink = false; + private Boolean provideCertificate = false; + private Boolean provideFullMandateData = false; + private Boolean useCondition = false; + private Boolean provideAllErrors = true; + private int conditionLength = -1; + + public OASAML1Config() { + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASAML1"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA authdata = dbOA.getAuthComponentOA(); + if (authdata != null) { + final OASAML1 saml1 = authdata.getOASAML1(); + if (saml1 != null) { + provideAuthBlock = saml1.isProvideAUTHBlock(); + provideCertificate = saml1.isProvideCertificate(); + provideFullMandateData = saml1.isProvideFullMandatorData(); + provideIdentityLink = saml1.isProvideIdentityLink(); + provideStammZahl = saml1.isProvideStammzahl(); + + if (saml1.isProvideAllErrors() != null) { + provideAllErrors = saml1.isProvideAllErrors(); + } + + if (saml1.isUseCondition() != null) { + useCondition = saml1.isUseCondition(); + } + + if (saml1.getConditionLength() != null) { + conditionLength = saml1.getConditionLength().intValue(); + } + + if (saml1.isIsActive() != null) { + isActive = saml1.isIsActive(); + } + } + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OASAML1ConfigValidation().validate(this, general, request); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(isProvideAuthBlock()); + saml1.setProvideCertificate(isProvideCertificate()); + saml1.setProvideFullMandatorData(isProvideFullMandateData()); + saml1.setProvideIdentityLink(isProvideIdentityLink()); + saml1.setProvideStammzahl(isProvideStammZahl()); + saml1.setUseCondition(isUseCondition()); + saml1.setProvideAllErrors(provideAllErrors); + saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); + } + + return null; + } + + public boolean isProvideStammZahl() { + return provideStammZahl; + } + + public void setProvideStammZahl(boolean provideStammZahl) { + this.provideStammZahl = provideStammZahl; + } + + public boolean isProvideAuthBlock() { + return provideAuthBlock; + } + + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + public boolean isProvideIdentityLink() { + return provideIdentityLink; + } + + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + public boolean isProvideCertificate() { + return provideCertificate; + } + + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + public boolean isProvideFullMandateData() { + return provideFullMandateData; + } + + public void setProvideFullMandateData(boolean provideFullMandateData) { + this.provideFullMandateData = provideFullMandateData; + } + + public boolean isUseCondition() { + return useCondition; + } + + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + public int getConditionLength() { + return conditionLength; + } + + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + /** + * @return the provideAllErrors + */ + public Boolean getProvideAllErrors() { + return provideAllErrors; + } + + /** + * @param provideAllErrors the provideAllErrors to set + */ + public void setProvideAllErrors(Boolean provideAllErrors) { + this.provideAllErrors = provideAllErrors; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java index 1baefe4b8..ed0f1c278 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java @@ -32,88 +32,104 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; -public class OASSOConfig implements IOnlineApplicationData{ - - private boolean useSSO = false; - private boolean showAuthDataFrame = true; - private String singleLogOutURL = null; - - public OASSOConfig() { - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASingleSignOn"; - } - - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OASSO ssoconfig = authdata.getOASSO(); - if(ssoconfig != null) { - useSSO = ssoconfig.isUseSSO(); - showAuthDataFrame = ssoconfig.isAuthDataFrame(); - singleLogOutURL = ssoconfig.getSingleLogOutURL(); - } - } - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, AuthenticatedUser authUser, - HttpServletRequest request) { - return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); - } - - public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { - - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - - OASSO sso = authoa.getOASSO(); - if (sso == null) { - sso = new OASSO(); - authoa.setOASSO(sso); - sso.setAuthDataFrame(true); - } - sso.setUseSSO(this.useSSO); - - if (authUser.isAdmin()) - sso.setAuthDataFrame(this.showAuthDataFrame); - - sso.setSingleLogOutURL(this.singleLogOutURL); - - return null; - } - - public boolean isUseSSO() { - return useSSO; - } - public void setUseSSO(boolean useSSO) { - this.useSSO = useSSO; - } - public boolean isShowAuthDataFrame() { - return showAuthDataFrame; - } - public void setShowAuthDataFrame(boolean showAuthDataFrame) { - this.showAuthDataFrame = showAuthDataFrame; - } - public String getSingleLogOutURL() { - return singleLogOutURL; - } - public void setSingleLogOutURL(String singleLogOutURL) { - this.singleLogOutURL = singleLogOutURL; - } +public class OASSOConfig implements IOnlineApplicationData { + + private boolean useSSO = false; + private boolean showAuthDataFrame = true; + private String singleLogOutURL = null; + + public OASSOConfig() { + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASingleSignOn"; + } + + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OASSO ssoconfig = authdata.getOASSO(); + if (ssoconfig != null) { + useSSO = ssoconfig.isUseSSO(); + showAuthDataFrame = ssoconfig.isAuthDataFrame(); + singleLogOutURL = ssoconfig.getSingleLogOutURL(); + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); + } + + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(this.useSSO); + + if (authUser.isAdmin()) { + sso.setAuthDataFrame(this.showAuthDataFrame); + } + + sso.setSingleLogOutURL(this.singleLogOutURL); + + return null; + } + + public boolean isUseSSO() { + return useSSO; + } + + public void setUseSSO(boolean useSSO) { + this.useSSO = useSSO; + } + + public boolean isShowAuthDataFrame() { + return showAuthDataFrame; + } + + public void setShowAuthDataFrame(boolean showAuthDataFrame) { + this.showAuthDataFrame = showAuthDataFrame; + } + + public String getSingleLogOutURL() { + return singleLogOutURL; + } + + public void setSingleLogOutURL(String singleLogOutURL) { + this.singleLogOutURL = singleLogOutURL; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index fb096a2a0..82ef9d1d1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -44,306 +42,331 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; import at.gv.egovernment.moa.util.MiscUtil; //import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class OASTORKConfig implements IOnlineApplicationData { + + private boolean isStorkLogonEnabled = false; + private String qaa; + + private List attributes = null; + + /* + * VIDP settings below + */ + private boolean vidpEnabled = false; + private List attributeProviderPlugins = new ArrayList<>(); + private boolean requireConsent = false; + private final List citizenCountries; + private List enabledCitizenCountries; + + private MOAIDConfiguration dbconfig = null; + + public OASTORKConfig() { + // fetch available citizen countries + citizenCountries = new ArrayList<>(); + try { + dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS()) { + citizenCountries.add(current.getCountryCode()); + } + + } catch (final NullPointerException e) { + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASTORK2"; + } + + /** + * Parses the OA config for stork entities. + * + * @param dbOAConfig the db oa config + */ + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OASTORK config = authdata.getOASTORK(); + if (config != null) { + setStorkLogonEnabled(config.isStorkLogonEnabled()); + + try { + setQaa(config.geteIDAS_LOA()); + } catch (final NullPointerException e) { + // if there is no configuration available for the OA, get the default qaa level + try { + setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getGeneral_eIDAS_LOA()); + + } catch (final NullPointerException e1) { + setQaa(MOAIDConstants.eIDAS_LOA_HIGH); + + } + } + + enabledCitizenCountries = new ArrayList<>(); + if (config.getCPEPS() != null) { + for (final CPEPS current : config.getCPEPS()) { + enabledCitizenCountries.add(current.getCountryCode()); + } + } -public class OASTORKConfig implements IOnlineApplicationData{ - - private static final Logger log = Logger.getLogger(OASTORKConfig.class); - - private boolean isStorkLogonEnabled = false; - private String qaa; - - private List attributes = null; - - /* - * VIDP settings below - */ - private boolean vidpEnabled = false; - private List attributeProviderPlugins = new ArrayList(); - private boolean requireConsent = false; - private List citizenCountries; - private List enabledCitizenCountries; - - private MOAIDConfiguration dbconfig = null; - - public OASTORKConfig() { - // fetch available citizen countries - citizenCountries = new ArrayList(); - try { - dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - - for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - citizenCountries.add(current.getCountryCode()); - } - - }catch (NullPointerException e) { - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASTORK2"; - } - - /** - * Parses the OA config for stork entities. - * - * @param dbOAConfig - * the db oa config - */ - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OASTORK config = authdata.getOASTORK(); - if(config != null) { - setStorkLogonEnabled(config.isStorkLogonEnabled()); - - try { - setQaa(config.geteIDAS_LOA()); - } catch(NullPointerException e) { - // if there is no configuration available for the OA, get the default qaa level - try { - setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA()); - - } catch (NullPointerException e1) { - setQaa(MOAIDConstants.eIDAS_LOA_HIGH); - - } - } - - - enabledCitizenCountries = new ArrayList(); - if (config.getCPEPS() != null) { - for(CPEPS current : config.getCPEPS()) - enabledCitizenCountries.add(current.getCountryCode()); - } - - // prepare attribute helper list - attributes = new ArrayList(); - try { - try { - for(StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) { - AttributeHelper tmp = null; - - if (config.getOAAttributes() != null) { - for(OAStorkAttribute sepp : config.getOAAttributes()) - if(sepp.getName() != null && sepp.getName().equals(current.getName())) - tmp = new AttributeHelper(sepp); - } - - if(null == tmp) - tmp = new AttributeHelper(current); - - attributes.add(tmp); - } - - } catch (NullPointerException ex) { - - } - - // fetch vidp config - if (config.isVidpEnabled() != null) - setVidpEnabled(config.isVidpEnabled()); - else - setVidpEnabled(false); - - if (config.isRequireConsent() != null) - setRequireConsent(config.isRequireConsent()); - else - setRequireConsent(false); - - attributeProviderPlugins = config.getAttributeProviders(); - // - if no attribute providers are configured, add a dummy - // TODO this is a dirty hack since we have to have one entry to - // clone from in the web form. Happens when time is short. - // Sorry. - if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty()) - attributeProviderPlugins.add(new AttributeProviderPlugin()); - } catch (NullPointerException ex) { - log.error("Nullpointerexception encountered in Configurationinterface", ex); + // prepare attribute helper list + attributes = new ArrayList<>(); + try { + try { + for (final StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities() + .getSTORK().getAttributes()) { + AttributeHelper tmp = null; + + if (config.getOAAttributes() != null) { + for (final OAStorkAttribute sepp : config.getOAAttributes()) { + if (sepp.getName() != null && sepp.getName().equals(current.getName())) { + tmp = new AttributeHelper(sepp); + } } - } - } - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, AuthenticatedUser authUser, - HttpServletRequest request) { - return new OASTORKConfigValidation().validate(this, request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + } + + if (null == tmp) { + tmp = new AttributeHelper(current); + } + + attributes.add(tmp); + } + + } catch (final NullPointerException ex) { + + } + + // fetch vidp config + if (config.isVidpEnabled() != null) { + setVidpEnabled(config.isVidpEnabled()); + } else { + setVidpEnabled(false); + } + + if (config.isRequireConsent() != null) { + setRequireConsent(config.isRequireConsent()); + } else { + setRequireConsent(false); + } + + attributeProviderPlugins = config.getAttributeProviders(); + // - if no attribute providers are configured, add a dummy + // TODO this is a dirty hack since we have to have one entry to + // clone from in the web form. Happens when time is short. + // Sorry. + if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty()) { + attributeProviderPlugins.add(new AttributeProviderPlugin()); + } + } catch (final NullPointerException ex) { + log.error("Nullpointerexception encountered in Configurationinterface", ex); } - - // fetch stork configuration from database model - OASTORK stork = authoa.getOASTORK(); - if (stork == null) { - // if there is none, create a new one with default values. - stork = new OASTORK(); - authoa.setOASTORK(stork); - stork.setStorkLogonEnabled(false); + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASTORKConfigValidation().validate(this, request); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(isStorkLogonEnabled()); + stork.seteIDAS_LOA(getQaa()); + stork.setOAAttributes(getAttributes()); + stork.setVidpEnabled(isVidpEnabled()); + stork.setRequireConsent(isRequireConsent()); + stork.setAttributeProviders(getAttributeProviderPlugins()); + stork.setCPEPS(getEnabledCPEPS()); + + return null; + + } + + public boolean isStorkLogonEnabled() { + return isStorkLogonEnabled; + } + + public void setStorkLogonEnabled(boolean enabled) { + this.isStorkLogonEnabled = enabled; + } + + public String getQaa() { + return qaa; + } + + public void setQaa(String qaa) { + this.qaa = qaa; + } + + public List getAttributes() { + final List result = new ArrayList<>(); + + if (null == getHelperAttributes()) { + return result; + } + + for (final AttributeHelper current : getHelperAttributes()) { + List generalConfStorkAttr = null; + try { + generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getAttributes(); + + } catch (final NullPointerException e) { + log.trace("No STORK attributes in 'General Configuration'"); + + } + + if (generalConfStorkAttr != null) { + for (final StorkAttribute currentAttribute : generalConfStorkAttr) { + if (MiscUtil.isNotEmpty(currentAttribute.getName()) && + currentAttribute.getName().equals(current.getName())) { + if (current.isUsed() || currentAttribute.isMandatory()) { + final OAStorkAttribute tmp = new OAStorkAttribute(); + tmp.setName(current.getName()); + tmp.setMandatory(current.isMandatory()); + result.add(tmp); + + } + break; + } } - // transfer the incoming data to the database model - stork.setStorkLogonEnabled(isStorkLogonEnabled()); - stork.seteIDAS_LOA(getQaa()); - stork.setOAAttributes(getAttributes()); - stork.setVidpEnabled(isVidpEnabled()); - stork.setRequireConsent(isRequireConsent()); - stork.setAttributeProviders(getAttributeProviderPlugins()); - stork.setCPEPS(getEnabledCPEPS()); - - return null; - - } - - public boolean isStorkLogonEnabled() { - return isStorkLogonEnabled; - } - - public void setStorkLogonEnabled(boolean enabled) { - this.isStorkLogonEnabled = enabled; - } - - public String getQaa() { - return qaa; - } - - public void setQaa(String qaa) { - this.qaa = qaa; - } - - public List getAttributes() { - List result = new ArrayList(); - - if(null == getHelperAttributes()) - return result; - - for(AttributeHelper current : getHelperAttributes()) { - List generalConfStorkAttr = null; - try { - generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes(); - - } catch (NullPointerException e) { - log.trace("No STORK attributes in 'General Configuration'"); - - } - - if (generalConfStorkAttr != null) { - for(StorkAttribute currentAttribute : generalConfStorkAttr) - if(MiscUtil.isNotEmpty(currentAttribute.getName()) && - currentAttribute.getName().equals(current.getName())) { - if(current.isUsed() || currentAttribute.isMandatory()) { - OAStorkAttribute tmp = new OAStorkAttribute(); - tmp.setName(current.getName()); - tmp.setMandatory(current.isMandatory()); - result.add(tmp); - - } - break; - } - } - } - - return result; - } - - public List getHelperAttributes() { - return attributes; - } - - public void setHelperAttributes(List attributes) { - this.attributes = attributes; - } - - public List getAvailableCitizenCountries() { - return citizenCountries; - } - - - public List getAllowedLoALevels() { - return MOAIDConstants.ALLOWED_eIDAS_LOA; - } - - public List getEnabledCitizenCountries() { - return enabledCitizenCountries; - } - - public void setEnabledCitizenCountries(List update) { - enabledCitizenCountries = update; - } - - public List getEnabledCPEPS() { - if (enabledCitizenCountries != null) { - List result = new ArrayList(); - - try { - for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - if(enabledCitizenCountries.contains(current.getCountryCode())) - result.add(current); - } - - } catch (NullPointerException e){ - - } - return result; - } - - return null; - - } - - public List getAvailableAttributeProviderPlugins() { - //TODO: remove in final version - - return new ArrayList(); - //return AttributeProviderFactory.getAvailablePlugins(); - } - - public List getAttributeProviderPlugins() { - return attributeProviderPlugins; - } - - public void setAttributeProviderPlugins(List update) { - attributeProviderPlugins = update; - } - - public boolean isVidpEnabled() { - return vidpEnabled; - } - - public void setVidpEnabled(boolean update) { - vidpEnabled = update; - } - - public boolean isRequireConsent() { - return requireConsent; - } - - public void setRequireConsent(boolean update) { - requireConsent = update; - } + } + } + + return result; + } + + public List getHelperAttributes() { + return attributes; + } + + public void setHelperAttributes(List attributes) { + this.attributes = attributes; + } + + public List getAvailableCitizenCountries() { + return citizenCountries; + } + + public List getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + + public List getEnabledCitizenCountries() { + return enabledCitizenCountries; + } + + public void setEnabledCitizenCountries(List update) { + enabledCitizenCountries = update; + } + + public List getEnabledCPEPS() { + if (enabledCitizenCountries != null) { + final List result = new ArrayList<>(); + + try { + for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS()) { + if (enabledCitizenCountries.contains(current.getCountryCode())) { + result.add(current); + } + } + + } catch (final NullPointerException e) { + + } + return result; + } + + return null; + + } + + public List getAvailableAttributeProviderPlugins() { + // TODO: remove in final version + + return new ArrayList<>(); + // return AttributeProviderFactory.getAvailablePlugins(); + } + + public List getAttributeProviderPlugins() { + return attributeProviderPlugins; + } + + public void setAttributeProviderPlugins(List update) { + attributeProviderPlugins = update; + } + + public boolean isVidpEnabled() { + return vidpEnabled; + } + + public void setVidpEnabled(boolean update) { + vidpEnabled = update; + } + + public boolean isRequireConsent() { + return requireConsent; + } + + public void setRequireConsent(boolean update) { + requireConsent = update; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index 84516c73f..be1b937f0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -43,464 +43,473 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class OATargetConfiguration implements IOnlineApplicationData { - private boolean deaktivededBusinessService = false; - - private boolean subTargetSet = false; - - private String target = null; - private String target_subsector = null; - private String target_admin = null; - private static List targetList = null; - private String targetFriendlyName = null; - private boolean isAdminTarget = false; - - private String identificationNumber = null; - private String identificationType = null; - private static List identificationTypeList = null; - - private String foreignbPKTargets = null; - private String additionalbPKTargets = null; - private boolean eidDemoActive = false; + private boolean deaktivededBusinessService = false; + + private boolean subTargetSet = false; + + private String target = null; + private String target_subsector = null; + private String target_admin = null; + private static List targetList = null; + private String targetFriendlyName = null; + private boolean isAdminTarget = false; + + private String identificationNumber = null; + private String identificationType = null; + private static List identificationTypeList = null; + + private String foreignbPKTargets = null; + private String additionalbPKTargets = null; + private boolean eidDemoActive = false; private boolean eidProxyActive = false; - - public OATargetConfiguration() { - targetList = TargetValidator.getListOfTargets(); - target = ""; - - identificationTypeList = Arrays.asList( - Constants.IDENIFICATIONTYPE_FN, - Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB, - Constants.IDENIFICATIONTYPE_STORK, - Constants.IDENIFICATIONTYPE_EIDAS); - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OATargetConfig"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - String target_full = dbOA.getTarget(); - if (MiscUtil.isNotEmpty(target_full)) { - if (TargetValidator.isValidTarget(target_full)) { - target = target_full; - - } else { - String[] target_split = target_full.split("-"); - - if (TargetValidator.isValidTarget(target_split[0])) { - target = target_split[0]; - if (target_split.length > 1) { - target_subsector = target_split[1]; - subTargetSet = true; - } - - } else { - target = ""; - target_subsector = null; - target_admin = target_full; - isAdminTarget = true; - } - } - targetFriendlyName = dbOA.getTargetFriendlyName(); - } - - AuthComponentOA oaauth = dbOA.getAuthComponentOA(); - if (oaauth != null) { - - IdentificationNumber idnumber = oaauth.getIdentificationNumber(); - if (idnumber != null) { - String number = idnumber.getValue(); - if (MiscUtil.isNotEmpty(number)) { - String[] split = number.split("\\+"); - - if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { - identificationType = split[1]; - identificationNumber = split[2]; - - } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_EIDAS; - identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident - - } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_STORK; - identificationNumber = split[2]; // setting sp country as ident type -> sp ident - } - } - - if (authUser.isOnlyBusinessService()) { - deaktivededBusinessService = authUser.isOnlyBusinessService(); - - identificationType = authUser.getBusinessServiceType(); - identificationNumber = authUser.getBusinessServiceNumber(); - - } - - } - } - - - //parse foreign bPK sector list - if (dbOA.getForeignbPKTargetList() != null) { - if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) - foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); - - else { - if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, - dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - foreignbPKTargets = dbOA.getForeignbPKTargetList(); - - } - } - - //parse additional bPK sector list - if (dbOA.getAdditionalbPKTargetList() != null) { - if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) - additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); - - else { - if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, - dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); - - } - } - - //parse 'Austrian eID mode' flag - eidDemoActive = dbOA.getIseIDDemoModeActive(); - eidProxyActive = dbOA.getIseIDProxyModeActive(); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + + public OATargetConfiguration() { + targetList = TargetValidator.getListOfTargets(); + target = ""; + + identificationTypeList = Arrays.asList( + Constants.IDENIFICATIONTYPE_FN, + Constants.IDENIFICATIONTYPE_ZVR, + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK, + Constants.IDENIFICATIONTYPE_EIDAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OATargetConfig"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + final String target_full = dbOA.getTarget(); + if (MiscUtil.isNotEmpty(target_full)) { + if (TargetValidator.isValidTarget(target_full)) { + target = target_full; + + } else { + final String[] target_split = target_full.split("-"); + + if (TargetValidator.isValidTarget(target_split[0])) { + target = target_split[0]; + if (target_split.length > 1) { + target_subsector = target_split[1]; + subTargetSet = true; + } + + } else { + target = ""; + target_subsector = null; + target_admin = target_full; + isAdminTarget = true; + } + } + targetFriendlyName = dbOA.getTargetFriendlyName(); + } + + final AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + + final IdentificationNumber idnumber = oaauth.getIdentificationNumber(); + if (idnumber != null) { + final String number = idnumber.getValue(); + if (MiscUtil.isNotEmpty(number)) { + final String[] split = number.split("\\+"); + + if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; + identificationNumber = split[2]; + + } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { + // identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_EIDAS; + identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident + + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + // identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_STORK; + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } } - - if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { - - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - String num = null; - if (authUser.isOnlyBusinessService()) { - deaktivededBusinessService = authUser.isOnlyBusinessService(); - num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); - - } else { - - num = getIdentificationNumber().replaceAll(" ", ""); - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - - /*Fixme: - * Company numbers had to be padded with '0' on left site - * But this bugfix can not be activated, because this would - * change all bPKs for company numbers. - * - * Change this in case of new bPK generation algorithms - */ - // num = StringUtils.leftPad(num, 7, '0'); - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - } - - IdentificationNumber idnumber = authoa.getIdentificationNumber(); - if (idnumber == null) - idnumber = new IdentificationNumber(); - - if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { - idnumber.setValue(Constants.PREFIX_EIDAS + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - - } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { - idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - } else { - idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - } - - authoa.setIdentificationNumber(idnumber); + + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + + identificationType = authUser.getBusinessServiceType(); + identificationNumber = authUser.getBusinessServiceNumber(); + + } + + } + } + + // parse foreign bPK sector list + if (dbOA.getForeignbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) { + foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); + } else { + if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, + dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); } else { - dbOA.setType(null); + foreignbPKTargets = dbOA.getForeignbPKTargetList(); + } + + } + } - if (authUser.isAdmin()) { - if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { - dbOA.setTarget(getTarget_admin()); - dbOA.setTargetFriendlyName(getTargetFriendlyName()); + // parse additional bPK sector list + if (dbOA.getAdditionalbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) { + additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); + } else { + if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, + dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - } else { + } else { + additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); + } - String target = getTarget(); + } + } - if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) - dbOA.setTarget(target + "-" + getTarget_subsector()); - else - dbOA.setTarget(target); + // parse 'Austrian eID mode' flag + eidDemoActive = dbOA.getIseIDDemoModeActive(); + eidProxyActive = dbOA.getIseIDProxyModeActive(); + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { - } + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - } else { + String num = null; + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); - if (MiscUtil.isNotEmpty(getTarget())) { + } else { - String target = getTarget(); + num = getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) - dbOA.setTarget(target + "-" + getTarget_subsector()); + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - else - dbOA.setTarget(target); + /* + * Fixme: Company numbers had to be padded with '0' on left site But this bugfix + * can not be activated, because this would change all bPKs for company numbers. + * + * Change this in case of new bPK generation algorithms + */ + // num = StringUtils.leftPad(num, 7, '0'); + } - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + } - } - } + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); } - - dbOA.setForeignbPKTargetList(getForeignbPKTargets()); - dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); - dbOA.setIseIDDemoModeActive(isEidDemoActive()); - dbOA.setIseIDProxyModeActive(isEidProxyActive()); - - return null; - } - - /** - * @return - */ - private boolean isBusinessService(OnlineApplication dbOA) { - if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) - return true; - else - return false; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); - } - - public String getTarget() { - return target; - } - - public void setTarget(String target) { - this.target = target; - } - - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - public String getIdentificationNumber() { - return identificationNumber; - } - - public void setIdentificationNumber(String identificationNumber) { - this.identificationNumber = identificationNumber; - } - - public String getIdentificationType() { - return identificationType; - } - - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * @return the target_subsector - */ - public String getTarget_subsector() { - return target_subsector; - } - - - /** - * @param target_subsector the target_subsector to set - */ - public void setTarget_subsector(String target_subsector) { - this.target_subsector = target_subsector; - } - - - /** - * @return the target_admin - */ - public String getTarget_admin() { - return target_admin; - } - - - /** - * @param target_admin the target_admin to set - */ - public void setTarget_admin(String target_admin) { - this.target_admin = target_admin; - } - - - /** - * @return the targetList - */ - public List getTargetList() { - return targetList; - } - - - /** - * @return the identificationTypeList - */ - public List getIdentificationTypeList() { - return identificationTypeList; - } - - - /** - * @return the isAdminTarget - */ - public boolean isAdminTarget() { - return isAdminTarget; - } - - - /** - * @param isAdminTarget the isAdminTarget to set - */ - public void setAdminTarget(boolean isAdminTarget) { - this.isAdminTarget = isAdminTarget; - } - - /** - * @return the deaktivededBusinessService - */ - public boolean isDeaktivededBusinessService() { - return deaktivededBusinessService; - } + } + IdentificationNumber idnumber = authoa.getIdentificationNumber(); + if (idnumber == null) { + idnumber = new IdentificationNumber(); + } - /** - * @param deaktivededBusinessService the deaktivededBusinessService to set - */ - public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { - this.deaktivededBusinessService = deaktivededBusinessService; - } + if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { + idnumber.setValue(Constants.PREFIX_EIDAS + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { + idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else { + idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } - /** - * @return the subTargetSet - */ - public boolean isSubTargetSet() { - return subTargetSet; - } + authoa.setIdentificationNumber(idnumber); + } else { + dbOA.setType(null); - /** - * @param subTargetSet the subTargetSet to set - */ - public void setSubTargetSet(boolean subTargetSet) { - this.subTargetSet = subTargetSet; - } + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { + dbOA.setTarget(getTarget_admin()); + dbOA.setTargetFriendlyName(getTargetFriendlyName()); + } else { - public String getForeignbPKTargets() { - return foreignbPKTargets; - } + final String target = getTarget(); + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) { + dbOA.setTarget(target + "-" + getTarget_subsector()); + } else { + dbOA.setTarget(target); + } - public void setForeignbPKTargets(String foreignbPKTargets) { - if (MiscUtil.isNotEmpty(foreignbPKTargets)) - this.foreignbPKTargets = - KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); - else - this.foreignbPKTargets = foreignbPKTargets; - } + final String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) { + dbOA.setTargetFriendlyName(targetname); + } + } + + } else { + + if (MiscUtil.isNotEmpty(getTarget())) { - public String getAdditionalbPKTargets() { - return additionalbPKTargets; - } + final String target = getTarget(); + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) { + dbOA.setTarget(target + "-" + getTarget_subsector()); + } else { + dbOA.setTarget(target); + } - public void setAdditionalbPKTargets(String additionalbPKTargets) { - if (MiscUtil.isNotEmpty(additionalbPKTargets)) - this.additionalbPKTargets = - KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); - else - this.additionalbPKTargets = additionalbPKTargets; + final String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) { + dbOA.setTargetFriendlyName(targetname); + } - } + } + } + } + + dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); + dbOA.setIseIDDemoModeActive(isEidDemoActive()); + dbOA.setIseIDProxyModeActive(isEidProxyActive()); + + return null; + } + + /** + * @return + */ + private boolean isBusinessService(OnlineApplication dbOA) { + if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) { + return true; + } else { + return false; + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + public String getIdentificationNumber() { + return identificationNumber; + } + + public void setIdentificationNumber(String identificationNumber) { + this.identificationNumber = identificationNumber; + } + + public String getIdentificationType() { + return identificationType; + } + + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * @return the target_subsector + */ + public String getTarget_subsector() { + return target_subsector; + } + + /** + * @param target_subsector the target_subsector to set + */ + public void setTarget_subsector(String target_subsector) { + this.target_subsector = target_subsector; + } + + /** + * @return the target_admin + */ + public String getTarget_admin() { + return target_admin; + } + + /** + * @param target_admin the target_admin to set + */ + public void setTarget_admin(String target_admin) { + this.target_admin = target_admin; + } + + /** + * @return the targetList + */ + public List getTargetList() { + return targetList; + } + + /** + * @return the identificationTypeList + */ + public List getIdentificationTypeList() { + return identificationTypeList; + } + + /** + * @return the isAdminTarget + */ + public boolean isAdminTarget() { + return isAdminTarget; + } + + /** + * @param isAdminTarget the isAdminTarget to set + */ + public void setAdminTarget(boolean isAdminTarget) { + this.isAdminTarget = isAdminTarget; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + /** + * @param deaktivededBusinessService the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + public String getForeignbPKTargets() { + return foreignbPKTargets; + } + + public void setForeignbPKTargets(String foreignbPKTargets) { + if (MiscUtil.isNotEmpty(foreignbPKTargets)) { + this.foreignbPKTargets = + KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); + } else { + this.foreignbPKTargets = foreignbPKTargets; + } + } + + public String getAdditionalbPKTargets() { + return additionalbPKTargets; + } + + public void setAdditionalbPKTargets(String additionalbPKTargets) { + if (MiscUtil.isNotEmpty(additionalbPKTargets)) { + this.additionalbPKTargets = + KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); + } else { + this.additionalbPKTargets = additionalbPKTargets; + } + } - public boolean isEidDemoActive() { - return eidDemoActive; - } + public boolean isEidDemoActive() { + return eidDemoActive; + } + public void setEidDemoActive(boolean eidDemoActive) { + this.eidDemoActive = eidDemoActive; + } - public void setEidDemoActive(boolean eidDemoActive) { - this.eidDemoActive = eidDemoActive; - } - - public boolean isEidProxyActive() { - return eidProxyActive; - } + public boolean isEidProxyActive() { + return eidProxyActive; + } + public void setEidProxyActive(boolean eidProxyActive) { + this.eidProxyActive = eidProxyActive; + } - public void setEidProxyActive(boolean eidProxyActive) { - this.eidProxyActive = eidProxyActive; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java index e27c55c90..29598a679 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java @@ -27,110 +27,128 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationGatewayType; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class PVPGatewayInterfederationConfig implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(PVPGatewayInterfederationConfig.class); - - private String entityID = null; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "PVPGatewayInterfederation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); - if (gateway != null) { - this.entityID = gateway.getForwardIDPIdentifier(); - - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - if (authUser.isAdmin()) { - dbOA.setIsInterfederationGateway(true); - - InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); - if (gateway == null) { - gateway = new InterfederationGatewayType(); - dbOA.setInterfederationGateway(gateway); - } - - gateway.setForwardIDPIdentifier(entityID); - } - - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (MiscUtil.isNotEmpty(entityID)) { - if (!ValidationHelper.validateURL(entityID)) { - log.info("PVP gateway EntityID is not valid"); - errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid", request)); - - } - - } else - errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request)); - - return errors; - } - - /** - * @return the entityID - */ - public String getEntityID() { - return entityID; - } - - /** - * @param entityID the entityID to set - */ - public void setEntityID(String entityID) { - this.entityID = entityID; - } - - - + private String entityID = null; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "PVPGatewayInterfederation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + final InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); + if (gateway != null) { + this.entityID = gateway.getForwardIDPIdentifier(); + + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationGateway(true); + + InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); + if (gateway == null) { + gateway = new InterfederationGatewayType(); + dbOA.setInterfederationGateway(gateway); + } + + gateway.setForwardIDPIdentifier(entityID); + } + + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (MiscUtil.isNotEmpty(entityID)) { + if (!ValidationHelper.validateURL(entityID)) { + log.info("PVP gateway EntityID is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid", + request)); + + } + + } else { + errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request)); + } + + return errors; + } + + /** + * @return the entityID + */ + public String getEntityID() { + return entityID; + } + + /** + * @param entityID the entityID to set + */ + public void setEntityID(String entityID) { + this.entityID = entityID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index c69998fa2..8b50437cb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -40,8 +40,6 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; @@ -50,10 +48,10 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.ToStringUtil; import at.gv.util.WebAppUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class AuthenticationFilter implements Filter{ - - private final Logger log = Logger.getLogger(AuthenticationFilter.class); private static ConfigurationProvider config; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java index 71f9536ae..6c4ecf3ae 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java @@ -11,11 +11,13 @@ import javax.servlet.ServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.builder.ToStringBuilder; -import org.apache.log4j.Logger; + +import lombok.extern.slf4j.Slf4j; /** * @author Thomas Knall */ +@Slf4j public class EncodingFilter implements javax.servlet.Filter { private static final String SERVLET_INIT_PARAM_ENCODING = "encoding"; @@ -30,8 +32,6 @@ public class EncodingFilter implements javax.servlet.Filter { private static final boolean DEFAULT_FORCE_REQUEST_ENCODING_VALUE = true; private static final boolean DEFAULT_SET_RESPONSE_ENCODING_VALUE = false; private static final boolean DEFAULT_FORCE_RESPONSE_ENCODING_VALUE = false; - - private Logger log = Logger.getLogger(getClass().getName()); private String encoding = null; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java index 4d47d8d96..25cf87aa9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java @@ -29,29 +29,27 @@ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.util.Base64Utils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class AuthenticationHelper { - - private static final Logger log = Logger.getLogger(AuthenticationHelper.class); - - public static String generateKeyFormPassword(String password) { - SecretKeyFactory factory; - - try { - factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); - KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128); - SecretKey tmp = factory.generateSecret(spec); - SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); - return Base64Utils.encode(secret.getEncoded()); - - } catch (Exception e) { - log.info("Key generation form password failed."); - return null; - } - - } + + public static String generateKeyFormPassword(String password) { + SecretKeyFactory factory; + + try { + factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + final KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128); + final SecretKey tmp = factory.generateSecret(spec); + final SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); + return Base64Utils.encode(secret.getEncoded()); + + } catch (final Exception e) { + log.info("Key generation form password failed."); + return null; + } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java index eed4aa32f..a6c8b93b1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java @@ -26,34 +26,32 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class DateTimeHelper { - private static final Logger log = Logger.getLogger(DateTimeHelper.class); - - private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; - - public static String getDateTime(Date date) { - SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); - return f.format(date); - } - - public static Date parseDateTime(String date) { - SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); - - if (MiscUtil.isNotEmpty(date)) { - - try { - return f.parse(date); - - } catch (ParseException e) { - log.warn("Parse DATETIME String " + date + " failed", e); - - } - } - return null; - } + private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; + + public static String getDateTime(Date date) { + final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + return f.format(date); + } + + public static Date parseDateTime(String date) { + final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + + if (MiscUtil.isNotEmpty(date)) { + + try { + return f.parse(date); + + } catch (final ParseException e) { + log.warn("Parse DATETIME String " + date + " failed", e); + + } + } + return null; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index b4afcb5f2..406acf001 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -26,77 +26,76 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType; public class FormDataHelper { - public static ArrayList populateFormWithInderfederationIDPs(List dbOAs) { - - ArrayList formOAs = new ArrayList(); - - for (OnlineApplication dboa : dbOAs) { - - if (dboa.isIsInterfederationIDP()!= null && dboa.isIsInterfederationIDP()) - formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); - - else if (dboa.isIsInterfederationGateway()!= null && dboa.isIsInterfederationGateway()) - formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY)); - - else if (dboa.getAuthComponentOA().getOASTORK() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) - formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); - } - return formOAs; - } - - public static ArrayList populateFormWithOAs(List dbOAs) { - - ArrayList formOAs = new ArrayList(); - - for (OnlineApplication dboa : dbOAs) { - - if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || - (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) || - (dboa.getAuthComponentOA().getOASTORK() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) || - (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) { - formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); - } - } - return formOAs; - } - - private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { - OAListElement listoa = new OAListElement(type); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - return listoa; - } - - public static ArrayList addFormUsers(List dbuserlist) { - ArrayList userlist = new ArrayList(); - - for (UserDatabase dbuser : dbuserlist) { - - boolean ismandate = false; - if (dbuser.isIsMandateUser() != null) - ismandate = dbuser.isIsMandateUser(); - - userlist.add(new AuthenticatedUser(dbuser, - dbuser.isIsActive(), - ismandate, - false, null, null, new Date()) - ); - } - return userlist; - } + public static ArrayList populateFormWithInderfederationIDPs(List dbOAs) { + + final ArrayList formOAs = new ArrayList<>(); + + for (final OnlineApplication dboa : dbOAs) { + + if (dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); + } else if (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY)); + } else if (dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); + } + } + return formOAs; + } + + public static ArrayList populateFormWithOAs(List dbOAs) { + + final ArrayList formOAs = new ArrayList<>(); + + for (final OnlineApplication dboa : dbOAs) { + + if (!(dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP() || + dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() || + dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() || + dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway())) { + formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); + } + } + return formOAs; + } + + private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { + final OAListElement listoa = new OAListElement(type); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + return listoa; + } + + public static ArrayList addFormUsers(List dbuserlist) { + final ArrayList userlist = new ArrayList<>(); + + for (final UserDatabase dbuser : dbuserlist) { + + boolean ismandate = false; + if (dbuser.isIsMandateUser() != null) { + ismandate = dbuser.isIsMandateUser(); + } + + userlist.add(new AuthenticatedUser(dbuser, + dbuser.isIsActive(), + ismandate, + false, null, null, new Date())); + } + return userlist; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java index 29ab75b3e..d4f4d2129 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java @@ -22,81 +22,73 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; +import java.text.MessageFormat; +import java.util.Locale; +import java.util.ResourceBundle; + +import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; -import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; -import javax.servlet.http.HttpServletRequest; -import java.text.MessageFormat; -import java.util.Locale; -import java.util.ResourceBundle; +@Slf4j +public class LanguageHelper { + private static String errorLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); -import org.apache.log4j.Logger; + } + private static String guiLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); -public class LanguageHelper { + } - private static Logger log = Logger.getLogger(LanguageHelper.class); - - private static String errorLanguage(String code, Locale locale) { - return ResourceBundle.getBundle("applicationResources", locale).getString(code); - - } + public static String getGUIString(String code, HttpServletRequest request) { + return guiLanguage(code, getLangFromRequest(request)); + } - private static String guiLanguage(String code, Locale locale) { - return ResourceBundle.getBundle("applicationResources", locale).getString(code); - - } + public static String getErrorString(String code, HttpServletRequest request) { + return errorLanguage(code, getLangFromRequest(request)); + } - public static String getGUIString(String code, HttpServletRequest request) { - return guiLanguage(code, getLangFromRequest(request)); - } + public static String getGUIString(String code, String parameter, HttpServletRequest request) { + return MessageFormat.format(getGUIString(code, request), parameter); + } + public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { - public static String getErrorString(String code, HttpServletRequest request) { - return errorLanguage(code, getLangFromRequest(request)); - } + return MessageFormat.format(getGUIString(code, request), parameter); + } - public static String getGUIString(String code, String parameter, HttpServletRequest request) { - return MessageFormat.format(getGUIString(code, request), parameter); - } + private static Locale getLangFromRequest(HttpServletRequest request) { + + Locale defaultLanguage = Locale.forLanguageTag("de"); - public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { + try { + final ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); + defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); - return MessageFormat.format(getGUIString(code, request), parameter); + } catch (final ConfigurationException e) { + log.error("Configuration exception while getting ConfigurationProvider instance", e); } - - private static Locale getLangFromRequest(HttpServletRequest request) { - - Locale defaultLanguage = Locale.forLanguageTag("de"); - - try { - ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); - defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); - - } catch (ConfigurationException e) { - log.error("Configuration exception while getting ConfigurationProvider instance", e); - } - - - if (request == null) { - return defaultLanguage; - - } else { - Object obj = request.getSession().getAttribute(Constants.SESSION_I18n); - - if (obj != null && obj instanceof Locale) { - return (Locale) obj; - - } else - return defaultLanguage; - - } - + if (request == null) { + return defaultLanguage; + + } else { + final Object obj = request.getSession().getAttribute(Constants.SESSION_I18n); + + if (obj != null && obj instanceof Locale) { + return (Locale) obj; + + } else { + return defaultLanguage; + } + } -} + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index 8f3b8f479..5d1f663a9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -41,7 +41,6 @@ import javax.mail.internet.MimeMessage; import javax.mail.internet.MimeMultipart; import org.apache.commons.io.IOUtils; -import org.apache.log4j.Logger; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -49,207 +48,213 @@ import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MailHelper { - private static final Logger log = Logger.getLogger(MailHelper.class); - - private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; - private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; - private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; - private static final String PATTERN_DATE = "#TODAY_DATE#"; - private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; - private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; - private static final String PATTERN_OANAME = "#OANAME#"; - - public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountVerificationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); - template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); - } - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + - "?" + Constants.REQUEST_USERREQUESTTOKKEN + - "=" + userdb.getUserRequestTokken(); - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailUserAcountVerificationSubject(), - userdb.getMail(), template); - - } - - public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailAdminTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); - template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); - - } - - public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountActivationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - if (MiscUtil.isNotEmpty(institut)) { - template = template.replace(PATTERN_GIVENNAME, institut); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, givenname); - template = template.replace(PATTERN_FAMILYNAME, familyname); - } - - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailUserAcountActivationSubject(), - mailurl, template); - } - - public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailOAActivationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - if (MiscUtil.isNotEmpty(institut)) { - template = template.replace(PATTERN_GIVENNAME, institut); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, givenname); - template = template.replace(PATTERN_FAMILYNAME, familyname); - } - - template = template.replace(PATTERN_OANAME, oaname); - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailOAActivationSubject(), - mailurl, template); - } - - public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountRevocationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); - template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); - } - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - sendMail(config, config.getMailUserAcountActivationSubject(), - userdb.getMail(), template); - } - - private static String readTemplateFromURL(String templateurl, String rootDir) throws ConfigurationException { - InputStream input; - try { - - URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir)); - input = keystoreURL.openStream(); - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - input.close(); - return writer.toString(); - - } catch (Exception e) { - log.warn("Mailtemplate can not be read from source" + templateurl); - throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); - - } - } - - private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException { - try { - log.debug("Sending mail."); - MiscUtil.assertNotNull(subject, "subject"); - MiscUtil.assertNotNull(recipient, "recipient"); - MiscUtil.assertNotNull(content, "content"); - - Properties props = new Properties(); - props.setProperty("mail.transport.protocol", "smtp"); - props.setProperty("mail.host", config.getSMTPMailHost()); - log.trace("Mail host: " + config.getSMTPMailHost()); - if (config.getSMTPMailPort() != null) { - log.trace("Mail port: " + config.getSMTPMailPort()); - props.setProperty("mail.port", config.getSMTPMailPort()); - } - if (config.getSMTPMailUsername() != null) { - log.trace("Mail user: " + config.getSMTPMailUsername()); - props.setProperty("mail.user", config.getSMTPMailUsername()); - } - if (config.getSMTPMailPassword() != null) { - log.trace("Mail password: " + config.getSMTPMailPassword()); - props.setProperty("mail.password", config.getSMTPMailPassword()); - } - - Session mailSession = Session.getDefaultInstance(props, null); - Transport transport = mailSession.getTransport(); - - MimeMessage message = new MimeMessage(mailSession); - message.setSubject(subject); - log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); - message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); - log.trace("Recipient: " + recipient); - message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); - - log.trace("Creating multipart content of mail."); - MimeMultipart multipart = new MimeMultipart("related"); - - log.trace("Adding first part (html)"); - BodyPart messageBodyPart = new MimeBodyPart(); - messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); - multipart.addBodyPart(messageBodyPart); - + private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; + private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; + private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; + private static final String PATTERN_DATE = "#TODAY_DATE#"; + private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; + private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; + private static final String PATTERN_OANAME = "#OANAME#"; + + public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountVerificationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + + "?" + Constants.REQUEST_USERREQUESTTOKKEN + + "=" + userdb.getUserRequestTokken(); + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountVerificationSubject(), + userdb.getMail(), template); + + } + + public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailAdminTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); + template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); + + } + + public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, + String mailurl) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountActivationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountActivationSubject(), + mailurl, template); + } + + public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, + String institut, String oaname, String mailurl) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailOAActivationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + template = template.replace(PATTERN_OANAME, oaname); + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailOAActivationSubject(), + mailurl, template); + } + + public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountRevocationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailUserAcountActivationSubject(), + userdb.getMail(), template); + } + + private static String readTemplateFromURL(String templateurl, String rootDir) + throws ConfigurationException { + InputStream input; + try { + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir)); + input = keystoreURL.openStream(); + final StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + input.close(); + return writer.toString(); + + } catch (final Exception e) { + log.warn("Mailtemplate can not be read from source" + templateurl); + throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); + + } + } + + private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) + throws ConfigurationException { + try { + log.debug("Sending mail."); + MiscUtil.assertNotNull(subject, "subject"); + MiscUtil.assertNotNull(recipient, "recipient"); + MiscUtil.assertNotNull(content, "content"); + + final Properties props = new Properties(); + props.setProperty("mail.transport.protocol", "smtp"); + props.setProperty("mail.host", config.getSMTPMailHost()); + log.trace("Mail host: " + config.getSMTPMailHost()); + if (config.getSMTPMailPort() != null) { + log.trace("Mail port: " + config.getSMTPMailPort()); + props.setProperty("mail.port", config.getSMTPMailPort()); + } + if (config.getSMTPMailUsername() != null) { + log.trace("Mail user: " + config.getSMTPMailUsername()); + props.setProperty("mail.user", config.getSMTPMailUsername()); + } + if (config.getSMTPMailPassword() != null) { + log.trace("Mail password: " + config.getSMTPMailPassword()); + props.setProperty("mail.password", config.getSMTPMailPassword()); + } + + final Session mailSession = Session.getDefaultInstance(props, null); + final Transport transport = mailSession.getTransport(); + + final MimeMessage message = new MimeMessage(mailSession); + message.setSubject(subject); + log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); + message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); + log.trace("Recipient: " + recipient); + message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); + + log.trace("Creating multipart content of mail."); + final MimeMultipart multipart = new MimeMultipart("related"); + + log.trace("Adding first part (html)"); + final BodyPart messageBodyPart = new MimeBodyPart(); + messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); + multipart.addBodyPart(messageBodyPart); + // log.trace("Adding mail images"); // messageBodyPart = new MimeBodyPart(); // for (Image image : images) { @@ -257,20 +262,20 @@ public class MailHelper { // messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">"); // multipart.addBodyPart(messageBodyPart); // } - - message.setContent(multipart); - transport.connect(); - log.trace("Sending mail message."); - transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); - log.trace("Successfully sent."); - transport.close(); - - } catch(MessagingException e) { - throw new ConfigurationException(e); - - } catch (UnsupportedEncodingException e) { - throw new ConfigurationException(e); - - } - } + + message.setContent(multipart); + transport.connect(); + log.trace("Sending mail message."); + transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); + log.trace("Successfully sent."); + transport.close(); + + } catch (final MessagingException e) { + throw new ConfigurationException(e); + + } catch (final UnsupportedEncodingException e) { + throw new ConfigurationException(e); + + } + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java index 53afa59a0..be4cab9d7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java @@ -26,37 +26,35 @@ import java.io.UnsupportedEncodingException; public class StringHelper { - public static String formatText(String strGivenText) - { - StringBuffer sbFormattedText = new StringBuffer(strGivenText); - - for(int i=0; i formList; - protected long oaid = -1; - - private String oaidobj; - private boolean newOA; - private boolean isMetaDataRefreshRequired = false; - - private InputStream stream = null; - - - - /** - * - */ - public BasicOAAction() { - super(); - - formList = new LinkedHashMap(); - - OAGeneralConfig generalOA = new OAGeneralConfig(); - formList.put(generalOA.getName(), generalOA); - - } - - protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{ - if (!ValidationHelper.validateOAID(oaidobj)) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - + private static final long serialVersionUID = 5676123696807646246L; + + protected LinkedHashMap formList; + protected long oaid = -1; + + private String oaidobj; + private boolean newOA; + private boolean isMetaDataRefreshRequired = false; + + private InputStream stream = null; + + /** + * + */ + public BasicOAAction() { + super(); + + formList = new LinkedHashMap<>(); + + final OAGeneralConfig generalOA = new OAGeneralConfig(); + formList.put(generalOA.getName(), generalOA); + + } + + protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException { + if (!ValidationHelper.validateOAID(oaidobj)) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } else { + userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + // TODO: change to direct Database operation + final List oas = userdb.getOnlineApplication(); + for (final String oa : oas) { + if (oa.equals(oaid)) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + break; } - oaid = Long.valueOf(oaidobj); + } + if (onlineapplication == null) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; + return onlineapplication; - if (authUser.isAdmin()) - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } - else { - userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + protected void populateBasicNewOnlineApplicationInformation() { + session.setAttribute(Constants.SESSION_OAID, null); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); + setNewOA(true); - } + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } - // TODO: change to direct Database operation - List oas = userdb.getOnlineApplication(); - for (String oa : oas) { - if (oa.equals(oaid)) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - break; - } - } - if (onlineapplication == null) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - } + protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, + boolean persistOA) throws BasicOAActionException { + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + onlineapplication.setIsNew(true); + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else { + isMetaDataRefreshRequired = true; + } + + } else { + onlineapplication.setIsNew(false); + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA() + .getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if (onlineapplication.isIsAdminRequired() == null + || authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired()) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + UserDatabase userdb = null; + if (onlineapplication.getHjid() != null) { + userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); + } + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (final ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); } - - return onlineapplication; - - } - - protected void populateBasicNewOnlineApplicationInformation() { - session.setAttribute(Constants.SESSION_OAID, null); - - setNewOA(true); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } + } + + // save OA configuration + final String error = saveOAConfigToDatabase(onlineapplication, persistOA); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); } - - protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, boolean persistOA) throws BasicOAActionException { - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - onlineapplication.setIsNew(true); - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - onlineapplication.setIsNew(false); - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - UserDatabase userdb = null; - if (onlineapplication.getHjid() != null) - userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, persistOA); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); - } // //set metadata reload flag if reload is required -// +// // if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) { // // try { @@ -234,290 +237,302 @@ public class BasicOAAction extends BasicAction { // } // // } - - return onlineapplication; - } - - protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - } else { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - } - - OnlineApplication onlineapplication = null; - - Long oaid = getOAIDFromSession(); - - // valid DBID and check entry - OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName())); - String oaidentifier = oaGeneralForm.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (oaid == -1) { - List oaList = configuration.getDbRead().getAllOnlineApplications(); - - if (oaList != null) { - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - onlineapplication = el; - - } - } - - if (onlineapplication == null) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); - - } - - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{onlineapplication.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } else - setNewOA(true); - - } else { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - OnlineApplication dbOA = null; - List oaList = configuration.getDbRead().getAllOnlineApplications(); - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - dbOA = el; - - } - if (dbOA == null) - dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); - - if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{dbOA.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } - } - } - } - } - - return onlineapplication; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } - - } - - protected Long getOAIDFromSession() throws BasicOAActionException { - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + + return onlineapplication; + } + + protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + } else { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + } + + OnlineApplication onlineapplication = null; + + final Long oaid = getOAIDFromSession(); + + // valid DBID and check entry + final OAGeneralConfig oaGeneralForm = (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + final String oaidentifier = oaGeneralForm.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (oaid == -1) { + final List oaList = configuration.getDbRead().getAllOnlineApplications(); + + if (oaList != null) { + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + onlineapplication = el; } - } catch (Throwable t) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + } + } + + if (onlineapplication == null) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { onlineapplication.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + setNewOA(true); + } + + } else { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + OnlineApplication dbOA = null; + final List oaList = configuration.getDbRead().getAllOnlineApplications(); + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + dbOA = el; + } + + } + if (dbOA == null) { + dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (dbOA != null && !dbOA.getHjid().equals(oaid)) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { dbOA.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } + } + } } - - return oaid; + } + + return onlineapplication; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; } - - protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - - } - - String oaidentifier = getGeneralOA().getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - } - } - - return oaidentifier; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } + + } + + protected Long getOAIDFromSession() throws BasicOAActionException { + final Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + + } catch (final Throwable t) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { - - for (IOnlineApplicationData form : formList.values()) - form.store(dboa, authUser, request); - - try { - if (dboa.isIsNew()) { - if (!authUser.isAdmin()) { - UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - List useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList(); + return oaid; + } + + protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser + .getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); - useroas.add(String.valueOf(dboa.getHjid())); - configuration.getUserManagement().saveOrUpdate(user); - - } else { - if (persistOA) - save(dboa); - - } - - } else - if (persistOA) - save(dboa); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + final String oaidentifier = getGeneralOA().getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); - return null; + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + } + } + + return oaidentifier; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + } + + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { + + for (final IOnlineApplicationData form : formList.values()) { + form.store(dboa, authUser, request); } - - protected void save(OnlineApplication oa) throws MOADatabaseException { - try { - STORK storkConfig = null; - try { - MOAIDConfiguration moaidConfig = - ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); - - } catch (Exception e) { - - } - - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - if (oa.getHjid() == null) { - log.debug("No hjID -> find new Service ID ..."); - String hjID = configuration.getConfigModule().buildArrayIdentifier( - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); - log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); - oa.setHjid(Long.valueOf(hjID)); - - } else { - //TODO: work-around for old config tool and new key/value configuration - //see: NewConfigurationDBRead.java Line 81 + + try { + if (dboa.isIsNew()) { + if (!authUser.isAdmin()) { + final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + List useroas = user.getOnlineApplication(); + if (useroas == null) { + useroas = new ArrayList<>(); + } + + useroas.add(String.valueOf(dboa.getHjid())); + configuration.getUserManagement().saveOrUpdate(user); + + } else { + if (persistOA) { + save(dboa); + } + + } + + } else if (persistOA) { + save(dboa); + } + + } catch (final MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + + return null; + } + + protected void save(OnlineApplication oa) throws MOADatabaseException { + try { + STORK storkConfig = null; + try { + final MOAIDConfiguration moaidConfig = + ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); + + } catch (final Exception e) { + + } + + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + if (oa.getHjid() == null) { + log.debug("No hjID -> find new Service ID ..."); + final String hjID = configuration.getConfigModule().buildArrayIdentifier( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); + log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); + oa.setHjid(Long.valueOf(hjID)); + + } else { + // TODO: work-around for old config tool and new key/value configuration + // see: NewConfigurationDBRead.java Line 81 // if (oa.getHjid() > 1000000) { -// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) +// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) // oa.setHjid(oa.getHjid() - 1000000); // else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) // oa.setHjid(oa.getHjid() - 2000000); @@ -525,208 +540,210 @@ public class BasicOAAction extends BasicAction { // oa.setHjid(oa.getHjid() - 3000000); // else // log.warn("Inconsistent state found! Service Identifier for OA found but Hjid is > 1000000."); -// +// // } - - } - - Map absolutKeyValue = KeyValueUtils.makeKeysAbsolut( - keyValueConfig, - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(oa.getHjid()), - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); - - configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - - - } catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - throw new MOADatabaseException(e.getMessage(), e); - - } - + + } + + final Map absolutKeyValue = KeyValueUtils.makeKeysAbsolut( + keyValueConfig, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + oa.getHjid()), + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + + configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + + } catch (ConfigurationStorageException + | at.gv.egiz.components.configuration.api.ConfigurationException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + throw new MOADatabaseException(e.getMessage(), e); + } - - protected boolean delete(OnlineApplication onlineapplication) { - try { - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - String deleteServiceKey = - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(onlineapplication.getHjid()) + ".*"; - - configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[]{deleteServiceKey})); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - return true; - - } catch (ConfigurationStorageException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - - } - - return false; - + + } + + protected boolean delete(OnlineApplication onlineapplication) { + try { + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + final String deleteServiceKey = + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + onlineapplication.getHjid()) + ".*"; + + configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[] { + deleteServiceKey })); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + return true; + + } catch (final ConfigurationStorageException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + } - - public String bkuFramePreview() { - String preview = null; + return false; - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - InputStream input = null; + } - try { - Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); - if (mapobj != null && mapobj instanceof Map) { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR - + ConfigurationProvider.HTMLTEMPLATE_FILE; - - File file = new File(new URI(templateURL)); - input = new FileInputStream(file); - - String contextpath = config.getMOAIDInstanceURL(); - if (MiscUtil.isEmpty(contextpath)) { - log.info("NO MOA-ID instance URL configurated."); - input.close(); - throw new ConfigurationException("No MOA-ID instance configurated"); - - } - - //set parameters - Map params = (Map) mapobj; - params.put( - AbstractServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, - contextpath); - - request.setCharacterEncoding("UTF-8"); - String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); - String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); - - if (value != null) { - String[] query = URLDecoder.decode(request.getQueryString()).split("&"); - value = query[1].substring("value=".length()); - } + public String bkuFramePreview() { - synchronized (params) { - if (MiscUtil.isNotEmpty(module)) { - if (params.containsKey(module)) { - if (MiscUtil.isNotEmpty(value)) { - if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT.contains(module) - || value.startsWith("#")) - params.put(module, value); - else - params.put(module, "#" + value); - - } else { - params.put(module, FormBuildUtils.getDefaultMap().get(module)); - } - } - } - } - - //write preview - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - VelocityContext context = new VelocityContext(); - Iterator> interator = params.entrySet().iterator(); - while (interator.hasNext()) { - Entry el = interator.next(); - context.put(el.getKey(), el.getValue()); - - } - StringWriter writer = new StringWriter(); - engine.evaluate(context, writer, "BKUSelection_preview", - new BufferedReader(new InputStreamReader(input))); - stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + String preview = null; - } else { - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + try { + populateBasicInformations(); - } + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + InputStream input = null; + + try { + final Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); + if (mapobj != null && mapobj instanceof Map) { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR + + ConfigurationProvider.HTMLTEMPLATE_FILE; - } catch (Exception e) { - log.warn("BKUSelection Preview can not be generated.", e); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + final File file = new File(new URI(templateURL)); + input = new FileInputStream(file); + + final String contextpath = config.getMOAIDInstanceURL(); + if (MiscUtil.isEmpty(contextpath)) { + log.info("NO MOA-ID instance URL configurated."); + input.close(); + throw new ConfigurationException("No MOA-ID instance configurated"); } - if (stream == null && MiscUtil.isNotEmpty(preview)) { - try { - stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); - - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - - } + // set parameters + final Map params = (Map) mapobj; + params.put( + AbstractGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, + contextpath); + + request.setCharacterEncoding("UTF-8"); + final String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); + String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); + + if (value != null) { + final String[] query = URLDecoder.decode(request.getQueryString()).split("&"); + value = query[1].substring("value=".length()); } - - - return Constants.STRUTS_SUCCESS; - } - - - /** - * @param oaidobj the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - /** - * @param newOA the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; - } - - public OAGeneralConfig getGeneralOA() { - return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); - } + synchronized (params) { + if (MiscUtil.isNotEmpty(module)) { + if (params.containsKey(module)) { + if (MiscUtil.isNotEmpty(value)) { + if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT + .contains(module) + || value.startsWith("#")) { + params.put(module, value); + } else { + params.put(module, "#" + value); + } - public void setGeneralOA(OAGeneralConfig generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - - public OAPVP2Config getPvp2OA() { - return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); - } + } else { + params.put(module, FormBuildUtils.getDefaultMap().get(module)); + } + } + } + } + + // write preview + final VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + final VelocityContext context = new VelocityContext(); + final Iterator> interator = params.entrySet().iterator(); + while (interator.hasNext()) { + final Entry el = interator.next(); + context.put(el.getKey(), el.getValue()); + + } + final StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, "BKUSelection_preview", + new BufferedReader(new InputStreamReader(input))); + stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + + } else { + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + + } + + } catch (final Exception e) { + log.warn("BKUSelection Preview can not be generated.", e); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); - public void setPvp2OA(OAPVP2Config pvp2oa) { - formList.put(pvp2oa.getName(), pvp2oa); } - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } + if (stream == null && MiscUtil.isNotEmpty(preview)) { + try { + stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); + + } catch (final UnsupportedEncodingException e) { + e.printStackTrace(); + + } + } + return Constants.STRUTS_SUCCESS; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + public OAGeneralConfig getGeneralOA() { + return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + public OAPVP2Config getPvp2OA() { + return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 8e057db0f..0992d7f1a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -30,7 +30,6 @@ import java.util.Map; import java.util.Set; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; @@ -76,164 +75,160 @@ import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class EditGeneralConfigAction extends BasicAction { - - private static final Logger log = Logger.getLogger(EditGeneralConfigAction.class); - private static final long serialVersionUID = 1L; - - private GeneralMOAIDConfig moaconfig; - private GeneralStorkConfig storkconfig; - - private String formID; - - public String loadConfig() { - try { - populateBasicInformations(); - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - - MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - - moaconfig = new GeneralMOAIDConfig(); - moaconfig.parse(dbconfig); - if (moaconfig == null) { - log.error("MOA configuration is null"); - } - if (moaconfig.isMoaidMode()) { - storkconfig = new GeneralStorkConfig(); - storkconfig.parse(dbconfig); - if (storkconfig == null) { - log.error("Stork configuration is null"); - } - } + private static final long serialVersionUID = 1L; + + private GeneralMOAIDConfig moaconfig; + private GeneralStorkConfig storkconfig; + + private String formID; + + public String loadConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + final MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); + + moaconfig = new GeneralMOAIDConfig(); + moaconfig.parse(dbconfig); + if (moaconfig == null) { + log.error("MOA configuration is null"); + } + + if (moaconfig.isMoaidMode()) { + storkconfig = new GeneralStorkConfig(); + storkconfig.parse(dbconfig); + if (storkconfig == null) { + log.error("Stork configuration is null"); + } + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String saveConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + boolean isMoaidMode = false; + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); + } + + if (authUser.isAdmin()) { + + final MOAConfigValidator validator = new MOAConfigValidator(); + + final List errors = validator.validate(moaconfig, request, isMoaidMode); + + if (isMoaidMode) { + errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); + } + + if (errors.size() > 0) { + log.info("General MOA-ID configuration has some errors."); + for (final String el : errors) { + addActionError(el); + } + + if (moaconfig.getSecLayerTransformation() != null) { + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (moaconfig.getSecLayerTransformation() == null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map) { + moaconfig.setSecLayerTransformation((Map) session.getAttribute( + Constants.SESSION_SLTRANSFORMATION)); + + } + } + + final String error = saveFormToDatabase(isMoaidMode); + if (error != null) { + log.warn("General MOA-ID config can not be stored in Database"); + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + addActionError(error); + return Constants.STRUTS_ERROR_VALIDATION; + } + + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null); + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request)); + return Constants.STRUTS_SUCCESS; + } + + public String back() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + return Constants.STRUTS_SUCCESS; + } - - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String saveConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - boolean isMoaidMode = false; - try { - isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); - } - - if (authUser.isAdmin()) { - - MOAConfigValidator validator = new MOAConfigValidator(); - - List errors = validator.validate(moaconfig, request, isMoaidMode); - - if (isMoaidMode) - errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); - - if (errors.size() > 0) { - log.info("General MOA-ID configuration has some errors."); - for (String el : errors) - addActionError(el); - - if (moaconfig.getSecLayerTransformation() != null) { - session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation()); - } - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - if (moaconfig.getSecLayerTransformation() == null && - session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null && - session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map ) { - moaconfig.setSecLayerTransformation((Map) - session.getAttribute(Constants.SESSION_SLTRANSFORMATION)); - - } - } - - String error = saveFormToDatabase(isMoaidMode); - if (error != null) { - log.warn("General MOA-ID config can not be stored in Database"); - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - addActionError(error); - return Constants.STRUTS_ERROR_VALIDATION; - } - - session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null); - - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - - addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request)); - return Constants.STRUTS_SUCCESS; - } - - public String back() { - try { - populateBasicInformations(); - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - return Constants.STRUTS_SUCCESS; - } - - private String saveFormToDatabase(boolean isMoaidMode) { - - log.debug("Saving form to database"); + private String saveFormToDatabase(boolean isMoaidMode) { + + log.debug("Saving form to database"); // log.error("Saving form to db"); // log.info("SV frm db"); @@ -244,630 +239,649 @@ public class EditGeneralConfigAction extends BasicAction { // log.error(" SES PARAM: " + obj.toString()); // } - try { - log.error(" ASSERTION " + moaconfig.getTimeoutAssertion()); - } catch (Exception ex) { - ex.printStackTrace(); - } - - MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - if (dbconfig == null) - dbconfig = new MOAIDConfiguration(); - - - AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); - if (dbauth == null) { - dbauth = new AuthComponentGeneral(); - dbconfig.setAuthComponentGeneral(dbauth); - } - - GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration(); - if (dbauthgeneral == null) { - dbauthgeneral = new GeneralConfiguration(); - dbauth.setGeneralConfiguration(dbauthgeneral); - } - + try { + log.error(" ASSERTION " + moaconfig.getTimeoutAssertion()); + } catch (final Exception ex) { + ex.printStackTrace(); + } + + MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); + if (dbconfig == null) { + dbconfig = new MOAIDConfiguration(); + } + + AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); + if (dbauth == null) { + dbauth = new AuthComponentGeneral(); + dbconfig.setAuthComponentGeneral(dbauth); + } + + GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration(); + if (dbauthgeneral == null) { + dbauthgeneral = new GeneralConfiguration(); + dbauth.setGeneralConfiguration(dbauthgeneral); + } + // GeneralConfiguration oldauthgeneral = null; // if (oldauth != null) // oldauthgeneral = oldauth.getGeneralConfiguration(); - - //set Public URL Prefix - String pubURLPrefix = moaconfig.getPublicURLPrefix(); - if (moaconfig.isVirtualPublicURLPrefixEnabled()) { - dbauthgeneral.setPublicURLPreFix( - KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); - - } else { - if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { - dbauthgeneral.setPublicURLPreFix( - pubURLPrefix.trim().substring(0, - pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); - - } else - dbauthgeneral.setPublicURLPreFix( - StringUtils.chomp(pubURLPrefix.trim())); - - } - - dbauthgeneral.setVirtualPublicURLPrefixEnabled( - moaconfig.isVirtualPublicURLPrefixEnabled()); - - + + // set Public URL Prefix + final String pubURLPrefix = moaconfig.getPublicURLPrefix(); + if (moaconfig.isVirtualPublicURLPrefixEnabled()) { + dbauthgeneral.setPublicURLPreFix( + KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); + + } else { + if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { + dbauthgeneral.setPublicURLPreFix( + pubURLPrefix.trim().substring(0, + pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); + + } else { + dbauthgeneral.setPublicURLPreFix( + StringUtils.chomp(pubURLPrefix.trim())); + } + + } + + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + moaconfig.isVirtualPublicURLPrefixEnabled()); + // if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) // dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); // else { // if (oldauthgeneral != null) // dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); // } - + // if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) // dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); - - TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); - if (dbtimeouts == null) { - dbtimeouts = new TimeOuts(); - dbauthgeneral.setTimeOuts(dbtimeouts); - } - if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) - dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION)); - else - dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion())); - - if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) - dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED)); - else - dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated())); - - if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) - dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED)); - else - dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated())); - - dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); - - - - Protocols dbprotocols = dbauth.getProtocols(); - if (dbprotocols == null) { - dbprotocols = new Protocols(); - dbauth.setProtocols(dbprotocols); - } - LegacyAllowed legprot = dbprotocols.getLegacyAllowed(); - if (legprot == null) { - legprot = new LegacyAllowed(); - dbprotocols.setLegacyAllowed(legprot); - } - - List el = legprot.getProtocolName(); - if (el == null) { - el = new ArrayList(); - legprot.setProtocolName(el); - - } - - //Workaround for DB cleaning is only needed for one or the releases (insert in 2.1.1) - if (el.size() > 2) - el.clear(); - - if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { - if (!moaconfig.isLegacy_pvp2()) - el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2); - - } else { - if (moaconfig.isLegacy_pvp2()) - el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); - } - - if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { - if (!moaconfig.isLegacy_saml1()) - el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1); - - } else { - if (moaconfig.isLegacy_saml1()) - el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); - } - - SAML1 saml1= dbprotocols.getSAML1(); - if (saml1 == null) { - saml1 = new SAML1(); - dbprotocols.setSAML1(saml1); - } - saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); - - if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { - saml1.setSourceID(moaconfig.getSaml1SourceID()); - - } else { - if (MiscUtil.isNotEmpty(saml1.getSourceID())) - saml1.setSourceID(moaconfig.getSaml1SourceID()); - - } - - - OAuth oauth= dbprotocols.getOAuth(); - if (oauth == null) { - oauth = new OAuth(); - dbprotocols.setOAuth(oauth); - } - - PVP2 pvp2 = dbprotocols.getPVP2(); - if (pvp2 == null) { - pvp2 = new PVP2(); - dbprotocols.setPVP2(pvp2); - } - - if (isMoaidMode) { - oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); - pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); - - } - - if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) - pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); + + TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); + if (dbtimeouts == null) { + dbtimeouts = new TimeOuts(); + dbauthgeneral.setTimeOuts(dbtimeouts); + } + if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) { + dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION)); + } else { + dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion())); + } + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) { + dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED)); + } else { + dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated())); + } + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) { + dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED)); + } else { + dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated())); + } + + dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); + + Protocols dbprotocols = dbauth.getProtocols(); + if (dbprotocols == null) { + dbprotocols = new Protocols(); + dbauth.setProtocols(dbprotocols); + } + LegacyAllowed legprot = dbprotocols.getLegacyAllowed(); + if (legprot == null) { + legprot = new LegacyAllowed(); + dbprotocols.setLegacyAllowed(legprot); + } + + List el = legprot.getProtocolName(); + if (el == null) { + el = new ArrayList<>(); + legprot.setProtocolName(el); + + } + + // Workaround for DB cleaning is only needed for one or the releases (insert in + // 2.1.1) + if (el.size() > 2) { + el.clear(); + } + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { + if (!moaconfig.isLegacy_pvp2()) { + el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2); + } + + } else { + if (moaconfig.isLegacy_pvp2()) { + el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); + } + } + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { + if (!moaconfig.isLegacy_saml1()) { + el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1); + } + + } else { + if (moaconfig.isLegacy_saml1()) { + el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); + } + } + + SAML1 saml1 = dbprotocols.getSAML1(); + if (saml1 == null) { + saml1 = new SAML1(); + dbprotocols.setSAML1(saml1); + } + saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + + if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + + } else { + if (MiscUtil.isNotEmpty(saml1.getSourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + } + + } + + OAuth oauth = dbprotocols.getOAuth(); + if (oauth == null) { + oauth = new OAuth(); + dbprotocols.setOAuth(oauth); + } + + PVP2 pvp2 = dbprotocols.getPVP2(); + if (pvp2 == null) { + pvp2 = new PVP2(); + dbprotocols.setPVP2(pvp2); + } + + if (isMoaidMode) { + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + + } + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) { + pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); // if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) // pvp2.setPublicURLPrefix(moaconfig.getPvp2PublicUrlPrefix()); - - Organization pvp2org = pvp2.getOrganization(); - if (pvp2org == null) { - pvp2org = new Organization(); - pvp2.setOrganization(pvp2org); - } - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) - pvp2org.setDisplayName(StringHelper.getUTF8String( - moaconfig.getPvp2OrgDisplayName())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) - pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) - pvp2org.setURL(moaconfig.getPvp2OrgURL()); - - List pvp2cont = pvp2.getContact(); - if (pvp2cont == null) { - pvp2cont = new ArrayList(); - pvp2.setContact(pvp2cont); - } - - if (pvp2cont.size() == 0) { - Contact cont = new Contact(); - pvp2cont.add(cont); - } - - Contact cont = pvp2cont.get(0); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) - cont.setCompany(StringHelper.getUTF8String( - moaconfig.getPvp2Contact().getCompany())); - - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) - cont.setGivenName(StringHelper.getUTF8String( - moaconfig.getPvp2Contact().getGivenname())); - - if (cont.getMail() != null && cont.getMail().size() > 0) - cont.getMail().set(0, moaconfig.getPvp2Contact().getMail()); - else - cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); - - if (cont.getPhone() != null && cont.getPhone().size() > 0) - cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone()); - else - cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); - - cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) - cont.setType(moaconfig.getPvp2Contact().getType()); - - - ChainingModes dbchainingmodes = dbconfig.getChainingModes(); - if (dbchainingmodes == null) { - dbchainingmodes = new ChainingModes(); - dbconfig.setChainingModes(dbchainingmodes); - } - - dbchainingmodes.setSystemDefaultMode( - ChainingModeType.fromValue("pkix")); - - - if (isMoaidMode) { - SSO dbsso = dbauth.getSSO(); - if (dbsso == null) { - dbsso = new SSO(); - dbauth.setSSO(dbsso); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) - dbsso.setFriendlyName(StringHelper.getUTF8String( - moaconfig.getSsoFriendlyName())); - if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) - dbsso.setSpecialText(StringHelper.getUTF8String( - moaconfig.getSsoSpecialText())); - // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) - // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); - - if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { - - if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { - String num = moaconfig.getSsoTarget().replaceAll(" ", ""); - String pre = null; - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - pre = Constants.IDENIFICATIONTYPE_FN; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - pre = Constants.IDENIFICATIONTYPE_ZVR; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - pre = Constants.IDENIFICATIONTYPE_ERSB; - } - - dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); - - } else { - dbsso.setTarget(moaconfig.getSsoTarget()); - - } - } - // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { - // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); - // if (ssoid == null) { - // ssoid = new IdentificationNumber(); - // dbsso.setIdentificationNumber(ssoid); - // } - // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); - // } - - DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); - - if (dbbkus == null) { - dbbkus = new DefaultBKUs(); - dbconfig.setDefaultBKUs(dbbkus); - } - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) - dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); - else - dbbkus.setHandyBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) - dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); - else - dbbkus.setOnlineBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) - dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); - else - dbbkus.setLocalBKU(new String()); - - - - IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); - if (idlsigners == null) { - idlsigners = new IdentityLinkSigners(); - dbauth.setIdentityLinkSigners(idlsigners); - } - - ForeignIdentities dbforeign = dbauth.getForeignIdentities(); - if (dbforeign == null) { - dbforeign = new ForeignIdentities(); - dbauth.setForeignIdentities(dbforeign); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { - ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); - if (forcon == null) { - forcon = new ConnectionParameterClientAuthType(); - dbforeign.setConnectionParameter(forcon); - } - - if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) - forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); - - else { - if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) - forcon.setURL( - moaconfig.getSzrgwURL().trim().substring(0, - moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - forcon.setURL( - StringUtils.chomp(moaconfig.getSzrgwURL().trim())); - - } - - } - - ForeignIdentities foreign = dbauth.getForeignIdentities(); - if (foreign != null) { - STORK stork = foreign.getSTORK(); - if (stork == null) { - stork = new STORK(); - foreign.setSTORK(stork); - - } - - try { - log.error("QAAAA " + storkconfig.getDefaultQaa()); - stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); - - if (storkconfig.getAttributes() != null) { - List dbStorkAttr = new ArrayList(); - stork.setAttributes(dbStorkAttr); - - - for (StorkAttribute attr : storkconfig.getAttributes()) { - if (attr != null && MiscUtil.isNotEmpty(attr.getName())) - dbStorkAttr.add(attr); - - else - log.info("Remove null or empty STORK attribute"); - } - - } else - stork.setAttributes((List) (new ArrayList())); - - if (storkconfig.getCpepslist() != null) { - List dbStorkCPEPS = new ArrayList(); - stork.setCPEPS(dbStorkCPEPS); - - for (CPEPS cpeps : storkconfig.getCpepslist()) { - if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && - MiscUtil.isNotEmpty(cpeps.getCountryCode())) { - - if (cpeps.getCountryCode().equals("CC") && - cpeps.getURL().equals("http://")) - log.info("Remove dummy STORK CPEPS entry."); - - else - dbStorkCPEPS.add(cpeps); - - } else - log.info("Remove null or emtpy STORK CPEPS configuration"); - } - - } else - stork.setCPEPS((List) (new ArrayList())); - - } catch (Exception e) { - e.printStackTrace(); - - } - - try{ - log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); - log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); - - } catch (Exception ex) { - log.info("CPEPS LIST is null"); - - } - } - - //write MIS Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { - OnlineMandates dbmandate = dbauth.getOnlineMandates(); - if (dbmandate == null) { - dbmandate = new OnlineMandates(); - dbauth.setOnlineMandates(dbmandate); - } - ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); - - if (dbmandateconnection == null) { - dbmandateconnection = new ConnectionParameterClientAuthType(); - dbmandate.setConnectionParameter(dbmandateconnection); - } - - if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) - dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); - - else { - if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbmandateconnection.setURL( - moaconfig.getMandateURL().trim().substring(0, - moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbmandateconnection.setURL( - StringUtils.chomp(moaconfig.getMandateURL().trim())); - - } - } - - //write ELGA Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) - dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); - - else { - if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setElgaMandateServiceURLs( - moaconfig.getElgaMandateServiceURL().trim().substring(0, - moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbconfig.setElgaMandateServiceURLs( - StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); - - } - } else - dbconfig.setElgaMandateServiceURLs(null); - } - - - //write E-ID System URLs - if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) - dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getEidSystemServiceURL())); - - else { - if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setEidSystemServiceURLs( - moaconfig.getEidSystemServiceURL().trim().substring(0, - moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbconfig.setEidSystemServiceURLs( - StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); - - } - - } else - dbconfig.setEidSystemServiceURLs(null); - - - if (isMoaidMode) { - MOASP dbmoasp = dbauth.getMOASP(); - if (dbmoasp == null) { - dbmoasp = new MOASP(); - dbauth.setMOASP(dbmoasp); - } - if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { - ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); - if (moaspcon == null) { - moaspcon = new ConnectionParameterClientAuthType(); - dbmoasp.setConnectionParameter(moaspcon); - } - moaspcon.setURL(moaconfig.getMoaspssURL()); - } - VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); - if (moaidl == null) { - moaidl = new VerifyIdentityLink(); - dbmoasp.setVerifyIdentityLink(moaidl); - } - moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); - moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); - - VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); - if (moaauth == null) { - moaauth = new VerifyAuthBlock(); - dbmoasp.setVerifyAuthBlock(moaauth); - } - moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); - moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); - - if (moaauth.getVerifyTransformsInfoProfileID() != null && - moaauth.getVerifyTransformsInfoProfileID().size() > 0) - moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); - - else { - if (moaauth.getVerifyTransformsInfoProfileID() == null) { - moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); - - } - moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); - } - - SecurityLayer seclayertrans = dbauth.getSecurityLayer(); - if (seclayertrans == null) { - seclayertrans = new SecurityLayer(); - dbauth.setSecurityLayer(seclayertrans); - } - List trans = new ArrayList(); - Map moatrans = moaconfig.getSecLayerTransformation(); - if (moatrans != null) { - Set keys = moatrans.keySet(); - for (String key : keys) { - TransformsInfoType elem = new TransformsInfoType(); - elem.setFilename(key); - elem.setTransformation(moatrans.get(key)); - trans.add(elem); - } - } - if (trans.size() > 0) - seclayertrans.setTransformsInfo(trans); - - - SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); - if (slrequesttempl == null) { - slrequesttempl = new SLRequestTemplates(); - dbconfig.setSLRequestTemplates(slrequesttempl); - } - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) - slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) - slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) - slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); - - } - - if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) - dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); - - //save config - try { - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - configuration.getConfigModule().storeChanges(keyValueConfig, null, null); - - log.info("General MOA-ID Key/Value configuration successfull stored."); - - - } catch (ConfigurationStorageException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - - } finally { - - - } - - return null; - } - - /** - * @return the moaconfig - */ - public GeneralMOAIDConfig getMoaconfig() { - return moaconfig; - } - - /** - * @param moaconfig the moaconfig to set - */ - public void setMoaconfig(GeneralMOAIDConfig moaconfig) { - this.moaconfig = moaconfig; - } - - /** - * Gets the storkconfig. - * - * @return the storkconfig - */ - public GeneralStorkConfig getStorkconfig() { - return storkconfig; - } - - /** - * Sets the storkconfig. - * - * @param storkconfig the new storkconfig - */ - public void setStorkconfig(GeneralStorkConfig storkconfig) { - this.storkconfig = storkconfig; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - - + } + + Organization pvp2org = pvp2.getOrganization(); + if (pvp2org == null) { + pvp2org = new Organization(); + pvp2.setOrganization(pvp2org); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) { + pvp2org.setDisplayName(StringHelper.getUTF8String( + moaconfig.getPvp2OrgDisplayName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) { + pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) { + pvp2org.setURL(moaconfig.getPvp2OrgURL()); + } + + List pvp2cont = pvp2.getContact(); + if (pvp2cont == null) { + pvp2cont = new ArrayList<>(); + pvp2.setContact(pvp2cont); + } + + if (pvp2cont.size() == 0) { + final Contact cont = new Contact(); + pvp2cont.add(cont); + } + + final Contact cont = pvp2cont.get(0); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) { + cont.setCompany(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getCompany())); + } + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) { + cont.setGivenName(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getGivenname())); + } + + if (cont.getMail() != null && cont.getMail().size() > 0) { + cont.getMail().set(0, moaconfig.getPvp2Contact().getMail()); + } else { + cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); + } + + if (cont.getPhone() != null && cont.getPhone().size() > 0) { + cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone()); + } else { + cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); + } + + cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname())); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) { + cont.setType(moaconfig.getPvp2Contact().getType()); + } + + ChainingModes dbchainingmodes = dbconfig.getChainingModes(); + if (dbchainingmodes == null) { + dbchainingmodes = new ChainingModes(); + dbconfig.setChainingModes(dbchainingmodes); + } + + dbchainingmodes.setSystemDefaultMode( + ChainingModeType.fromValue("pkix")); + + if (isMoaidMode) { + SSO dbsso = dbauth.getSSO(); + if (dbsso == null) { + dbsso = new SSO(); + dbauth.setSSO(dbsso); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) { + dbsso.setFriendlyName(StringHelper.getUTF8String( + moaconfig.getSsoFriendlyName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) { + dbsso.setSpecialText(StringHelper.getUTF8String( + moaconfig.getSsoSpecialText())); + // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) + // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { + + if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { + String num = moaconfig.getSsoTarget().replaceAll(" ", ""); + String pre = null; + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = Constants.IDENIFICATIONTYPE_FN; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + pre = Constants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + pre = Constants.IDENIFICATIONTYPE_ERSB; + } + + dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); + + } else { + dbsso.setTarget(moaconfig.getSsoTarget()); + + } + } + // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { + // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); + // if (ssoid == null) { + // ssoid = new IdentificationNumber(); + // dbsso.setIdentificationNumber(ssoid); + // } + // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); + // } + + DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); + + if (dbbkus == null) { + dbbkus = new DefaultBKUs(); + dbconfig.setDefaultBKUs(dbbkus); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) { + dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); + } else { + dbbkus.setHandyBKU(new String()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) { + dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); + } else { + dbbkus.setOnlineBKU(new String()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) { + dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); + } else { + dbbkus.setLocalBKU(new String()); + } + + IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); + if (idlsigners == null) { + idlsigners = new IdentityLinkSigners(); + dbauth.setIdentityLinkSigners(idlsigners); + } + + ForeignIdentities dbforeign = dbauth.getForeignIdentities(); + if (dbforeign == null) { + dbforeign = new ForeignIdentities(); + dbauth.setForeignIdentities(dbforeign); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { + ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); + if (forcon == null) { + forcon = new ConnectionParameterClientAuthType(); + dbforeign.setConnectionParameter(forcon); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) { + forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); + } else { + if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) { + forcon.setURL( + moaconfig.getSzrgwURL().trim().substring(0, + moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + forcon.setURL( + StringUtils.chomp(moaconfig.getSzrgwURL().trim())); + } + + } + + } + + final ForeignIdentities foreign = dbauth.getForeignIdentities(); + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork == null) { + stork = new STORK(); + foreign.setSTORK(stork); + + } + + try { + log.error("QAAAA " + storkconfig.getDefaultQaa()); + stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); + + if (storkconfig.getAttributes() != null) { + final List dbStorkAttr = new ArrayList<>(); + stork.setAttributes(dbStorkAttr); + + for (final StorkAttribute attr : storkconfig.getAttributes()) { + if (attr != null && MiscUtil.isNotEmpty(attr.getName())) { + dbStorkAttr.add(attr); + } else { + log.info("Remove null or empty STORK attribute"); + } + } + + } else { + stork.setAttributes(new ArrayList()); + } + + if (storkconfig.getCpepslist() != null) { + final List dbStorkCPEPS = new ArrayList<>(); + stork.setCPEPS(dbStorkCPEPS); + + for (final CPEPS cpeps : storkconfig.getCpepslist()) { + if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && + MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + + if (cpeps.getCountryCode().equals("CC") && + cpeps.getURL().equals("http://")) { + log.info("Remove dummy STORK CPEPS entry."); + } else { + dbStorkCPEPS.add(cpeps); + } + + } else { + log.info("Remove null or emtpy STORK CPEPS configuration"); + } + } + + } else { + stork.setCPEPS(new ArrayList()); + } + + } catch (final Exception e) { + e.printStackTrace(); + + } + + try { + log.info("CPEPS LIST: " + storkconfig.getCpepslist().size()); + log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() + storkconfig + .getCpepslist().get(0).getURL()); + + } catch (final Exception ex) { + log.info("CPEPS LIST is null"); + + } + } + + // write MIS Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { + OnlineMandates dbmandate = dbauth.getOnlineMandates(); + if (dbmandate == null) { + dbmandate = new OnlineMandates(); + dbauth.setOnlineMandates(dbmandate); + } + ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); + + if (dbmandateconnection == null) { + dbmandateconnection = new ConnectionParameterClientAuthType(); + dbmandate.setConnectionParameter(dbmandateconnection); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) { + dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); + } else { + if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbmandateconnection.setURL( + moaconfig.getMandateURL().trim().substring(0, + moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbmandateconnection.setURL( + StringUtils.chomp(moaconfig.getMandateURL().trim())); + } + + } + } + + // write ELGA Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) { + dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig + .getElgaMandateServiceURL())); + } else { + if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbconfig.setElgaMandateServiceURLs( + moaconfig.getElgaMandateServiceURL().trim().substring(0, + moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbconfig.setElgaMandateServiceURLs( + StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + } + + } + } else { + dbconfig.setElgaMandateServiceURLs(null); + } + } + + // write E-ID System URLs + if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) { + dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig + .getEidSystemServiceURL())); + } else { + if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbconfig.setEidSystemServiceURLs( + moaconfig.getEidSystemServiceURL().trim().substring(0, + moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbconfig.setEidSystemServiceURLs( + StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); + } + + } + + } else { + dbconfig.setEidSystemServiceURLs(null); + } + + if (isMoaidMode) { + MOASP dbmoasp = dbauth.getMOASP(); + if (dbmoasp == null) { + dbmoasp = new MOASP(); + dbauth.setMOASP(dbmoasp); + } + if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { + ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); + if (moaspcon == null) { + moaspcon = new ConnectionParameterClientAuthType(); + dbmoasp.setConnectionParameter(moaspcon); + } + moaspcon.setURL(moaconfig.getMoaspssURL()); + } + VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); + if (moaidl == null) { + moaidl = new VerifyIdentityLink(); + dbmoasp.setVerifyIdentityLink(moaidl); + } + moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); + moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); + + VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); + if (moaauth == null) { + moaauth = new VerifyAuthBlock(); + dbmoasp.setVerifyAuthBlock(moaauth); + } + moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); + moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); + + if (moaauth.getVerifyTransformsInfoProfileID() != null && + moaauth.getVerifyTransformsInfoProfileID().size() > 0) { + moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); + } else { + if (moaauth.getVerifyTransformsInfoProfileID() == null) { + moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); + + } + moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); + } + + SecurityLayer seclayertrans = dbauth.getSecurityLayer(); + if (seclayertrans == null) { + seclayertrans = new SecurityLayer(); + dbauth.setSecurityLayer(seclayertrans); + } + final List trans = new ArrayList<>(); + final Map moatrans = moaconfig.getSecLayerTransformation(); + if (moatrans != null) { + final Set keys = moatrans.keySet(); + for (final String key : keys) { + final TransformsInfoType elem = new TransformsInfoType(); + elem.setFilename(key); + elem.setTransformation(moatrans.get(key)); + trans.add(elem); + } + } + if (trans.size() > 0) { + seclayertrans.setTransformsInfo(trans); + } + + SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); + if (slrequesttempl == null) { + slrequesttempl = new SLRequestTemplates(); + dbconfig.setSLRequestTemplates(slrequesttempl); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) { + slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) { + slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) { + slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); + } + + } + + if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) { + dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); + } + + // save config + try { + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + configuration.getConfigModule().storeChanges(keyValueConfig, null, null); + + log.info("General MOA-ID Key/Value configuration successfull stored."); + + } catch (final ConfigurationStorageException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + + } finally { + + } + + return null; + } + + /** + * @return the moaconfig + */ + public GeneralMOAIDConfig getMoaconfig() { + return moaconfig; + } + + /** + * @param moaconfig the moaconfig to set + */ + public void setMoaconfig(GeneralMOAIDConfig moaconfig) { + this.moaconfig = moaconfig; + } + + /** + * Gets the storkconfig. + * + * @return the storkconfig + */ + public GeneralStorkConfig getStorkconfig() { + return storkconfig; + } + + /** + * Sets the storkconfig. + * + * @param storkconfig the new storkconfig + */ + public void setStorkconfig(GeneralStorkConfig storkconfig) { + this.storkconfig = storkconfig; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 31126d14f..1ad6e7d6b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -27,8 +27,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -53,505 +51,512 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class EditOAAction extends BasicOAAction { - private final Logger log = Logger.getLogger(EditOAAction.class); - private static final long serialVersionUID = 1L; - - private String nextPage; - - public EditOAAction() { - super(); - - OATargetConfiguration oaTarget = new OATargetConfiguration(); - formList.put(oaTarget.getName(), oaTarget); - - OAAuthenticationData authOA = new OAAuthenticationData(); - formList.put(authOA.getName(), authOA); - - OASAML1Config saml1OA = new OASAML1Config(); - formList.put(saml1OA.getName(), saml1OA); - - if (isMoaidMode) { - OABPKEncryption bPKEncDec = new OABPKEncryption(); - formList.put(bPKEncDec.getName(), bPKEncDec); - - OASSOConfig ssoOA = new OASSOConfig(); - formList.put(ssoOA.getName(), ssoOA); - - OAPVP2Config pvp2OA = new OAPVP2Config(); - formList.put(pvp2OA.getName(), pvp2OA); - - OAOAuth20Config oauth20OA = new OAOAuth20Config(); - formList.put(oauth20OA.getName(), oauth20OA); - - OASTORKConfig storkOA = new OASTORKConfig(); - formList.put(storkOA.getName(), storkOA); - - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - formList.put(formOA.getName(), formOA); - - OARevisionsLogData revisOA = new OARevisionsLogData(); - formList.put(revisOA.getName(), revisOA); - } - - } - - // STRUTS actions - public String inital() { - try { - populateBasicInformations(); - - OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); - - if (onlineapplication == null) { - addActionError(LanguageHelper.getErrorString( - "errors.listOAs.noOA", request)); - return Constants.STRUTS_SUCCESS; - } - - List errors = new ArrayList(); - for (IOnlineApplicationData form : formList.values()) { - List error = form.parse(onlineapplication, authUser, - request); - if (error != null) - errors.addAll(error); - } - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - - setNewOA(false); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_OAID, oaid); - - return Constants.STRUTS_OA_EDIT; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String newOA() { - log.debug("insert new Online-Application"); - - try { - populateBasicInformations(); - - populateBasicNewOnlineApplicationInformation(); - - // prepare attribute helper list - ArrayList attributes = new ArrayList(); - - try { - for (StorkAttribute current : configuration.getDbRead() - .getMOAIDConfiguration().getAuthComponentGeneral() - .getForeignIdentities().getSTORK().getAttributes()) - attributes.add(new AttributeHelper(current)); - - - } catch (NullPointerException e) { - - } - - if (getStorkOA() != null) - getStorkOA().setHelperAttributes(attributes); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser - .getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null - && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString( - "error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - if (formList.get(new OAOAuth20Config().getName()) != null) - session.setAttribute( - Constants.SESSION_OAUTH20SECRET, - ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) - .getClientSecret()); - - if (getFormOA() != null) - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); - - - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - - return Constants.STRUTS_OA_EDIT; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String saveOA() { - - OnlineApplication onlineapplication = null; - - try { - populateBasicInformations(); - onlineapplication = preProcessSaveOnlineApplication(); - - List errors = new ArrayList(); - - // validate forms - for (IOnlineApplicationData form : formList.values()) - errors.addAll(form.validate(getGeneralOA(), authUser, request)); - - // Do not allow SSO in combination with special BKUSelection features - if (getSsoOA() != null && getSsoOA().isUseSSO() - && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() - .isShowMandateLoginButton())) { - log.warn("Special BKUSelection features can not be used in combination with SSO"); - errors.add(LanguageHelper.getErrorString( - "validation.general.bkuselection.specialfeatures.valid", - request)); - } - - if (errors.size() > 0) { - log.info("OAConfiguration with ID " - + getGeneralOA().getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - try { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true); - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - } - - } - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - if (onlineapplication.isIsAdminRequired()) { - int numoas = 0; - int numusers = 0; - - List openOAs = configuration.getDbRead() - .getAllNewOnlineApplications(); - if (openOAs != null) - numoas = openOAs.size(); - - List openUsers = configuration.getUserManagement().getAllNewUsers(); - if (openUsers != null) - numusers = openUsers.size(); - try { - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.success.admin", getGeneralOA() - .getIdentifier(), request)); - - if (numusers > 0 || numoas > 0) - MailHelper.sendAdminMail(numoas, numusers); - - } catch (ConfigurationException e) { - log.warn("Sending Mail to Admin failed.", e); - } - - } else - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.success", - getGeneralOA().getIdentifier(), request)); - - // remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String cancleAndBackOA() { - try { - populateBasicInformations(); - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), - request)); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String deleteOA() { - String oaidentifier = null; - try { - populateBasicInformations(); - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - oaidentifier = preProcessDeleteOnlineApplication(); - List onlineapplications = configuration.getDbRead() - .getOnlineApplications(oaidentifier); - - Long oaid = getOAIDFromSession(); - - OnlineApplication onlineapplication = null; - - if (onlineapplications != null && onlineapplications.size() > 1) { - log.info("Found more then one OA with PublicURLPrefix in configuration. " - + "Select OA with DB Id ..."); - - for (OnlineApplication oa : onlineapplications) { - if (oa.getHjid().equals(oaid)) { - if (onlineapplication == null) - onlineapplication = oa; - - else { - log.error("Found more then one OA with same PublicURLPrefix and same DBID."); - new BasicOAActionException( - "Found more then one OA with same PublicURLPrefix and same DBID.", - Constants.STRUTS_SUCCESS); - - } - } - } - - } else if (onlineapplications != null && onlineapplications.size() == 1) - onlineapplication = onlineapplications.get(0); - - request.getSession().setAttribute(Constants.SESSION_OAID, null); - + private static final long serialVersionUID = 1L; + + private String nextPage; + + public EditOAAction() { + super(); + + final OATargetConfiguration oaTarget = new OATargetConfiguration(); + formList.put(oaTarget.getName(), oaTarget); + + final OAAuthenticationData authOA = new OAAuthenticationData(); + formList.put(authOA.getName(), authOA); + + final OASAML1Config saml1OA = new OASAML1Config(); + formList.put(saml1OA.getName(), saml1OA); + + if (isMoaidMode) { + final OABPKEncryption bPKEncDec = new OABPKEncryption(); + formList.put(bPKEncDec.getName(), bPKEncDec); + + final OASSOConfig ssoOA = new OASSOConfig(); + formList.put(ssoOA.getName(), ssoOA); + + final OAPVP2Config pvp2OA = new OAPVP2Config(); + formList.put(pvp2OA.getName(), pvp2OA); + + final OAOAuth20Config oauth20OA = new OAOAuth20Config(); + formList.put(oauth20OA.getName(), oauth20OA); + + final OASTORKConfig storkOA = new OASTORKConfig(); + formList.put(storkOA.getName(), storkOA); + + final Map map = new HashMap<>(); + map.putAll(FormBuildUtils.getDefaultMap()); + final FormularCustomization formOA = new FormularCustomization(map); + formList.put(formOA.getName(), formOA); + + final OARevisionsLogData revisOA = new OARevisionsLogData(); + formList.put(revisOA.getName(), revisOA); + } + + } + + // STRUTS actions + public String inital() { + try { + populateBasicInformations(); + + final OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); + + if (onlineapplication == null) { + addActionError(LanguageHelper.getErrorString( + "errors.listOAs.noOA", request)); + return Constants.STRUTS_SUCCESS; + } + + final List errors = new ArrayList<>(); + for (final IOnlineApplicationData form : formList.values()) { + final List error = form.parse(onlineapplication, authUser, + request); + if (error != null) { + errors.addAll(error); + } + } + if (errors.size() > 0) { + for (final String el : errors) { + addActionError(el); + } + } + + setNewOA(false); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + + return Constants.STRUTS_OA_EDIT; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String newOA() { + log.debug("insert new Online-Application"); + + try { + populateBasicInformations(); + + populateBasicNewOnlineApplicationInformation(); + + // prepare attribute helper list + final ArrayList attributes = new ArrayList<>(); + + try { + for (final StorkAttribute current : configuration.getDbRead() + .getMOAIDConfiguration().getAuthComponentGeneral() + .getForeignIdentities().getSTORK().getAttributes()) { + attributes.add(new AttributeHelper(current)); + } + + } catch (final NullPointerException e) { + + } + + if (getStorkOA() != null) { + getStorkOA().setHelperAttributes(attributes); + } + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser + .getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null + && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString( + "error.editoa.mailverification", request)); + return Constants.STRUTS_SUCCESS; + } + + if (formList.get(new OAOAuth20Config().getName()) != null) { + session.setAttribute( + Constants.SESSION_OAUTH20SECRET, + ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) + .getClientSecret()); + } + + if (getFormOA() != null) { + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + } + + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + + return Constants.STRUTS_OA_EDIT; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String saveOA() { + + OnlineApplication onlineapplication = null; + + try { + populateBasicInformations(); + onlineapplication = preProcessSaveOnlineApplication(); + + final List errors = new ArrayList<>(); + + // validate forms + for (final IOnlineApplicationData form : formList.values()) { + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + } + + // Do not allow SSO in combination with special BKUSelection features + if (getSsoOA() != null && getSsoOA().isUseSSO() + && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() + .isShowMandateLoginButton())) { + log.warn("Special BKUSelection features can not be used in combination with SSO"); + errors.add(LanguageHelper.getErrorString( + "validation.general.bkuselection.specialfeatures.valid", + request)); + } + + if (errors.size() > 0) { + log.info("OAConfiguration with ID " + + getGeneralOA().getIdentifier() + " has some errors."); + for (final String el : errors) { + addActionError(el); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + try { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true); + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } + + } + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + if (onlineapplication.isIsAdminRequired()) { + int numoas = 0; + int numusers = 0; + + final List openOAs = configuration.getDbRead() + .getAllNewOnlineApplications(); + if (openOAs != null) { + numoas = openOAs.size(); + } + + final List openUsers = configuration.getUserManagement().getAllNewUsers(); + if (openUsers != null) { + numusers = openUsers.size(); + } + try { + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.success.admin", getGeneralOA() + .getIdentifier(), request)); + + if (numusers > 0 || numoas > 0) { + MailHelper.sendAdminMail(numoas, numusers); + } + + } catch (final ConfigurationException e) { + log.warn("Sending Mail to Admin failed.", e); + } + + } else { + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.success", + getGeneralOA().getIdentifier(), request)); + } + + // remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String cancleAndBackOA() { + try { + populateBasicInformations(); + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), + request)); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String deleteOA() { + String oaidentifier = null; + try { + populateBasicInformations(); + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + oaidentifier = preProcessDeleteOnlineApplication(); + final List onlineapplications = configuration.getDbRead() + .getOnlineApplications(oaidentifier); + + final Long oaid = getOAIDFromSession(); + + OnlineApplication onlineapplication = null; + + if (onlineapplications != null && onlineapplications.size() > 1) { + log.info("Found more then one OA with PublicURLPrefix in configuration. " + + "Select OA with DB Id ..."); + + for (final OnlineApplication oa : onlineapplications) { + if (oa.getHjid().equals(oaid)) { + if (onlineapplication == null) { + onlineapplication = oa; + } else { + log.error("Found more then one OA with same PublicURLPrefix and same DBID."); + new BasicOAActionException( + "Found more then one OA with same PublicURLPrefix and same DBID.", + Constants.STRUTS_SUCCESS); + + } + } + } + + } else if (onlineapplications != null && onlineapplications.size() == 1) { + onlineapplication = onlineapplications.get(0); + } + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + // try { // if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA() // .getOAPVP2().getMetadataURL())) { -// +// // MOAIDConfiguration moaconfig = configuration.getDbRead() // .getMOAIDConfiguration(); // moaconfig.setPvp2RefreshItem(new Date()); // ConfigurationDBUtils.saveOrUpdate(moaconfig); -// +// // } -// } catch (NullPointerException e) { +// } catch (NullPointerException e) { // log.debug("Found no MetadataURL in OA-Databaseconfig"); -// +// // } catch (Throwable e) { // log.info("Set metadata refresh flag FAILED.", e); // } - - if (onlineapplication != null && delete(onlineapplication)) { - - if (!authUser.isAdmin()) { - UserDatabase user = configuration.getUserManagement().getUserWithID(authUser - .getUserID()); - List useroas = user.getOnlineApplication(); - - for (String oa : useroas) { - if (oa.equals(onlineapplication.getHjid())) { - useroas.remove(oa); - } - } - - try { - configuration.getUserManagement().saveOrUpdate(user); - - } catch (MOADatabaseException e) { - log.warn("User information can not be updated in database", - e); - addActionError(LanguageHelper.getGUIString( - "error.db.oa.store", request)); - return Constants.STRUTS_ERROR; - } - } - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.delete.message", oaidentifier, request)); - - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getGUIString( - "webpages.oaconfig.delete.error", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - - } - - public OAAuthenticationData getAuthOA() { - return (OAAuthenticationData) formList.get(new OAAuthenticationData() - .getName()); - } - - public void setAuthOA(OAAuthenticationData generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - public OASAML1Config getSaml1OA() { - return (OASAML1Config) formList.get(new OASAML1Config().getName()); - } - - public void setSaml1OA(OASAML1Config saml1oa) { - formList.put(saml1oa.getName(), saml1oa); - } - - public OASSOConfig getSsoOA() { - return (OASSOConfig) formList.get(new OASSOConfig().getName()); - } - - public void setSsoOA(OASSOConfig ssoOA) { - formList.put(ssoOA.getName(), ssoOA); - } - - public OASTORKConfig getStorkOA() { - return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); - } - - public void setStorkOA(OASTORKConfig storkOA) { - formList.put(storkOA.getName(), storkOA); - } - - - public OARevisionsLogData getRevisionsLogOA() { - return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName()); - } - - public void setRevisionsLogOA(OARevisionsLogData storkOA) { - formList.put(storkOA.getName(), storkOA); - } - - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return (FormularCustomization) formList.get(new FormularCustomization( - null).getName()); - } - - /** - * @param formOA - * the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - formList.put(formOA.getName(), formOA); - } - - public OAOAuth20Config getOauth20OA() { - return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); - } - - public void setOauth20OA(OAOAuth20Config oauth20OA) { - formList.put(oauth20OA.getName(), oauth20OA); - } - - /** - * @return the formOA - */ - public OATargetConfiguration getTargetConfig() { - return (OATargetConfiguration) formList.get(new OATargetConfiguration() - .getName()); - } - - /** - * @param formOA - * the formOA to set - */ - public void setTargetConfig(OATargetConfiguration formOA) { - formList.put(formOA.getName(), formOA); - } - - /** - * @return the bPK encryption/decryption form - */ - public OABPKEncryption getBPKEncDecr() { - return (OABPKEncryption) formList.get(new OABPKEncryption().getName()); - } - - /** - * @param bPK encryption/decryption form - * the bPK encryption/decryption form to set - */ - public void setBPKEncDecr(OABPKEncryption formOA) { - formList.put(formOA.getName(), formOA); - } - + + if (onlineapplication != null && delete(onlineapplication)) { + + if (!authUser.isAdmin()) { + final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser + .getUserID()); + final List useroas = user.getOnlineApplication(); + + for (final String oa : useroas) { + if (oa.equals(onlineapplication.getHjid())) { + useroas.remove(oa); + } + } + + try { + configuration.getUserManagement().saveOrUpdate(user); + + } catch (final MOADatabaseException e) { + log.warn("User information can not be updated in database", + e); + addActionError(LanguageHelper.getGUIString( + "error.db.oa.store", request)); + return Constants.STRUTS_ERROR; + } + } + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.delete.message", oaidentifier, request)); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getGUIString( + "webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + + } + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData() + .getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + public OASAML1Config getSaml1OA() { + return (OASAML1Config) formList.get(new OASAML1Config().getName()); + } + + public void setSaml1OA(OASAML1Config saml1oa) { + formList.put(saml1oa.getName(), saml1oa); + } + + public OASSOConfig getSsoOA() { + return (OASSOConfig) formList.get(new OASSOConfig().getName()); + } + + public void setSsoOA(OASSOConfig ssoOA) { + formList.put(ssoOA.getName(), ssoOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + public OARevisionsLogData getRevisionsLogOA() { + return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName()); + } + + public void setRevisionsLogOA(OARevisionsLogData storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization( + null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OAOAuth20Config getOauth20OA() { + return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); + } + + public void setOauth20OA(OAOAuth20Config oauth20OA) { + formList.put(oauth20OA.getName(), oauth20OA); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration() + .getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the bPK encryption/decryption form + */ + public OABPKEncryption getBPKEncDecr() { + return (OABPKEncryption) formList.get(new OABPKEncryption().getName()); + } + + /** + * @param bPK encryption/decryption form the bPK encryption/decryption form to + * set + */ + public void setBPKEncDecr(OABPKEncryption formOA) { + formList.put(formOA.getName(), formOA); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java index e238c6d37..6a6cf1d27 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.LinkedHashMap; import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; -import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationConfig; /** @@ -35,22 +33,22 @@ import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationC */ public class IDPGatewayAction extends InterfederationIDPAction { - private static final long serialVersionUID = -2047128481980413334L; - - public IDPGatewayAction() { - super(); - formList.putAll(buildIDPGatewayFormList()); - } - - public static LinkedHashMap buildIDPGatewayFormList() { - - LinkedHashMap forms = - new LinkedHashMap(); - - PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig(); - forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig); - - return forms; - } + private static final long serialVersionUID = -2047128481980413334L; + + public IDPGatewayAction() { + super(); + formList.putAll(buildIDPGatewayFormList()); + } + + public static LinkedHashMap buildIDPGatewayFormList() { + + final LinkedHashMap forms = + new LinkedHashMap<>(); + + final PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig(); + forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig); + + return forms; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index d72505c0f..e2458a6a5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -38,7 +38,6 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; -import org.apache.log4j.Logger; import org.springframework.beans.BeansException; import at.gv.egiz.components.configuration.api.Configuration; @@ -52,472 +51,468 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class ImportExportAction extends BasicAction { - - private static final Logger log = Logger.getLogger(ImportExportAction.class); - private static final long serialVersionUID = 1L; - - private String formID; - private File fileUpload = null; - private String fileUploadContentType = null; - private String fileUploadFileName = null; - - private InputStream fileInputStream; - - public String init() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String importLegacyConfig() throws ConfigurationException { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - //load legacy config if it is configured - - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - Properties result = null; - - try { - log.warn("WARNING! The legacy import deletes the hole old config"); - - InputStream inStream = new FileInputStream(fileUpload); - // get config from xml file - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); - Unmarshaller m = jc.createUnmarshaller(); - MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); - - // serialize config to JSON properties - result = ConfigurationUtil.moaIdConfigToJsonProperties(config); - - if (result == null || result.isEmpty()) { - log.info("Legacy configuration has is empty"); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {"Empty Configuratiobn"}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - } catch (JAXBException | FileNotFoundException e) { - log.info("Legacy configuration has an Import Error", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - try { - //check if XML config should be use - log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - boolean isOverwriteData = true; - - List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); - - if (keys == null) { - log.info("Configuration is not readable."); - throw new MOADatabaseException("Configuration is not readable."); - } - - if (isOverwriteData) { - // remove existing entries - for (String key : keys) { - dbConfiguration.deleteIds(key); - } - } - - Enumeration propertyNames = result.propertyNames(); - - while (propertyNames.hasMoreElements()) { - String key = (String) propertyNames.nextElement(); - String json = result.getProperty(key); - - dbConfiguration.setStringValue(key, json); - } - - } catch (ConfigurationException | MOADatabaseException | at.gv.egiz.components.configuration.api.ConfigurationException e1) { - log.warn("General MOA-ID config can not be stored in Database", e1); - addActionError(e1.getMessage()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - finally { - - } - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - log.info("Legacy Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String downloadXMLConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - log.info("Write MOA-ID 3.x config"); - try { - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - Properties result = new Properties(); - String[] allConfigIDs = dbConfiguration.getConfigurationIds(); - for (String key : allConfigIDs) { - String value = dbConfiguration.getStringValue(key); - if (MiscUtil.isNotEmpty(value)) { - result.put(key, value); - log.debug("Put key: " + key + " with value: " + value + " to property file."); - - } else - log.info("Leave key: " + key + " Reason: Value is null or empty"); - - } - - - if (result.isEmpty()) { - log.info("No MOA-ID 3.x configruation available"); - addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - ByteArrayOutputStream output = new ByteArrayOutputStream(); - result.store(output, null); - fileInputStream = new ByteArrayInputStream(output.toByteArray()); - - } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) { - log.info("MOA-ID 3.x configruation could not be exported into file.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.export", - new Object[]{e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } catch (ConfigurationException | BeansException e) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - finally { - - } - - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - - public String importXMLConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - } - - log.info("Load configuration from MOA-ID 3.x XML configuration"); - - try { - - Properties inProperties = new Properties(); - inProperties.load(new FileInputStream(fileUpload)); - - //check if XML config should be use - log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - boolean isOverwriteData = true; - - List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); - - if (keys == null) { - log.info("Configuration is not readable."); - throw new MOADatabaseException("Configuration is not readable."); - } - - if (isOverwriteData) { - // remove existing entries - for (String key : keys) { - dbConfiguration.deleteIds(key); - } - } - - Enumeration propertyNames = inProperties.propertyNames(); - - while (propertyNames.hasMoreElements()) { - String key = (String) propertyNames.nextElement(); - String json = inProperties.getProperty(key); - - dbConfiguration.setStringValue(key, json); - } - - } catch (Exception e) { - log.warn("MOA-ID XML configuration can not be loaded from File.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.import", - new Object[]{e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - finally { - - } - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - log.info("XML Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - } - - /** - * @return the fileUpload - */ - public File getFileUpload() { - return fileUpload; - } - - - - /** - * @param fileUpload the fileUpload to set - */ - public void setFileUpload(File fileUpload) { - this.fileUpload = fileUpload; - } - - - - /** - * @return the fileUploadContentType - */ - public String getFileUploadContentType() { - return fileUploadContentType; - } - - - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(String fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - - - /** - * @return the fileUploadFileName - */ - public String getFileUploadFileName() { - return fileUploadFileName; - } - - - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(String fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - - public InputStream getFileInputStream() { - return fileInputStream; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - + + private static final long serialVersionUID = 1L; + + private String formID; + private File fileUpload = null; + private String fileUploadContentType = null; + private String fileUploadFileName = null; + + private InputStream fileInputStream; + + public String init() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String importLegacyConfig() throws ConfigurationException { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + // load legacy config if it is configured + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + Properties result = null; + + try { + log.warn("WARNING! The legacy import deletes the hole old config"); + + final InputStream inStream = new FileInputStream(fileUpload); + // get config from xml file + final JAXBContext jc = JAXBContext.newInstance( + "at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); + final Unmarshaller m = jc.createUnmarshaller(); + final MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); + + // serialize config to JSON properties + result = ConfigurationUtil.moaIdConfigToJsonProperties(config); + + if (result == null || result.isEmpty()) { + log.info("Legacy configuration has is empty"); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] { + "Empty Configuratiobn" }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + } catch (JAXBException | FileNotFoundException e) { + log.info("Legacy configuration has an Import Error", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] { e + .getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + try { + // check if XML config should be use + log.warn( + "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final boolean isOverwriteData = true; + + final List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); + + if (keys == null) { + log.info("Configuration is not readable."); + throw new MOADatabaseException("Configuration is not readable."); + } + + if (isOverwriteData) { + // remove existing entries + for (final String key : keys) { + dbConfiguration.deleteIds(key); + } + } + + final Enumeration propertyNames = result.propertyNames(); + + while (propertyNames.hasMoreElements()) { + final String key = (String) propertyNames.nextElement(); + final String json = result.getProperty(key); + + dbConfiguration.setStringValue(key, json); + } + + } catch (ConfigurationException | MOADatabaseException + | at.gv.egiz.components.configuration.api.ConfigurationException e1) { + log.warn("General MOA-ID config can not be stored in Database", e1); + addActionError(e1.getMessage()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + log.info("Legacy Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String downloadXMLConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + log.info("Write MOA-ID 3.x config"); + try { + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final Properties result = new Properties(); + final String[] allConfigIDs = dbConfiguration.getConfigurationIds(); + for (final String key : allConfigIDs) { + final String value = dbConfiguration.getStringValue(key); + if (MiscUtil.isNotEmpty(value)) { + result.put(key, value); + log.debug("Put key: " + key + " with value: " + value + " to property file."); + + } else { + log.info("Leave key: " + key + " Reason: Value is null or empty"); + } + + } + + if (result.isEmpty()) { + log.info("No MOA-ID 3.x configruation available"); + addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + final ByteArrayOutputStream output = new ByteArrayOutputStream(); + result.store(output, null); + fileInputStream = new ByteArrayInputStream(output.toByteArray()); + + } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) { + log.info("MOA-ID 3.x configruation could not be exported into file.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.export", + new Object[] { e.getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } catch (ConfigurationException | BeansException e) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String importXMLConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + } + + log.info("Load configuration from MOA-ID 3.x XML configuration"); + + try { + + final Properties inProperties = new Properties(); + inProperties.load(new FileInputStream(fileUpload)); + + // check if XML config should be use + log.warn( + "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final boolean isOverwriteData = true; + + final List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); + + if (keys == null) { + log.info("Configuration is not readable."); + throw new MOADatabaseException("Configuration is not readable."); + } + + if (isOverwriteData) { + // remove existing entries + for (final String key : keys) { + dbConfiguration.deleteIds(key); + } + } + + final Enumeration propertyNames = inProperties.propertyNames(); + + while (propertyNames.hasMoreElements()) { + final String key = (String) propertyNames.nextElement(); + final String json = inProperties.getProperty(key); + + dbConfiguration.setStringValue(key, json); + } + + } catch (final Exception e) { + log.warn("MOA-ID XML configuration can not be loaded from File.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.import", + new Object[] { e.getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + log.info("XML Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } + + /** + * @return the fileUpload + */ + public File getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + public InputStream getFileInputStream() { + return fileInputStream; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 6f9d233b1..666785e24 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringEscapeUtils; -import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -78,817 +77,837 @@ import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class IndexAction extends BasicAction { - - /** - * @throws ConfigurationException - */ - - private static final long serialVersionUID = -2781497863862504896L; - - private static final Logger log = Logger.getLogger(IndexAction.class); - - private String password; - private String username; - private UserDatabaseFrom user = null; - private String formID; - - private String ssologouturl; - - private boolean pvp2LoginActiv = false; - - public IndexAction() throws BasicActionException { - super(); - } - - public String start() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - if (session.getAttribute(Constants.SESSION_I18n) == null) - session.setAttribute(Constants.SESSION_I18n, - Locale.forLanguageTag(configuration.getDefaultLanguage())); - - if (configuration.isLoginDeaktivated()) { - return "loginWithOutAuth"; - - } else { - return Constants.STRUTS_SUCCESS; - - } - } - - public String authenticate() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - String key = null; - - if (MiscUtil.isNotEmpty(username)) { - if (ValidationHelper.containsNotValidCharacter(username, false)) { - log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username)); - addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("Username is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - return Constants.STRUTS_ERROR; - } - - if (MiscUtil.isEmpty(password)) { - log.warn("Password is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - return Constants.STRUTS_ERROR; - - } else { - key = AuthenticationHelper.generateKeyFormPassword(password); - if (key == null) { - addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); - return Constants.STRUTS_ERROR; - } - } - - - UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username); - if (dbuser == null) { - log.warn("Unknown Username"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - - } else { - //TODO: maybe remove this default value in a later version - if (dbuser.isIsUsernamePasswordAllowed() == null) - dbuser.setIsUsernamePasswordAllowed(true); - - if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { - log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " is not active or Username/Password login is not allowed"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - if (!dbuser.getPassword().equals(key)) { - log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - //TODO: maybe remove this default value in a later version - boolean ismandateuser = false; - if (dbuser.isIsMandateUser() != null) - ismandateuser = dbuser.isIsMandateUser(); - - int sessionTimeOut = session.getMaxInactiveInterval(); - Date sessionExpired = new Date(new Date().getTime() + - (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); - - AuthenticatedUser authuser = new AuthenticatedUser(dbuser, - true, - ismandateuser, - false, - dbuser.getHjid()+"dbID", - "username/password", - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authuser); - - Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - if (date != null) - authuser.setLastLogin(date);; - - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - } catch (MOADatabaseException e) { - log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - finally { - } - - HttpSession session = generateNewJSession(request); - session.setAttribute(Constants.SESSION_AUTH, authuser); - - return Constants.STRUTS_SUCCESS; - } - } - - public String pvp2login() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String method = request.getMethod(); - if (session == null) { - log.info("NO HTTP Session"); - return Constants.STRUTS_ERROR; - } - - String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); - session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); - - if (method.equals("POST")) { - - try { - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - //Decode with HttpPost Binding - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); - decode.decode(messageContext); - - Response samlResponse = (Response) messageContext.getInboundMessage(); - - //ckeck InResponseTo matchs requestID - if (MiscUtil.isEmpty(authID)) { - log.info("NO AuthRequestID"); - return Constants.STRUTS_ERROR; - } - - if (!authID.equals(samlResponse.getInResponseTo())) { - log.warn("PVPRequestID does not match PVP2 Assertion ID!"); - return Constants.STRUTS_ERROR; - - } - - //check response destination - String serviceURL = configuration.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = samlResponse.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { - log.warn("PVPResponse destination does not match requested destination"); - return Constants.STRUTS_ERROR; - } - - //check if response is signed - Signature sign = samlResponse.getSignature(); - if (sign == null) { - log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - - //validate signature - PVP2Utils.validateSignature(samlResponse, configuration); - - log.info("PVP2 Assertion is valid"); - - if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - List saml2assertions = new ArrayList(); - - //check encrypted Assertion - List encryAssertionList = samlResponse.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - log.debug("Found encryped assertion. Start decryption ..."); - - KeyStore keyStore = configuration.getPVP2KeyStore(); - - X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( - keyStore, - configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(authDecCredential); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } - - log.debug("Assertion decryption finished. "); - - } else { - saml2assertions = samlResponse.getAssertions(); - - } - - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - Conditions conditions = saml2assertion.getConditions(); - DateTime notbefore = conditions.getNotBefore(); - DateTime notafter = conditions.getNotOnOrAfter(); - if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { - log.warn("PVP2 Assertion is out of Date"); - return Constants.STRUTS_ERROR; - - } - - Subject subject = saml2assertion.getSubject(); - if (subject == null) { - log.warn("Assertion has no Subject element"); - return Constants.STRUTS_ERROR; - - } - - NameID nameID = subject.getNameID(); - if (nameID == null) { - log.warn("No NameID element in PVP2 assertion!"); - return Constants.STRUTS_ERROR; - } - - String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); - - int sessionTimeOut = session.getMaxInactiveInterval(); - Date sessionExpired = new Date(new Date().getTime() + - (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); - - //search user - UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk); - if (dbuser == null) { - log.info("No user found with bpk/wbpk " + bpkwbpk); - - //read PVP2 assertion attributes; - user = new UserDatabaseFrom(); - user.setActive(false); - user.setAdmin(false); - user.setBpk(bpkwbpk); - user.setIsusernamepasswordallowed(false); - user.setIsmandateuser(false); - user.setPVPGenerated(true); - - //loop through the nodes to get what we want - List attributeStatements = saml2assertion.getAttributeStatements(); - for (int i = 0; i < attributeStatements.size(); i++) - { - List attributes = attributeStatements.get(i).getAttributes(); - for (int x = 0; x < attributes.size(); x++) - { - String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); - - if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) { - user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) { - user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) { - user.setIsmandateuser(true); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) { - user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - } - } - - //create AuthUser data element - authUser = AuthenticatedUser.generateUserRequestUser(user, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - //set Random value - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_FORM, user); - session.setAttribute(Constants.SESSION_AUTH, authUser); - - - return Constants.STRUTS_NEWUSER; - - } else { - if (!dbuser.isIsActive()) { - - if (!dbuser.isIsMailAddressVerified()) { - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - user = new UserDatabaseFrom(dbuser); - authUser = new AuthenticatedUser(dbuser, - false, - dbuser.isIsMandateUser(), - true, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - session.setAttribute(Constants.SESSION_FORM, user); - session.setAttribute(Constants.SESSION_AUTH, authUser); - - return Constants.STRUTS_NEWUSER; - - } - - log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); - addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request)); - return Constants.STRUTS_ERROR; - } - - //TODO: maybe remove this default value in a later version - boolean ismandateuser = false; - if (dbuser.isIsMandateUser() != null) - ismandateuser = dbuser.isIsMandateUser(); - - authUser = new AuthenticatedUser(dbuser, true, - ismandateuser, - true, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - if (date != null) - authUser.setLastLogin(date);; - - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - } catch (MOADatabaseException e) { - log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - finally { - } - - HttpSession newsession = generateNewJSession(request); - newsession.setAttribute(Constants.SESSION_AUTH, authUser); - return Constants.STRUTS_SUCCESS; - - } - } - - log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - - } else { - log.info("Receive Error Assertion."); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - - } catch (Exception e) { - log.warn("An internal error occurs.", e); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - } - - } else { - log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - } - } - - public String requestNewUser() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (session == null) { - log.warn("No active Session found"); - return Constants.STRUTS_ERROR; - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); - if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { - UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - authUser = (AuthenticatedUser) authUserObj; - - if (user == null) { - log.warn("No form transmited"); - return Constants.STRUTS_ERROR; - } - - //get UserID - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - String check; - if (!sessionform.isIsmandateuser()) { - check = user.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Organisation is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); - } - } - - check = user.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Mailaddress is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); - } - - check = user.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validatePhoneNumber(check)) { - log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Phonenumber is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); - } - - if (hasActionErrors()) { - log.info("Some form errors found. Send user back to form"); - - user.setPVPGenerated(true); - user.setFamilyName(sessionform.getFamilyName()); - user.setGivenName(sessionform.getGivenName()); - user.setIsmandateuser(sessionform.isIsmandateuser()); - user.setBpk(sessionform.getBpk()); - - if (sessionform.isIsmandateuser()) - user.setInstitut(sessionform.getInstitut()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_NEWUSER; - } - - UserDatabase dbuser; - - if (userID < 0) { - dbuser = new UserDatabase(); - dbuser.setBpk(sessionform.getBpk()); - dbuser.setFamilyname(sessionform.getFamilyName()); - dbuser.setGivenname(sessionform.getGivenName()); - - if (sessionform.isIsmandateuser()) - dbuser.setInstitut(sessionform.getInstitut()); - else - dbuser.setInstitut(user.getInstitut()); - - dbuser.setIsPVP2Generated(true); - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - dbuser.setIsActive(false); - dbuser.setIsAdmin(false); - dbuser.setIsMandateUser(sessionform.isIsmandateuser()); - dbuser.setIsUsernamePasswordAllowed(false); - - } else - dbuser = configuration.getUserManagement().getUserWithID(userID); - - dbuser.setMail(user.getMail()); - dbuser.setPhone(user.getPhone()); - dbuser.setIsAdminRequest(true); - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - MailHelper.sendUserMailAddressVerification(dbuser); - - } catch (MOADatabaseException e) { - log.warn("New UserRequest can not be stored in database", e); - return Constants.STRUTS_ERROR; - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send", request)); - return Constants.STRUTS_NEWUSER; - } - - finally { - session.setAttribute(Constants.SESSION_FORM, null); - session.setAttribute(Constants.SESSION_AUTH, null); - } - - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); - - session.invalidate(); - - return Constants.STRUTS_SUCCESS; - - } else { - log.warn("No SessionForm found"); - return Constants.STRUTS_ERROR; - } - - } - - public String mailAddressVerification() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); - if (MiscUtil.isNotEmpty(userrequesttokken)) { - - userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); - - try { - Long.parseLong(userrequesttokken); - - } catch (NumberFormatException e) { - log.warn("Verificationtokken has no number format."); - return Constants.STRUTS_ERROR; - } - - UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken); - if (dbuser != null) { - dbuser.setUserRequestTokken(null); - dbuser.setIsMailAddressVerified(true); - - if (dbuser.isIsActive()) - dbuser.setIsAdminRequest(false); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - int numoas = 0; - int numusers = 0; - - List openOAs = configuration.getDbRead().getAllNewOnlineApplications(); - if (openOAs != null) - numoas = openOAs.size(); - - List openUsers = configuration.getUserManagement().getAllNewUsers(); - if (openUsers != null) - numusers = openUsers.size(); - - if (numusers > 0 || numoas > 0) - MailHelper.sendAdminMail(numoas, numusers); - - } catch (MOADatabaseException e) { - log.warn("Userinformation can not be stored in Database.", e); - addActionError(LanguageHelper.getErrorString("error.mail.verification", request)); - - } catch (ConfigurationException e) { - log.warn("Send mail to admin failed.", e); - } - - finally { - } - - addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request)); - return Constants.STRUTS_SUCCESS; - } - } - - return Constants.STRUTS_ERROR; - } - - public String logout() { - HttpSession session = request.getSession(false); - - if (session != null) { - if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOSUCCESS))) - addActionMessage((String)session.getAttribute(Constants.SESSION_SLOSUCCESS)); - - if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOERROR))) - addActionError((String)session.getAttribute(Constants.SESSION_SLOERROR)); - - session.invalidate(); - - } - - return Constants.STRUTS_SUCCESS; - } - - private HttpSession generateNewJSession(HttpServletRequest request) { - HttpSession session = request.getSession(false); - - if (session != null) { - - HashMap attributes = new HashMap(); - - Enumeration enames = session.getAttributeNames(); - while (enames.hasMoreElements()) { - String name = enames.nextElement(); - if (!name.equals("JSESSIONID")) - attributes.put(name, session.getAttribute( name)); - } - session.invalidate(); - - session = request.getSession(true); - for (Entry et : attributes.entrySet()) - session.setAttribute( et.getKey(), et.getValue()); - - } else - session = request.getSession(true); - - return session; - } - - /** - * @return the password - */ - public String getPassword() { - return password; - } - - /** - * @param password the password to set - */ - public void setPassword(String password) { - this.password = password; - } - - /** - * @return the username - */ - public String getUsername() { - return username; - } - - /** - * @param username the username to set - */ - public void setUsername(String username) { - this.username = username; - } - - /** - * @return the user - */ - public UserDatabaseFrom getUser() { - return user; - } - - /** - * @param user the user to set - */ - public void setUser(UserDatabaseFrom user) { - this.user = user; - } - - /** - * @return the ssologouturl - */ - public String getSsologouturl() { - return ssologouturl; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - /** - * @return the pvp2LoginActiv - */ - public boolean isPvp2LoginActiv() { - return pvp2LoginActiv; - } - - + + /** + * @throws ConfigurationException + */ + + private static final long serialVersionUID = -2781497863862504896L; + + private String password; + private String username; + private UserDatabaseFrom user = null; + private String formID; + + private String ssologouturl; + + private boolean pvp2LoginActiv = false; + + public IndexAction() throws BasicActionException { + super(); + } + + public String start() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + if (session.getAttribute(Constants.SESSION_I18n) == null) { + session.setAttribute(Constants.SESSION_I18n, + Locale.forLanguageTag(configuration.getDefaultLanguage())); + } + + if (configuration.isLoginDeaktivated()) { + return "loginWithOutAuth"; + + } else { + return Constants.STRUTS_SUCCESS; + + } + } + + public String authenticate() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + String key = null; + + if (MiscUtil.isNotEmpty(username)) { + if (ValidationHelper.containsNotValidCharacter(username, false)) { + log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username)); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("Username is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + return Constants.STRUTS_ERROR; + } + + if (MiscUtil.isEmpty(password)) { + log.warn("Password is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + return Constants.STRUTS_ERROR; + + } else { + key = AuthenticationHelper.generateKeyFormPassword(password); + if (key == null) { + addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); + return Constants.STRUTS_ERROR; + } + } + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username); + if (dbuser == null) { + log.warn("Unknown Username"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + + } else { + // TODO: maybe remove this default value in a later version + if (dbuser.isIsUsernamePasswordAllowed() == null) { + dbuser.setIsUsernamePasswordAllowed(true); + } + + if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + + " is not active or Username/Password login is not allowed"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + if (!dbuser.getPassword().equals(key)) { + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + // TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) { + ismandateuser = dbuser.isIsMandateUser(); + } + + final int sessionTimeOut = session.getMaxInactiveInterval(); + final Date sessionExpired = new Date(new Date().getTime() + + sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS); + + final AuthenticatedUser authuser = new AuthenticatedUser(dbuser, + true, + ismandateuser, + false, + dbuser.getHjid() + "dbID", + "username/password", + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authuser); + + final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) { + authuser.setLastLogin(date); + } + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } finally { + } + + final HttpSession session = generateNewJSession(request); + session.setAttribute(Constants.SESSION_AUTH, authuser); + + return Constants.STRUTS_SUCCESS; + } + } + + public String pvp2login() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final String method = request.getMethod(); + if (session == null) { + log.info("NO HTTP Session"); + return Constants.STRUTS_ERROR; + } + + final String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); + session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); + + if (method.equals("POST")) { + + try { + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + // Decode with HttpPost Binding + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + final Response samlResponse = (Response) messageContext.getInboundMessage(); + + // ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(authID)) { + log.info("NO AuthRequestID"); + return Constants.STRUTS_ERROR; + } + + if (!authID.equals(samlResponse.getInResponseTo())) { + log.warn("PVPRequestID does not match PVP2 Assertion ID!"); + return Constants.STRUTS_ERROR; + + } + + // check response destination + String serviceURL = configuration.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = samlResponse.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { + log.warn("PVPResponse destination does not match requested destination"); + return Constants.STRUTS_ERROR; + } + + // check if response is signed + final Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } + + // validate signature + PVP2Utils.validateSignature(samlResponse, configuration); + + log.info("PVP2 Assertion is valid"); + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + List saml2assertions = + new ArrayList<>(); + + // check encrypted Assertion + final List encryAssertionList = samlResponse.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + // decrypt assertions + + log.debug("Found encryped assertion. Start decryption ..."); + + final KeyStore keyStore = configuration.getPVP2KeyStore(); + + final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( + keyStore, + configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + + final StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver()); + + final Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (final EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + log.debug("Assertion decryption finished. "); + + } else { + saml2assertions = samlResponse.getAssertions(); + + } + + for (final org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + final Conditions conditions = saml2assertion.getConditions(); + final DateTime notbefore = conditions.getNotBefore(); + final DateTime notafter = conditions.getNotOnOrAfter(); + if (notbefore.isAfterNow() || notafter.isBeforeNow()) { + log.warn("PVP2 Assertion is out of Date"); + return Constants.STRUTS_ERROR; + + } + + final Subject subject = saml2assertion.getSubject(); + if (subject == null) { + log.warn("Assertion has no Subject element"); + return Constants.STRUTS_ERROR; + + } + + final NameID nameID = subject.getNameID(); + if (nameID == null) { + log.warn("No NameID element in PVP2 assertion!"); + return Constants.STRUTS_ERROR; + } + + final String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); + + final int sessionTimeOut = session.getMaxInactiveInterval(); + final Date sessionExpired = new Date(new Date().getTime() + + sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS); + + // search user + final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk); + if (dbuser == null) { + log.info("No user found with bpk/wbpk " + bpkwbpk); + + // read PVP2 assertion attributes; + user = new UserDatabaseFrom(); + user.setActive(false); + user.setAdmin(false); + user.setBpk(bpkwbpk); + user.setIsusernamepasswordallowed(false); + user.setIsmandateuser(false); + user.setPVPGenerated(true); + + // loop through the nodes to get what we want + final List attributeStatements = saml2assertion.getAttributeStatements(); + for (final AttributeStatement attributeStatement : attributeStatements) { + final List attributes = attributeStatement.getAttributes(); + for (final Attribute attribute : attributes) { + final String strAttributeName = attribute.getDOM().getAttribute("Name"); + + if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) { + user.setFamilyName(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) { + user.setGivenName(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) { + user.setIsmandateuser(true); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) { + user.setInstitut(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + } + } + + // create AuthUser data element + authUser = AuthenticatedUser.generateUserRequestUser(user, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + // set Random value + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } else { + if (!dbuser.isIsActive()) { + + if (!dbuser.isIsMailAddressVerified()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + user = new UserDatabaseFrom(dbuser); + authUser = new AuthenticatedUser(dbuser, + false, + dbuser.isIsMandateUser(), + true, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } + + log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); + addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request)); + return Constants.STRUTS_ERROR; + } + + // TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) { + ismandateuser = dbuser.isIsMandateUser(); + } + + authUser = new AuthenticatedUser(dbuser, true, + ismandateuser, + true, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) { + authUser.setLastLogin(date); + } + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } finally { + } + + final HttpSession newsession = generateNewJSession(request); + newsession.setAttribute(Constants.SESSION_AUTH, authUser); + return Constants.STRUTS_SUCCESS; + + } + } + + log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + + } else { + log.info("Receive Error Assertion."); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } + + } catch (final Exception e) { + log.warn("An internal error occurs.", e); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + } + + } else { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + } + } + + public String requestNewUser() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (session == null) { + log.warn("No active Session found"); + return Constants.STRUTS_ERROR; + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); + if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { + final UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; + + final Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (user == null) { + log.warn("No form transmited"); + return Constants.STRUTS_ERROR; + } + + // get UserID + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + String check; + if (!sessionform.isIsmandateuser()) { + check = user.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml( + check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Organisation is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); + } + } + + check = user.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Mailaddress is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); + } + + check = user.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Phonenumber is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); + } + + if (hasActionErrors()) { + log.info("Some form errors found. Send user back to form"); + + user.setPVPGenerated(true); + user.setFamilyName(sessionform.getFamilyName()); + user.setGivenName(sessionform.getGivenName()); + user.setIsmandateuser(sessionform.isIsmandateuser()); + user.setBpk(sessionform.getBpk()); + + if (sessionform.isIsmandateuser()) { + user.setInstitut(sessionform.getInstitut()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NEWUSER; + } + + UserDatabase dbuser; + + if (userID < 0) { + dbuser = new UserDatabase(); + dbuser.setBpk(sessionform.getBpk()); + dbuser.setFamilyname(sessionform.getFamilyName()); + dbuser.setGivenname(sessionform.getGivenName()); + + if (sessionform.isIsmandateuser()) { + dbuser.setInstitut(sessionform.getInstitut()); + } else { + dbuser.setInstitut(user.getInstitut()); + } + + dbuser.setIsPVP2Generated(true); + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + dbuser.setIsActive(false); + dbuser.setIsAdmin(false); + dbuser.setIsMandateUser(sessionform.isIsmandateuser()); + dbuser.setIsUsernamePasswordAllowed(false); + + } else { + dbuser = configuration.getUserManagement().getUserWithID(userID); + } + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + dbuser.setIsAdminRequest(true); + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("New UserRequest can not be stored in database", e); + return Constants.STRUTS_ERROR; + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); + return Constants.STRUTS_NEWUSER; + } + + finally { + session.setAttribute(Constants.SESSION_FORM, null); + session.setAttribute(Constants.SESSION_AUTH, null); + } + + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); + + session.invalidate(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("No SessionForm found"); + return Constants.STRUTS_ERROR; + } + + } + + public String mailAddressVerification() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); + if (MiscUtil.isNotEmpty(userrequesttokken)) { + + userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); + + try { + Long.parseLong(userrequesttokken); + + } catch (final NumberFormatException e) { + log.warn("Verificationtokken has no number format."); + return Constants.STRUTS_ERROR; + } + + final UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken); + if (dbuser != null) { + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(true); + + if (dbuser.isIsActive()) { + dbuser.setIsAdminRequest(false); + } + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + int numoas = 0; + int numusers = 0; + + final List openOAs = configuration.getDbRead().getAllNewOnlineApplications(); + if (openOAs != null) { + numoas = openOAs.size(); + } + + final List openUsers = configuration.getUserManagement().getAllNewUsers(); + if (openUsers != null) { + numusers = openUsers.size(); + } + + if (numusers > 0 || numoas > 0) { + MailHelper.sendAdminMail(numoas, numusers); + } + + } catch (final MOADatabaseException e) { + log.warn("Userinformation can not be stored in Database.", e); + addActionError(LanguageHelper.getErrorString("error.mail.verification", request)); + + } catch (final ConfigurationException e) { + log.warn("Send mail to admin failed.", e); + } + + finally { + } + + addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request)); + return Constants.STRUTS_SUCCESS; + } + } + + return Constants.STRUTS_ERROR; + } + + public String logout() { + final HttpSession session = request.getSession(false); + + if (session != null) { + if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOSUCCESS))) { + addActionMessage((String) session.getAttribute(Constants.SESSION_SLOSUCCESS)); + } + + if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOERROR))) { + addActionError((String) session.getAttribute(Constants.SESSION_SLOERROR)); + } + + session.invalidate(); + + } + + return Constants.STRUTS_SUCCESS; + } + + private HttpSession generateNewJSession(HttpServletRequest request) { + HttpSession session = request.getSession(false); + + if (session != null) { + + final HashMap attributes = new HashMap<>(); + + final Enumeration enames = session.getAttributeNames(); + while (enames.hasMoreElements()) { + final String name = enames.nextElement(); + if (!name.equals("JSESSIONID")) { + attributes.put(name, session.getAttribute(name)); + } + } + session.invalidate(); + + session = request.getSession(true); + for (final Entry et : attributes.entrySet()) { + session.setAttribute(et.getKey(), et.getValue()); + } + + } else { + session = request.getSession(true); + } + + return session; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the ssologouturl + */ + public String getSsologouturl() { + return ssologouturl; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + + /** + * @return the pvp2LoginActiv + */ + public boolean isPvp2LoginActiv() { + return pvp2LoginActiv; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 180f32235..3918dfc16 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; @@ -46,438 +44,444 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class InterfederationIDPAction extends BasicOAAction { - private static final Logger log = Logger.getLogger(InterfederationIDPAction.class); - private static final long serialVersionUID = 2879192135387083131L; - - public static final String STRUTS_IDP_VIDP = "-VIDP"; - public static final String STRUTS_IDP_MOA = "-MOAIDP"; - public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY"; - - private List formOAs; - - private String interfederationType; - - public InterfederationIDPAction() { - super(); - - } - - public String listAllIDPs() { - try { - populateBasicInformations(); - - if (authUser.isAdmin()) { - List dbOAs = configuration.getDbRead().getAllOnlineApplications(); - - if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - return Constants.STRUTS_SUCCESS; - - } else { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String newIDP() { - log.debug("insert new interfederation IDP"); - - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - populateBasicNewOnlineApplicationInformation(); - - if (STRUTS_IDP_MOA.equals(interfederationType)) { - formList.putAll(MOAIDPAction.buildMOAIDPFormList()); - - } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) { - formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); - - } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { - formList.putAll(VIDPAction.buildVIDPFormList()); - getStorkOA().setVidpEnabled(true); - getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); - - } else { - log.warn("Unkown interfederation IDP type"); - addActionError("Unkown interfederation IDP type"); - return Constants.STRUTS_ERROR; - } - - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - - return Constants.STRUTS_OA_EDIT + interfederationType; - - } - - public String loadIDPInformation() { - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - OnlineApplication oa = populateOnlineApplicationFromRequest(); - - if (oa.isIsInterfederationIDP() != null - && oa.isIsInterfederationIDP()) { - - formList.putAll(MOAIDPAction.buildMOAIDPFormList()); - interfederationType = STRUTS_IDP_MOA; - - } else if (oa.getAuthComponentOA().getOASTORK() != null - && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { - - formList.putAll(VIDPAction.buildVIDPFormList()); - if (getStorkOA().getAttributeProviderPlugins() == null || - getStorkOA().getAttributeProviderPlugins().size() == 0) - getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); - interfederationType = STRUTS_IDP_VIDP; - - } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) { - formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); - interfederationType = STRUTS_IDP_GATEWAY; - - } else { - log.warn("Requested application is not an interfederation IDP."); - return Constants.STRUTS_NOTALLOWED; - } - - parseOAToForm(oa); - return Constants.STRUTS_SUCCESS + interfederationType; - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String saveIDP() { - - OnlineApplication onlineapplication= null; - - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - onlineapplication = preProcessSaveOnlineApplication(); - - if ( onlineapplication != null && - !((onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()) || - (onlineapplication.isIsInterfederationGateway() != null && onlineapplication.isIsInterfederationGateway()) || - (onlineapplication.getAuthComponentOA().getOASTORK() != null - && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { - log.warn("IDP which should be stored is not of type interfederation IDP."); - addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); - return Constants.STRUTS_ERROR; - - } - - List errors = new ArrayList(); - - //validate forms - for (IOnlineApplicationData form : formList.values()) - errors.addAll(form.validate(getGeneralOA(), authUser, request)); - - - if (getPvp2OA() != null) { - boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL()); - if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { - log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice", - new Object[] {getPvp2OA().getMetaDataURL()}, request )); - getGeneralOA().setBusinessService(true); - - } - } - - - if (errors.size() > 0) { - log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication, - !(this instanceof MOAIDPAction)); - - //set default Target interfederated nameID caluclation - if (getPvp2OA() != null) { - if (getGeneralOA().isBusinessService()) { - IdentificationNumber businessID = onlineapplication.getAuthComponentOA().getIdentificationNumber(); - if (businessID == null) { - businessID = new IdentificationNumber(); - onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); - } - businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); - } else - onlineapplication.setTarget("MOA-IDP"); - - try { - save(onlineapplication); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - } - } - } - - //remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), request)); - return Constants.STRUTS_SUCCESS; - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String cancleAndBackIDP() { - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - session.setAttribute(Constants.SESSION_OAID, null); - addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), request)); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String deleteIDP() { - String oaidentifier = null; - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - oaidentifier = preProcessDeleteOnlineApplication(); - - session.setAttribute(Constants.SESSION_OAID, null); - OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); - + + private static final long serialVersionUID = 2879192135387083131L; + + public static final String STRUTS_IDP_VIDP = "-VIDP"; + public static final String STRUTS_IDP_MOA = "-MOAIDP"; + public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY"; + + private List formOAs; + + private String interfederationType; + + public InterfederationIDPAction() { + super(); + + } + + public String listAllIDPs() { + try { + populateBasicInformations(); + + if (authUser.isAdmin()) { + final List dbOAs = configuration.getDbRead().getAllOnlineApplications(); + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String newIDP() { + log.debug("insert new interfederation IDP"); + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + populateBasicNewOnlineApplicationInformation(); + + if (STRUTS_IDP_MOA.equals(interfederationType)) { + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + + } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) { + formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); + + } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { + formList.putAll(VIDPAction.buildVIDPFormList()); + getStorkOA().setVidpEnabled(true); + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + + } else { + log.warn("Unkown interfederation IDP type"); + addActionError("Unkown interfederation IDP type"); + return Constants.STRUTS_ERROR; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + + return Constants.STRUTS_OA_EDIT + interfederationType; + + } + + public String loadIDPInformation() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + final OnlineApplication oa = populateOnlineApplicationFromRequest(); + + if (oa.isIsInterfederationIDP() != null + && oa.isIsInterfederationIDP()) { + + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + interfederationType = STRUTS_IDP_MOA; + + } else if (oa.getAuthComponentOA().getOASTORK() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + + formList.putAll(VIDPAction.buildVIDPFormList()); + if (getStorkOA().getAttributeProviderPlugins() == null || + getStorkOA().getAttributeProviderPlugins().size() == 0) { + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + } + interfederationType = STRUTS_IDP_VIDP; + + } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) { + formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); + interfederationType = STRUTS_IDP_GATEWAY; + + } else { + log.warn("Requested application is not an interfederation IDP."); + return Constants.STRUTS_NOTALLOWED; + } + + parseOAToForm(oa); + return Constants.STRUTS_SUCCESS + interfederationType; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String saveIDP() { + + OnlineApplication onlineapplication = null; + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + onlineapplication = preProcessSaveOnlineApplication(); + + if (onlineapplication != null && + !(onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP() + || + onlineapplication.isIsInterfederationGateway() != null && onlineapplication + .isIsInterfederationGateway() || + onlineapplication.getAuthComponentOA().getOASTORK() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled())) { + log.warn("IDP which should be stored is not of type interfederation IDP."); + addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); + return Constants.STRUTS_ERROR; + + } + + final List errors = new ArrayList<>(); + + // validate forms + for (final IOnlineApplicationData form : formList.values()) { + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + } + + if (getPvp2OA() != null) { + final boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA() + .getMetaDataURL()); + if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { + log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); + errors.add(LanguageHelper.getErrorString( + "validation.interfederation.moaidp.metadataurl.publicservice", + new Object[] { getPvp2OA().getMetaDataURL() }, request)); + getGeneralOA().setBusinessService(true); + + } + } + + if (errors.size() > 0) { + log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); + for (final String el : errors) { + addActionError(el); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, + !(this instanceof MOAIDPAction)); + + // set default Target interfederated nameID caluclation + if (getPvp2OA() != null) { + if (getGeneralOA().isBusinessService()) { + IdentificationNumber businessID = onlineapplication.getAuthComponentOA() + .getIdentificationNumber(); + if (businessID == null) { + businessID = new IdentificationNumber(); + onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); + } + businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); + } else { + onlineapplication.setTarget("MOA-IDP"); + } + + try { + save(onlineapplication); + + } catch (final MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + } + } + + // remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), + request)); + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String cancleAndBackIDP() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + session.setAttribute(Constants.SESSION_OAID, null); + addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), + request)); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String deleteIDP() { + String oaidentifier = null; + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + oaidentifier = preProcessDeleteOnlineApplication(); + + session.setAttribute(Constants.SESSION_OAID, null); + final OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication( + oaidentifier); + // try { // if (onlineapplication.getAuthComponentOA().getOAPVP2() != null && // MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { // MOAIDConfiguration moaconfig = configuration.getDbRead().getMOAIDConfiguration(); // moaconfig.setPvp2RefreshItem(new Date()); // ConfigurationDBUtils.saveOrUpdate(moaconfig); -// +// // } // } catch (Throwable e) { // log.info("Found no MetadataURL in OA-Databaseconfig!", e); // } - - if (delete(onlineapplication)) { - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - - } - - /** - * @param oa - */ - private void parseOAToForm(OnlineApplication oa) { - List errors = new ArrayList(); - for (IOnlineApplicationData form : formList.values()) { - List error = form.parse(oa, authUser, request); - if (error != null) - errors.addAll(error); - } - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - setNewOA(false); - + if (delete(onlineapplication)) { + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, + request)); + return Constants.STRUTS_SUCCESS; - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_OAID, oaid); - } - - /** - * @return the formOAs - */ - public List getFormOAs() { - return formOAs; - } - - public OAMOAIDPInterfederationConfig getMoaIDP() { - return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); - } + } else { + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } - public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { - formList.put(pvp2oa.getName(), pvp2oa); - } + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; - public PVPGatewayInterfederationConfig getPVPGateway() { - return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName()); - } - - public void setPVPGateway(PVPGatewayInterfederationConfig val) { - formList.put(val.getName(), val); - } - - /** - * @return the formOA - */ - public OATargetConfiguration getTargetConfig() { - return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); - } + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); - /** - * @param formOA the formOA to set - */ - public void setTargetConfig(OATargetConfiguration formOA) { - formList.put(formOA.getName(), formOA); - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); - } + } finally { - /** - * @param formOA the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - formList.put(formOA.getName(), formOA); - } - - public OASTORKConfig getStorkOA() { - return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); } - public void setStorkOA(OASTORKConfig storkOA) { - formList.put(storkOA.getName(), storkOA); + } + + /** + * @param oa + */ + private void parseOAToForm(OnlineApplication oa) { + final List errors = new ArrayList<>(); + for (final IOnlineApplicationData form : formList.values()) { + final List error = form.parse(oa, authUser, request); + if (error != null) { + errors.addAll(error); + } } - - - public OAAuthenticationData getAuthOA() { - return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + if (errors.size() > 0) { + for (final String el : errors) { + addActionError(el); + } } - public void setAuthOA(OAAuthenticationData generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - - /** - * @return the interfederationType - */ - public String getInterfederationType() { - return interfederationType; - } - - /** - * @param interfederationType the interfederationType to set - */ - public void setInterfederationType(String interfederationType) { - this.interfederationType = interfederationType; - } - - - + setNewOA(false); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + } + + /** + * @return the formOAs + */ + public List getFormOAs() { + return formOAs; + } + + public OAMOAIDPInterfederationConfig getMoaIDP() { + return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); + } + + public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + public PVPGatewayInterfederationConfig getPVPGateway() { + return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName()); + } + + public void setPVPGateway(PVPGatewayInterfederationConfig val) { + formList.put(val.getName(), val); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + /** + * @return the interfederationType + */ + public String getInterfederationType() { + return interfederationType; + } + + /** + * @param interfederationType the interfederationType to set + */ + public void setInterfederationType(String interfederationType) { + this.interfederationType = interfederationType; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index ca018d5b0..11be61bb6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -25,179 +25,162 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - -import com.opensymphony.xwork2.ActionSupport; - -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class ListOAsAction extends BasicAction { - - private final Logger log = Logger.getLogger(ListOAsAction.class); - - private static final long serialVersionUID = 1L; - - private List formOAs; - private String friendlyname; - - public ListOAsAction() throws ConfigurationException { + + private static final long serialVersionUID = 1L; + + private List formOAs; + private String friendlyname; + + public ListOAsAction() throws ConfigurationException { // configuration = ConfigurationProvider.getInstance(); - } - - - public String listAllOnlineAppliactions() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - List dbOAs = null; - - if (authUser.isAdmin()) { - dbOAs = configuration.getDbRead().getAllOnlineApplications(); - - } else { - UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - - if (authUserDB != null) { - for (String el : authUserDB.getOnlineApplication()) { - dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el))); - - } - } - } - - if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - - return Constants.STRUTS_SUCCESS; - } - - public String searchOAInit() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - formOAs = null; - friendlyname = ""; - - return Constants.STRUTS_SUCCESS; - - } - - public String searchOA() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (MiscUtil.isEmpty(friendlyname)) { - log.info("SearchOA textfield is empty"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - return Constants.STRUTS_SUCCESS; - - } else { - if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) { - log.warn("SearchOA textfield contains potential XSS characters"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request)); - return Constants.STRUTS_SUCCESS; - } - } - - List dbOAs = null; - - if (authUser.isAdmin()) { - dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname); - - } else { - UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (authUserDB != null) { - List alldbOAs = authUserDB.getOnlineApplication(); - - dbOAs = new ArrayList(); - - for (String el : alldbOAs) { - OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el)); - - if (oa.getPublicURLPrefix() - .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) - dbOAs.add(oa); - } - } - } - - if (dbOAs == null || dbOAs.size() == 0) { - log.debug("No IDPs found with Identifier " + friendlyname); - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - - } - - - return Constants.STRUTS_SUCCESS; - } - - /** - * @return the formOAs - */ - public List getFormOAs() { - return formOAs; - } - - - /** - * @return the friendlyname - */ - public String getFriendlyname() { - return friendlyname; - } - - - /** - * @param friendlyname the friendlyname to set - */ - public void setFriendlyname(String friendlyname) { - this.friendlyname = friendlyname; - } - - + } + + public String listAllOnlineAppliactions() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + List dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = configuration.getDbRead().getAllOnlineApplications(); + + } else { + final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (authUserDB != null) { + for (final String el : authUserDB.getOnlineApplication()) { + dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el))); + + } + } + } + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + return Constants.STRUTS_SUCCESS; + } + + public String searchOAInit() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + formOAs = null; + friendlyname = ""; + + return Constants.STRUTS_SUCCESS; + + } + + public String searchOA() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (MiscUtil.isEmpty(friendlyname)) { + log.info("SearchOA textfield is empty"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + return Constants.STRUTS_SUCCESS; + + } else { + if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) { + log.warn("SearchOA textfield contains potential XSS characters"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + return Constants.STRUTS_SUCCESS; + } + } + + List dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname); + + } else { + final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (authUserDB != null) { + final List alldbOAs = authUserDB.getOnlineApplication(); + + dbOAs = new ArrayList<>(); + + for (final String el : alldbOAs) { + final OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el)); + + if (oa.getPublicURLPrefix() + .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) { + dbOAs.add(oa); + } + } + } + } + + if (dbOAs == null || dbOAs.size() == 0) { + log.debug("No IDPs found with Identifier " + friendlyname); + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + + } + + return Constants.STRUTS_SUCCESS; + } + + /** + * @return the formOAs + */ + public List getFormOAs() { + return formOAs; + } + + /** + * @return the friendlyname + */ + public String getFriendlyname() { + return friendlyname; + } + + /** + * @param friendlyname the friendlyname to set + */ + public void setFriendlyname(String friendlyname) { + this.friendlyname = friendlyname; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java index 8c04a382a..ce3af689d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java @@ -34,26 +34,25 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; */ public class MOAIDPAction extends InterfederationIDPAction { - private static final long serialVersionUID = -2047128481980413334L; - - public MOAIDPAction() { - super(); - formList.putAll(buildMOAIDPFormList()); - } - - public static LinkedHashMap buildMOAIDPFormList() { - - LinkedHashMap forms = - new LinkedHashMap(); - - - OAPVP2Config pvp2OA = new OAPVP2Config(); - forms.put(pvp2OA.getName(), pvp2OA); - - OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); - forms.put(moaidp.getName(), moaidp); - - return forms; - } + private static final long serialVersionUID = -2047128481980413334L; + + public MOAIDPAction() { + super(); + formList.putAll(buildMOAIDPFormList()); + } + + public static LinkedHashMap buildMOAIDPFormList() { + + final LinkedHashMap forms = + new LinkedHashMap<>(); + + final OAPVP2Config pvp2OA = new OAPVP2Config(); + forms.put(pvp2OA.getName(), pvp2OA); + + final OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); + forms.put(moaidp.getName(), moaidp); + + return forms; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index ea6f17fc7..785eb583a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -22,41 +22,41 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MainAction extends BasicAction { - - private static final long serialVersionUID = 221178766809263908L; - - private static final Logger log = Logger.getLogger(MainAction.class); - - public String changeLanguage() { - - return Constants.STRUTS_SUCCESS; - } - - public String generateMainFrame() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (hasActionMessages()) - setActionMessages(getActionMessages()); - - if (hasActionErrors()) - setActionErrors(getActionErrors()); - - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - return Constants.STRUTS_SUCCESS; - } - + + private static final long serialVersionUID = 221178766809263908L; + + public String changeLanguage() { + + return Constants.STRUTS_SUCCESS; + } + + public String generateMainFrame() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (hasActionMessages()) { + setActionMessages(getActionMessages()); + } + + if (hasActionErrors()) { + setActionErrors(getActionErrors()); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + return Constants.STRUTS_SUCCESS; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java index 26d4e13ab..e1965e951 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -24,81 +24,68 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; +import lombok.extern.slf4j.Slf4j; -import com.opensymphony.xwork2.ActionSupport; - +@Slf4j public class OpenAdminRequestsAction extends BasicAction { - - private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class); - - private static final long serialVersionUID = 1L; - - private List formOAs = null; - private List userlist = null; - - - public String init() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - List dbOAs = configuration.getDbRead().getAllNewOnlineApplications(); - if (dbOAs != null) { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - } - - List dbUsers = configuration.getUserManagement().getAllNewUsers(); - if (dbUsers != null){ - userlist = FormDataHelper.addFormUsers(dbUsers); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); - - return Constants.STRUTS_SUCCESS; - } else { - log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); - return Constants.STRUTS_NOTALLOWED; - } - - } - - - /** - * @return the formOAs - */ - public List getFormOAs() { - return formOAs; - } - - - /** - * @return the userlist - */ - public List getUserlist() { - return userlist; - } - + + private static final long serialVersionUID = 1L; + + private List formOAs = null; + private List userlist = null; + + public String init() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + final List dbOAs = configuration.getDbRead().getAllNewOnlineApplications(); + if (dbOAs != null) { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + } + + final List dbUsers = configuration.getUserManagement().getAllNewUsers(); + if (dbUsers != null) { + userlist = FormDataHelper.addFormUsers(dbUsers); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); + return Constants.STRUTS_NOTALLOWED; + } + + } + + /** + * @return the formOAs + */ + public List getFormOAs() { + return formOAs; + } + + /** + * @return the userlist + */ + public List getUserlist() { + return userlist; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 26afb0205..6a60b6816 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -26,14 +26,6 @@ import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -49,564 +41,570 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; -import com.opensymphony.xwork2.ActionSupport; - +@Slf4j public class UserManagementAction extends BasicAction { - - private static final Logger log = Logger.getLogger(UserManagementAction.class); - - private static final long serialVersionUID = 1L; - - private List userlist = null; - private UserDatabaseFrom user = null; - - private String useridobj = null; - private static boolean newUser = false; - private InputStream stream; - private String nextPage; - private String formID; - - public String init() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - if (authUser.isAdmin()) { - - log.info("Show NewserRequests"); - - log.info("Show UserList"); - - List dbuserlist = configuration.getUserManagement().getAllUsers(); - - if (dbuserlist != null) { - userlist = FormDataHelper.addFormUsers(dbuserlist); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (dbuser == null) { - return Constants.STRUTS_REAUTHENTICATE; - } - user = new UserDatabaseFrom(dbuser); - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_NOTALLOWED; - } - } - - public String createuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - - if (authUser.isAdmin()) { - - user = new UserDatabaseFrom(); - - newUser = true; - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_SUCCESS; - - } else { - return Constants.STRUTS_NOTALLOWED; - } - } - - public String edituser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - if (authUser.isAdmin()) { - long userid = -1; - - if (!ValidationHelper.validateOAID(useridobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - userid = Long.valueOf(useridobj); - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid); - if (dbuser == null) { - log.info("No User with ID " + userid + " in Database");; - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - user = new UserDatabaseFrom(dbuser); - - newUser = false; - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - user = new UserDatabaseFrom(dbuser); - return Constants.STRUTS_SUCCESS; - } - } - - public String saveuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); - - if( dbuser == null) { - dbuser = new UserDatabase(); - dbuser.setIsMandateUser(false); - dbuser.setIsAdminRequest(false); - dbuser.setIsPVP2Generated(false); - dbuser.setUserRequestTokken(null); - dbuser.setIsMailAddressVerified(false); - dbuser.setUsername(user.getUsername()); - } - - List errors; - UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); - - boolean ispvp2 = false; - boolean ismandate = false; - if (dbuser.isIsPVP2Generated() != null) - ispvp2 = dbuser.isIsPVP2Generated(); - - if (dbuser.isIsMandateUser() != null) - ismandate = dbuser.isIsMandateUser(); - - errors = validator.validate(user, userID, ispvp2, ismandate, request); - - if (errors.size() > 0) { - log.info("UserDataForm has some erros."); - for (String el : errors) - addActionError(el); - user.setPassword(""); - - if (MiscUtil.isEmpty(user.getUsername())) - newUser = true; - - user.setIsmandateuser(ismandate); - user.setPVPGenerated(ispvp2); - if (dbuser.isIsUsernamePasswordAllowed() != null) - user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - } - - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - } - - if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - MailHelper.sendUserMailAddressVerification(dbuser); - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send", request)); - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - - if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && - user.isActive()) { - dbuser.setIsAdminRequest(false); - try { - if (dbuser.isIsMandateUser()) - MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), - dbuser.getInstitut(), user.getMail()); - else - MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), - null, user.getMail()); - - } catch (ConfigurationException e) { - log.warn("Send UserAccountActivation mail failed", e); - } - } - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - String error = saveFormToDB(dbuser); - - if (error != null) { - log.warn("UserData can not be stored in Database"); - addActionError(error); - return Constants.STRUTS_SUCCESS; - } - - return Constants.STRUTS_SUCCESS; - } - - public String deleteuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); - if (dbuser != null) { - dbuser.setOaIDs(null); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - configuration.getUserManagement().delete(dbuser); - - if (authUser.isAdmin()) { - MailHelper.sendUserAccountRevocationMail(dbuser); - } - - if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) { - return Constants.STRUTS_REAUTHENTICATE; - } - - } catch (MOADatabaseException e) { - log.warn("UserData can not be deleted from Database", e); - addActionError(e.getMessage()); - return Constants.STRUTS_SUCCESS; - - } catch (ConfigurationException e) { - log.warn("Information mail sending failed.", e); - addActionError(e.getMessage()); - return Constants.STRUTS_SUCCESS; - } - - finally { - } - } - - - return Constants.STRUTS_SUCCESS; - } - - public String sendVerificationMail () { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String message = LanguageHelper.getErrorString("error.mail.send", request); - - if (authUser != null) { - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - - if (dbuser != null) { - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - MailHelper.sendUserMailAddressVerification(dbuser); - - message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - message = LanguageHelper.getErrorString("error.mail.send", request); - - } catch (MOADatabaseException e) { - log.warn("Access UserInformationDatabase failed.", e); - } - } - } - - stream = new ByteArrayInputStream(message.getBytes()); - - return SUCCESS; - } - - private String saveFormToDB(UserDatabase dbuser) { - - dbuser.setMail(user.getMail()); - dbuser.setPhone(user.getPhone()); - - if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { - dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); - - if (authUser.isAdmin()) { - dbuser.setIsActive(user.isActive()); - dbuser.setIsAdmin(user.isAdmin()); - - } - } - - if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { - dbuser.setFamilyname(user.getFamilyName()); - dbuser.setGivenname(user.getGivenName()); - dbuser.setInstitut(user.getInstitut()); - - if (authUser.isAdmin()) { - dbuser.setBpk(user.getBpk()); - if ( user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_FN) || - user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_ZVR) || - user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { - dbuser.setIsMandateUser(true); - } - } - - } else { - if (!dbuser.isIsMandateUser()) - dbuser.setInstitut(user.getInstitut()); - } - - if (dbuser.isIsUsernamePasswordAllowed()) { - - if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) - dbuser.setUsername(user.getUsername()); - - if (MiscUtil.isNotEmpty(user.getPassword())) { - String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); - if (key == null) { - return LanguageHelper.getErrorString("errors.edit.user.save", request); - } - dbuser.setPassword(key); - } - } - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - } catch (MOADatabaseException e) { - log.warn("User information can not be stored in Database.", e); - return LanguageHelper.getErrorString("errors.edit.user.save", request); - } - - return null; - } - - - /** - * @return the userlist - */ - public List getUserlist() { - return userlist; - } - - /** - * @param userlist the userlist to set - */ - public void setUserlist(List userlist) { - this.userlist = userlist; - } - - /** - * @return the user - */ - public UserDatabaseFrom getUser() { - return user; - } - - /** - * @param user the user to set - */ - public void setUser(UserDatabaseFrom user) { - this.user = user; - } - - /** - * @return the useridobj - */ - public String getUseridobj() { - return useridobj; - } - - /** - * @param useridobj the useridobj to set - */ - public void setUseridobj(String useridobj) { - this.useridobj = useridobj; - } - - /** - * @return the newUser - */ - public boolean isNewUser() { - return newUser; - } - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - + + private static final long serialVersionUID = 1L; + + private List userlist = null; + private UserDatabaseFrom user = null; + + private String useridobj = null; + private static boolean newUser = false; + private InputStream stream; + private String nextPage; + private String formID; + + public String init() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + if (authUser.isAdmin()) { + + log.info("Show NewserRequests"); + + log.info("Show UserList"); + + final List dbuserlist = configuration.getUserManagement().getAllUsers(); + + if (dbuserlist != null) { + userlist = FormDataHelper.addFormUsers(dbuserlist); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (dbuser == null) { + return Constants.STRUTS_REAUTHENTICATE; + } + user = new UserDatabaseFrom(dbuser); + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NOTALLOWED; + } + } + + public String createuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + + if (authUser.isAdmin()) { + + user = new UserDatabaseFrom(); + + newUser = true; + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; + + } else { + return Constants.STRUTS_NOTALLOWED; + } + } + + public String edituser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + if (authUser.isAdmin()) { + long userid = -1; + + if (!ValidationHelper.validateOAID(useridobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + userid = Long.valueOf(useridobj); + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid); + if (dbuser == null) { + log.info("No User with ID " + userid + " in Database"); + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + user = new UserDatabaseFrom(dbuser); + + newUser = false; + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + user = new UserDatabaseFrom(dbuser); + return Constants.STRUTS_SUCCESS; + } + } + + public String saveuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); + + if (dbuser == null) { + dbuser = new UserDatabase(); + dbuser.setIsMandateUser(false); + dbuser.setIsAdminRequest(false); + dbuser.setIsPVP2Generated(false); + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(false); + dbuser.setUsername(user.getUsername()); + } + + List errors; + final UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); + + boolean ispvp2 = false; + boolean ismandate = false; + if (dbuser.isIsPVP2Generated() != null) { + ispvp2 = dbuser.isIsPVP2Generated(); + } + + if (dbuser.isIsMandateUser() != null) { + ismandate = dbuser.isIsMandateUser(); + } + + errors = validator.validate(user, userID, ispvp2, ismandate, request); + + if (errors.size() > 0) { + log.info("UserDataForm has some erros."); + for (final String el : errors) { + addActionError(el); + } + user.setPassword(""); + + if (MiscUtil.isEmpty(user.getUsername())) { + newUser = true; + } + + user.setIsmandateuser(ismandate); + user.setPVPGenerated(ispvp2); + if (dbuser.isIsUsernamePasswordAllowed() != null) { + user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + } + + if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + MailHelper.sendUserMailAddressVerification(dbuser); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); + } + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + + if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && + user.isActive()) { + dbuser.setIsAdminRequest(false); + try { + if (dbuser.isIsMandateUser()) { + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), user.getMail()); + } else { + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + null, user.getMail()); + } + + } catch (final ConfigurationException e) { + log.warn("Send UserAccountActivation mail failed", e); + } + } + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + final String error = saveFormToDB(dbuser); + + if (error != null) { + log.warn("UserData can not be stored in Database"); + addActionError(error); + return Constants.STRUTS_SUCCESS; + } + + return Constants.STRUTS_SUCCESS; + } + + public String deleteuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); + if (dbuser != null) { + dbuser.setOaIDs(null); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + configuration.getUserManagement().delete(dbuser); + + if (authUser.isAdmin()) { + MailHelper.sendUserAccountRevocationMail(dbuser); + } + + if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) { + return Constants.STRUTS_REAUTHENTICATE; + } + + } catch (final MOADatabaseException e) { + log.warn("UserData can not be deleted from Database", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + + } catch (final ConfigurationException e) { + log.warn("Information mail sending failed.", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + } + + finally { + } + } + + return Constants.STRUTS_SUCCESS; + } + + public String sendVerificationMail() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + String message = LanguageHelper.getErrorString("error.mail.send", request); + + if (authUser != null) { + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (dbuser != null) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + message = LanguageHelper.getErrorString("error.mail.send", request); + + } catch (final MOADatabaseException e) { + log.warn("Access UserInformationDatabase failed.", e); + } + } + } + + stream = new ByteArrayInputStream(message.getBytes()); + + return SUCCESS; + } + + private String saveFormToDB(UserDatabase dbuser) { + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + + if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { + dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); + + if (authUser.isAdmin()) { + dbuser.setIsActive(user.isActive()); + dbuser.setIsAdmin(user.isAdmin()); + + } + } + + if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { + dbuser.setFamilyname(user.getFamilyName()); + dbuser.setGivenname(user.getGivenName()); + dbuser.setInstitut(user.getInstitut()); + + if (authUser.isAdmin()) { + dbuser.setBpk(user.getBpk()); + if (user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_FN) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ZVR) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { + dbuser.setIsMandateUser(true); + } + } + + } else { + if (!dbuser.isIsMandateUser()) { + dbuser.setInstitut(user.getInstitut()); + } + } + + if (dbuser.isIsUsernamePasswordAllowed()) { + + if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) { + dbuser.setUsername(user.getUsername()); + } + + if (MiscUtil.isNotEmpty(user.getPassword())) { + final String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); + if (key == null) { + return LanguageHelper.getErrorString("errors.edit.user.save", request); + } + dbuser.setPassword(key); + } + } + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + } catch (final MOADatabaseException e) { + log.warn("User information can not be stored in Database.", e); + return LanguageHelper.getErrorString("errors.edit.user.save", request); + } + + return null; + } + + /** + * @return the userlist + */ + public List getUserlist() { + return userlist; + } + + /** + * @param userlist the userlist to set + */ + public void setUserlist(List userlist) { + this.userlist = userlist; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the useridobj + */ + public String getUseridobj() { + return useridobj; + } + + /** + * @param useridobj the useridobj to set + */ + public void setUseridobj(String useridobj) { + this.useridobj = useridobj; + } + + /** + * @return the newUser + */ + public boolean isNewUser() { + return newUser; + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java index c00eb46a5..5f03d89c1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java @@ -39,37 +39,36 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; */ public class VIDPAction extends InterfederationIDPAction { - private static final long serialVersionUID = 1981465294474566533L; + private static final long serialVersionUID = 1981465294474566533L; + + public VIDPAction() { + super(); + formList.putAll(buildVIDPFormList()); + } + + /** + * @return + * + */ + public static LinkedHashMap buildVIDPFormList() { + final LinkedHashMap forms = + new LinkedHashMap<>(); + + final OATargetConfiguration oaTarget = new OATargetConfiguration(); + forms.put(oaTarget.getName(), oaTarget); + + final OAAuthenticationData authOA = new OAAuthenticationData(); + forms.put(authOA.getName(), authOA); + + final OASTORKConfig storkOA = new OASTORKConfig(); + forms.put(storkOA.getName(), storkOA); + + final Map map = new HashMap<>(); + map.putAll(FormBuildUtils.getDefaultMap()); + final FormularCustomization formOA = new FormularCustomization(map); + forms.put(formOA.getName(), formOA); + + return forms; + } - - public VIDPAction() { - super(); - formList.putAll(buildVIDPFormList()); - } - - /** - * @return - * - */ - public static LinkedHashMap buildVIDPFormList() { - LinkedHashMap forms = - new LinkedHashMap(); - - OATargetConfiguration oaTarget = new OATargetConfiguration(); - forms.put(oaTarget.getName(), oaTarget); - - OAAuthenticationData authOA = new OAAuthenticationData(); - forms.put(authOA.getName(), authOA); - - OASTORKConfig storkOA = new OASTORKConfig(); - forms.put(storkOA.getName(), storkOA); - - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - forms.put(formOA.getName(), formOA); - - return forms; - } - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java index 08cd7c59d..e26e67196 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java @@ -33,47 +33,51 @@ import at.gv.egovernment.moa.logging.Logger; */ public class ConfigurationEncryptionUtils extends AbstractEncrytionUtil { - private static ConfigurationEncryptionUtils instance = null; - private static String key = null; - - public static ConfigurationEncryptionUtils getInstance() { - if (instance == null) { - try { - key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey(); - instance = new ConfigurationEncryptionUtils(); - - } catch (Exception e) { - Logger.warn("MOAConfiguration encryption initialization FAILED.", e); - - } - } - return instance; - } - - /** - * @throws DatabaseEncryptionException - */ - public ConfigurationEncryptionUtils() throws DatabaseEncryptionException { - super(); - - } + private static ConfigurationEncryptionUtils instance = null; + private static String key = null; - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() - */ - @Override - protected String getSalt() { - return "Configuration-Salt"; - - } + public static ConfigurationEncryptionUtils getInstance() { + if (instance == null) { + try { + key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey(); + instance = new ConfigurationEncryptionUtils(); - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() - */ - @Override - protected String getKey() { - return key; - - } + } catch (final Exception e) { + Logger.warn("MOAConfiguration encryption initialization FAILED.", e); + + } + } + return instance; + } + + /** + * @throws DatabaseEncryptionException + */ + public ConfigurationEncryptionUtils() throws DatabaseEncryptionException { + super(); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() + */ + @Override + protected String getSalt() { + return "Configuration-Salt"; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() + */ + @Override + protected String getKey() { + return key; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java index eca4c05ef..c4a9894ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -32,7 +32,6 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import org.opensaml.Configuration; import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObjectBuilder; import org.opensaml.xml.XMLObjectBuilderFactory; @@ -41,59 +40,59 @@ import org.opensaml.xml.io.MarshallingException; public class SAML2Utils { - static { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - factory.setValidating(false); - try { - builder = factory.newDocumentBuilder(); - } catch (ParserConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } + static { + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setValidating(false); + try { + builder = factory.newDocumentBuilder(); + } catch (final ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } - private static DocumentBuilder builder; + private static DocumentBuilder builder; - public static T createSAMLObject(final Class clazz) { - try { + public static T createSAMLObject(final Class clazz) { + try { - XMLObjectBuilderFactory builderFactory = Configuration - .getBuilderFactory(); + final XMLObjectBuilderFactory builderFactory = org.opensaml.xml.Configuration + .getBuilderFactory(); - QName defaultElementName = (QName) clazz.getDeclaredField( - "DEFAULT_ELEMENT_NAME").get(null); - Map builder = builderFactory.getBuilders(); - Iterator it = builder.keySet().iterator(); + final QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + final Map builder = builderFactory.getBuilders(); + final Iterator it = builder.keySet().iterator(); - while (it.hasNext()) { - QName qname = it.next(); - if (qname.equals(defaultElementName)) { - System.out.printf("Builder for: %s\n", qname.toString()); - } - } - XMLObjectBuilder xmlBuilder = builderFactory - .getBuilder(defaultElementName); - - T object = (T) xmlBuilder.buildObject(defaultElementName); - return object; - } catch (Throwable e) { - System.out.printf("Failed to create object for: %s\n", - clazz.toString()); - e.printStackTrace(); - return null; - } - } + while (it.hasNext()) { + final QName qname = it.next(); + if (qname.equals(defaultElementName)) { + System.out.printf("Builder for: %s\n", qname.toString()); + } + } + final XMLObjectBuilder xmlBuilder = builderFactory + .getBuilder(defaultElementName); + + final T object = (T) xmlBuilder.buildObject(defaultElementName); + return object; + } catch (final Throwable e) { + System.out.printf("Failed to create object for: %s\n", + clazz.toString()); + e.printStackTrace(); + return null; + } + } + + public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + final org.w3c.dom.Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } - public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException { - org.w3c.dom.Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - } - // public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException { // MetadataCredentialResolver resolver; // @@ -113,7 +112,5 @@ public class SAML2Utils { // return engine; // // } - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java index 5f55a61d5..a78de7362 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java @@ -26,68 +26,66 @@ import java.util.Calendar; import java.util.Date; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class UserRequestCleaner implements Runnable { - private static final Logger log = Logger.getLogger(UserRequestCleaner.class); - - private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min - - public void run() { - while (true) { - try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - - //clean up user request storage - List userrequests = config.getUserManagement().getAllOpenUsersRequests(); - if (userrequests != null) { - Calendar cal = Calendar.getInstance(); - cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1); - Date cleanupdate = cal.getTime(); - - for(UserDatabase dbuser : userrequests) { - Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - - if (requestdate != null && requestdate.after(cleanupdate)) { - log.info("Remove UserRequest from Database"); - config.getUserManagement().delete(dbuser); - } - - } - } - - //clean up active user storage - AuthenticationManager.getInstance().removeAllUsersAfterTimeOut(); - - Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); - - } catch (ConfigurationException e) { - log.info("UserRequestCleaner can not load configuration", e); - - } catch (InterruptedException e) { - - } - } - } - - /** - * start the sessionCleaner - */ - public static void start() { - // start the session cleanup thread - Thread sessionCleaner = new Thread(new UserRequestCleaner()); - sessionCleaner.setName("UserRequestCleaner"); - sessionCleaner.setDaemon(true); - sessionCleaner.setPriority(Thread.MIN_PRIORITY); - sessionCleaner.start(); - } - + private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min + + @Override + public void run() { + while (true) { + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + + // clean up user request storage + final List userrequests = config.getUserManagement().getAllOpenUsersRequests(); + if (userrequests != null) { + final Calendar cal = Calendar.getInstance(); + cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay() * -1); + final Date cleanupdate = cal.getTime(); + + for (final UserDatabase dbuser : userrequests) { + final Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + + if (requestdate != null && requestdate.after(cleanupdate)) { + log.info("Remove UserRequest from Database"); + config.getUserManagement().delete(dbuser); + } + + } + } + + // clean up active user storage + AuthenticationManager.getInstance().removeAllUsersAfterTimeOut(); + + Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); + + } catch (final ConfigurationException e) { + log.info("UserRequestCleaner can not load configuration", e); + + } catch (final InterruptedException e) { + + } + } + } + + /** + * start the sessionCleaner + */ + public static void start() { + // start the session cleanup thread + final Thread sessionCleaner = new Thread(new UserRequestCleaner()); + sessionCleaner.setName("UserRequestCleaner"); + sessionCleaner.setDaemon(true); + sessionCleaner.setPriority(Thread.MIN_PRIORITY); + sessionCleaner.start(); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java index b96b1e4b0..cbba90a6b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java @@ -28,51 +28,53 @@ import at.gv.egovernment.moa.id.configuration.Constants; public class CompanyNumberValidator implements IdentificationNumberValidator { - public boolean validate(String commercialRegisterNumber) { - - String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); - if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) - normalizedNumber = normalizedNumber.substring(2); - - return checkCommercialRegisterNumber(normalizedNumber); - } + @Override + public boolean validate(String commercialRegisterNumber) { - private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { - if (commercialRegisterNumber == null) { - return false; - } - commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, - '0'); - if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { - return false; - } - String digits = commercialRegisterNumber.substring(0, - commercialRegisterNumber.length() - 1); - char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber - .length() - 1); - boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; - return result; - } + String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); + if (normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + normalizedNumber = normalizedNumber.substring(2); + } - public static char calcCheckDigitFromCommercialRegisterNumber( - String commercialRegisterDigits) { - final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; - final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', - 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; - if (commercialRegisterDigits == null) { - throw new NullPointerException("Commercial register number missing."); - } - commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, - '0'); - if (!commercialRegisterDigits.matches("\\d{6}")) { - throw new IllegalArgumentException( - "Invalid commercial register number provided."); - } - int sum = 0; - for (int i = 0; i < commercialRegisterDigits.length(); i++) { - int value = commercialRegisterDigits.charAt(i) - '0'; - sum += WEIGHT[i] * value; - } - return CHECKDIGIT[sum % 17]; - } + return checkCommercialRegisterNumber(normalizedNumber); + } + + private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { + if (commercialRegisterNumber == null) { + return false; + } + commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, + '0'); + if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { + return false; + } + final String digits = commercialRegisterNumber.substring(0, + commercialRegisterNumber.length() - 1); + final char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber + .length() - 1); + final boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; + return result; + } + + public static char calcCheckDigitFromCommercialRegisterNumber( + String commercialRegisterDigits) { + final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; + final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', + 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; + if (commercialRegisterDigits == null) { + throw new NullPointerException("Commercial register number missing."); + } + commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, + '0'); + if (!commercialRegisterDigits.matches("\\d{6}")) { + throw new IllegalArgumentException( + "Invalid commercial register number provided."); + } + int sum = 0; + for (int i = 0; i < commercialRegisterDigits.length(); i++) { + final int value = commercialRegisterDigits.charAt(i) - '0'; + sum += WEIGHT[i] * value; + } + return CHECKDIGIT[sum % 17]; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index 4ef4bc762..318492e66 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -27,149 +27,155 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class FormularCustomizationValitator { - - private static final Logger log = Logger.getLogger(FormularCustomizationValitator.class); - - public List validate(FormularCustomization form, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { - log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); - errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", request)); - } - - check = form.getBackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request)); - } - } - - check = form.getFrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("BKUSelectionFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request)); - } - } - - check = form.getHeader_BackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("HeaderBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request)); - } - } - - check = form.getHeader_FrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("HeaderFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request)); - } - } - - check = form.getHeader_text(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("HeaderText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getButton_BackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request)); - } - } - - check = form.getButton_BackGroundColorFocus(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request)); - } - } - - check = form.getButton_FrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request)); - } - } - - check = form.getAppletRedirectTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!FormularCustomization.appletRedirectTargetList.contains(check)) { - log.warn("AppletRedirectTarget has not valid value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request)); - } - } - - check = form.getFontType(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.warn("FontType contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check = form.getApplet_height(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Applet height "+ check + " is no valid number"); - errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check = form.getApplet_width(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Applet width "+ check + " is no valid number"); - errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - return errors; - - } + + public List validate(FormularCustomization form, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { + log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", + request)); + } + + check = form.getBackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request)); + } + } + + check = form.getFrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request)); + } + } + + check = form.getHeader_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request)); + } + } + + check = form.getHeader_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request)); + } + } + + check = form.getHeader_text(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getButton_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request)); + } + } + + check = form.getButton_BackGroundColorFocus(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request)); + } + } + + check = form.getButton_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request)); + } + } + + check = form.getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!FormularCustomization.appletRedirectTargetList.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request)); + } + } + + check = form.getFontType(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getApplet_height(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height " + check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getApplet_width(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width " + check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + return errors; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java index d66c0da3a..84993f464 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java @@ -24,6 +24,6 @@ package at.gv.egovernment.moa.id.configuration.validation; public interface IdentificationNumberValidator { - boolean validate(String idNumber); - + boolean validate(String idNumber); + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index f0594c38d..13708c257 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; @@ -38,163 +36,161 @@ import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class UserDatabaseFormValidator { - private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); - - public List validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, - boolean isMandateUser, HttpServletRequest request) { - List errors = new ArrayList(); - - String check = null; - FileBasedUserConfiguration newConfigRead = null; - try { - newConfigRead = ConfigurationProvider.getInstance().getUserManagement(); - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - errors.add("Internal Server Error"); - return errors; - - } - - if (!isPVP2Generated) { - check = form.getGivenName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("GivenName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("GivenName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); - } - - - check = form.getFamilyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("FamilyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("FamilyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); - } - } - - if (!isMandateUser) { - check = form.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Organisation is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); - } - } - - check = form.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - log.warn("Mailaddress is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Mailaddress is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); - } - - check = form.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Phonenumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Phonenumber is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); - } - - if (form.isIsusernamepasswordallowed()) { - check = form.getUsername(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Username contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } else { - UserDatabase dbuser = newConfigRead.getUserWithUserName(check); - if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID ))) { - log.warn("Username " + check + " exists in UserDatabase"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); - form.setUsername(""); - } - } - } else { - if (userID == -1) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - } else { - UserDatabase dbuser = newConfigRead.getUserWithID(userID); - if (dbuser == null) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - } else { - form.setUsername(dbuser.getUsername()); - } - } - } - - check = form.getPassword(); - - if (MiscUtil.isEmpty(check)) { - if (userID == -1) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - } else { - UserDatabase dbuser = newConfigRead.getUserWithID(userID); - if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - } - } - - } else { - - if (check.equals(form.getPassword_second())) { - - String key = AuthenticationHelper.generateKeyFormPassword(check); - if (key == null) { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); - } - - } - else { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); - } - } - } - - check = form.getBpk(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.warn("BPK contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", - new Object[] {ValidationHelper.getNotValidIdentityLinkSignerCharacters()}, request )); - } - } - - return errors; - - } + public List validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, + boolean isMandateUser, HttpServletRequest request) { + final List errors = new ArrayList<>(); + + String check = null; + FileBasedUserConfiguration newConfigRead = null; + try { + newConfigRead = ConfigurationProvider.getInstance().getUserManagement(); + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + errors.add("Internal Server Error"); + return errors; + + } + + if (!isPVP2Generated) { + check = form.getGivenName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("GivenName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("GivenName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); + } + + check = form.getFamilyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("FamilyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("FamilyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); + } + } + + if (!isMandateUser) { + check = form.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Organisation is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); + } + } + + check = form.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Mailaddress is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); + } + + check = form.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Phonenumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Phonenumber is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); + } + + if (form.isIsusernamepasswordallowed()) { + check = form.getUsername(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Username contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + + } else { + final UserDatabase dbuser = newConfigRead.getUserWithUserName(check); + if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID))) { + log.warn("Username " + check + " exists in UserDatabase"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); + form.setUsername(""); + } + } + } else { + if (userID == -1) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + } else { + final UserDatabase dbuser = newConfigRead.getUserWithID(userID); + if (dbuser == null) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + } else { + form.setUsername(dbuser.getUsername()); + } + } + } + + check = form.getPassword(); + + if (MiscUtil.isEmpty(check)) { + if (userID == -1) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + } else { + final UserDatabase dbuser = newConfigRead.getUserWithID(userID); + if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + } + } + + } else { + + if (check.equals(form.getPassword_second())) { + + final String key = AuthenticationHelper.generateKeyFormPassword(check); + if (key == null) { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); + } + + } else { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); + } + } + } + + check = form.getBpk(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.warn("BPK contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", + new Object[] { ValidationHelper.getNotValidIdentityLinkSignerCharacters() }, request)); + } + } + + return errors; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 247004b75..62d53ab56 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -32,7 +32,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; @@ -41,114 +40,115 @@ import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MOAConfigValidator { - private static final Logger log = Logger.getLogger(MOAConfigValidator.class); - - public List validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { - - List errors = new ArrayList(); - - log.debug("Validate general MOA configuration"); - - - String check = form.getSaml1SourceID(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("SAML1 SourceID contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPublicURLPrefix(); - if (MiscUtil.isNotEmpty(check)) { - String[] publicURLPreFix = check.split(","); - if (form.isVirtualPublicURLPrefixEnabled()) { - for (String el : publicURLPreFix) { - if (!ValidationHelper.validateURL( - StringUtils.chomp(el.trim()))) { - log.info("Public URL Prefix " + el + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request)); - } - } - - } else { - if (!ValidationHelper.validateURL( - StringUtils.chomp(publicURLPreFix[0].trim()))) { - log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request)); - - } - - } - } else { - log.info("PublicURL Prefix is empty."); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); - } - - check = form.getTimeoutAssertion(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Assertion Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionCreated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionCreated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionUpdated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionUpdated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - + public List validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { + + final List errors = new ArrayList<>(); + + log.debug("Validate general MOA configuration"); + + String check = form.getSaml1SourceID(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("SAML1 SourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPublicURLPrefix(); + if (MiscUtil.isNotEmpty(check)) { + final String[] publicURLPreFix = check.split(","); + if (form.isVirtualPublicURLPrefixEnabled()) { + for (final String el : publicURLPreFix) { + if (!ValidationHelper.validateURL( + StringUtils.chomp(el.trim()))) { + log.info("Public URL Prefix " + el + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", + new Object[] { el }, request)); + } + } + + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(publicURLPreFix[0].trim()))) { + log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[] { + publicURLPreFix[0] }, request)); + + } + + } + } else { + log.info("PublicURL Prefix is empty."); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); + } + + check = form.getTimeoutAssertion(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Assertion Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionCreated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionCreated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionUpdated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionUpdated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + // check = form.getCertStoreDirectory(); // if (MiscUtil.isNotEmpty(check)) { // if (ValidationHelper.isValidOAIdentifier(check)) { // log.warn("CertStoreDirectory contains potentail XSS characters: " + check); -// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", +// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", // new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); // } // } else { // log.info("CertStoreDirectory is empty."); // errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); // } - - check = form.getDefaultBKUHandy(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); - } - } - - check = form.getDefaultBKULocal(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); - } - } - - check = form.getDefaultBKUOnline(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); - } - } - + + check = form.getDefaultBKUHandy(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check = form.getDefaultBKULocal(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check = form.getDefaultBKUOnline(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + // check = form.getDefaultchainigmode(); // if (MiscUtil.isEmpty(check)) { // log.info("Empty Defaultchainigmode"); @@ -160,166 +160,169 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request)); // } // } - - check = form.getMandateURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] misURLs = check.split(","); - for (String el : misURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getElgaMandateServiceURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] elgaServiceURLs = check.split(","); - for (String el : elgaServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getEidSystemServiceURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] eidServiceURLs = check.split(","); - for (String el : eidServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid E-ID System Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getMoaspssAuthTransformations(); - List authtranslist = new ArrayList(); - if (isMOAIDMode) { - if (MiscUtil.isEmpty(check)) { - log.info("Empty MoaspssAuthTransformation"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); - } else { - - //is only required if more then one transformation is in use - // check = StringHelper.formatText(check); - // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); - // int i=1; - // for(String el : list) { - // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { - // log.info("IdentityLinkSigners is not valid: " + el); - // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", - // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); - // - // } else { - // if (MiscUtil.isNotEmpty(el.trim())) - // authtranslist.add(el.trim()); - // } - // i++; - // } - authtranslist.add(check.trim()); - } - } - form.setAuthTransformList(authtranslist); - - if (isMOAIDMode) { - check = form.getMoaspssAuthTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssAuthTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - - check = form.getMoaspssURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MOA-SP/SS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); - } - } - } - - check = form.getPvp2IssuerName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 IssuerName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgDisplayName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation display name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("PVP2 organisation URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); - } - } - + + check = form.getMandateURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] misURLs = check.split(","); + for (final String el : misURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getElgaMandateServiceURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] elgaServiceURLs = check.split(","); + for (final String el : elgaServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getEidSystemServiceURL(); + if (MiscUtil.isNotEmpty(check)) { + final String[] eidServiceURLs = check.split(","); + for (final String el : eidServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid E-ID System Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getMoaspssAuthTransformations(); + final List authtranslist = new ArrayList<>(); + if (isMOAIDMode) { + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", + request)); + } else { + + // is only required if more then one transformation is in use + // check = StringHelper.formatText(check); + // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + // int i=1; + // for(String el : list) { + // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + // log.info("IdentityLinkSigners is not valid: " + el); + // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + // + // } else { + // if (MiscUtil.isNotEmpty(el.trim())) + // authtranslist.add(el.trim()); + // } + // i++; + // } + authtranslist.add(check.trim()); + } + } + form.setAuthTransformList(authtranslist); + + if (isMOAIDMode) { + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssAuthTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + } + } + } + + check = form.getPvp2IssuerName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 IssuerName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgDisplayName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation display name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 organisation URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); + } + } + // check = form.getPvp2PublicUrlPrefix(); // if (MiscUtil.isNotEmpty(check)) { // if (!ValidationHelper.validateURL(check)) { @@ -327,175 +330,175 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid")); // } // } - - if (isMOAIDMode) { - check = form.getSLRequestTemplateHandy(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Handy-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); - } - } - - check = form.getSLRequestTemplateLocal(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate local BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate local BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); - } - } - - check = form.getSLRequestTemplateOnline(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Online-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); - } - } - - check = form.getSsoFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("SSO friendlyname is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - // check = form.getSsoIdentificationNumber(); - // if (MiscUtil.isNotEmpty(check)) { - // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - // log.info("SSO IdentificationNumber is not valid: " + check); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", - // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - // } - // } - - // check = form.getSsoPublicUrl(); - // if (MiscUtil.isNotEmpty(check)) { - // if (!ValidationHelper.validateURL(check)) { - // log.info("SSO Public URL is not valid"); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); - // } - // } - - check = form.getSsoSpecialText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.info("SSO SpecialText is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", - new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); - } - } - - check = form.getSsoTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SSO Target"); - //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - - } else { - if (!ValidationHelper.isValidAdminTarget(check)) { - - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - - String num = check.replaceAll(" ", ""); - - if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || - num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || - num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { - - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); - } - - } - } - - check = form.getSzrgwURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] szrGWServiceURLs = check.split(","); - for (String el : szrGWServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{el}, request)); - } - } - } - } - - check = form.getTrustedCACerts(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); - - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("Not valid TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - - - if (isMOAIDMode) { - if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { - HashMap map = new HashMap(); - for (int i=0; i map = new HashMap<>(); + for (int i = 0; i < form.getFileUploadFileName().size(); i++) { + final String filename = form.getFileUploadFileName().get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsNotValidCharacter(filename, false)) { + log.info("SL Transformation Filename is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", + request)); + + } else { + try { + final File file = form.getFileUpload().get(i); + final FileInputStream stream = new FileInputStream(file); + map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + + } catch (final IOException e) { + log.info("SecurtiyLayerTransformation with FileName " + + filename + " can not be loaded.", e); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", + new Object[] { filename }, request)); + } + } + } + } + + form.setSecLayerTransformation(map); + + } else { + if (form.getSecLayerTransformation() == null) { + log.info("AuthBlock Transformation file is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); + + } + } + } + + final ContactForm contact = form.getPvp2Contact(); + if (contact != null) { + final PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); + errors.addAll(pvp2validator.validate(contact, request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index f7edbee71..f6deb6b09 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -28,76 +28,76 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class PVP2ContactValidator { - public static final List AllowedTypes= Arrays.asList( - "technical", - "support", - "administrative", - "billing", - "other"); - - private static final Logger log = Logger.getLogger(PVP2ContactValidator.class); - - public Listvalidate(ContactForm contact, HttpServletRequest request) { - List errors = new ArrayList(); - - String check = contact.getCompany(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: Company is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getGivenname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: GivenName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getSurname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: SureName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getType(); - if (MiscUtil.isNotEmpty(check)) { - if (!AllowedTypes.contains(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", request)); - } - } - - check = contact.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", request)); - } - } - - check = contact.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validatePhoneNumber(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", request)); - } - } - - return errors; - } + public static final List AllowedTypes = Arrays.asList( + "technical", + "support", + "administrative", + "billing", + "other"); + + public List validate(ContactForm contact, HttpServletRequest request) { + final List errors = new ArrayList<>(); + + String check = contact.getCompany(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: Company is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getGivenname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: GivenName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getSurname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: SureName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getType(); + if (MiscUtil.isNotEmpty(check)) { + if (!AllowedTypes.contains(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", + request)); + } + } + + check = contact.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", + request)); + } + } + + check = contact.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", + request)); + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 41fce8e60..088e377b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -5,8 +5,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; @@ -14,108 +12,117 @@ import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class StorkConfigValidator { - private static final Logger log = Logger.getLogger(StorkConfigValidator.class); + public List validate(GeneralStorkConfig form, HttpServletRequest request) { - public List validate(GeneralStorkConfig form, HttpServletRequest request) { + final List errors = new ArrayList<>(); - List errors = new ArrayList(); + log.debug("Validate general STORK configuration"); - log.debug("Validate general STORK configuration"); + // check peps list - // check peps list - // if (form.getCpepslist() != null) { // for(CPEPS current : form.getCpepslist()) { - if (form.getRawCPEPSList() != null) { - for(CPEPS current : form.getRawCPEPSList()) { - // if an existing record got deleted - if(null == current) - continue; - - // check country code - String check = current.getCountryCode(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { - log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {check}, request )); - } - - // check url - check = current.getURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("CPEPS config URL is invalid : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); - } - } else { - log.warn("CPEPS config url is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); - } - - } else { - log.warn("CPEPS config countrycode is empty : " + check); + if (form.getRawCPEPSList() != null) { + for (final CPEPS current : form.getRawCPEPSList()) { + // if an existing record got deleted + if (null == current) { + continue; + } + + // check country code + String check = current.getCountryCode(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + if (!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { check }, request)); + } + + // check url + check = current.getURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("CPEPS config URL is invalid : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); + } + } else { + log.warn("CPEPS config url is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] { check }, request)); + } + + } else { + log.warn("CPEPS config countrycode is empty : " + check); // errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", // new Object[] {check}, request )); - } - - } - - if (form.getCpepslist() != null) { - // ensure uniqueness of country code - for (CPEPS one : form.getCpepslist()) - for (CPEPS another : form.getCpepslist()) - if (null != one && null != another && one.getCountryCode() != null) - if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); - break; - } - } - } - - // check qaa - String qaa = form.getDefaultQaa(); - if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { - log.warn("eIDAS LoA is not allowed : " + qaa); - errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}, request )); - } - - // check attributes - if (MiscUtil.isNotEmpty(form.getAttributes())) { - for(StorkAttribute check : form.getAttributes()) { - if (check != null && MiscUtil.isNotEmpty(check.getName())) { - String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? - if (ValidationHelper.containsNotValidCharacter(tmp, true)) { - log.warn("default attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { - log.warn("default attributes do not match the requested format : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check}, request )); - } - - } - } - - //TODO: STORK attributes check if no attribute is set + } + + } + + if (form.getCpepslist() != null) { + // ensure uniqueness of country code + for (final CPEPS one : form.getCpepslist()) { + for (final CPEPS another : form.getCpepslist()) { + if (null != one && null != another && one.getCountryCode() != null) { + if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); + break; + } + } + } + } + } + } + + // check qaa + final String qaa = form.getDefaultQaa(); + if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] { qaa }, request)); + } + + // check attributes + if (MiscUtil.isNotEmpty(form.getAttributes())) { + for (final StorkAttribute check : form.getAttributes()) { + if (check != null && MiscUtil.isNotEmpty(check.getName())) { + final String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come + // with a "/", we need to + // exclude them from + // validation. TODO Or should + // we require the admin to + // escape them in the UI? + if (ValidationHelper.containsNotValidCharacter(tmp, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + if (!tmp.toLowerCase().matches("^[A-Za-z]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { check }, request)); + } + + } + } + + // TODO: STORK attributes check if no attribute is set // } else { // log.warn("no attributes specified"); // errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty", // new Object[] {} )); - } + } - return errors; - } + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index 5a31d8f47..9c5b145b8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -28,233 +28,228 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAAuthenticationDataValidation { - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - - - //Check BKU URLs - if (isAdmin) { - check =form.getBkuHandyURL(); - if (MiscUtil.isNotEmpty(check)) { + public List validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + // Check BKU URLs + if (isAdmin) { + check = form.getBkuHandyURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Handy-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); - } - } - - check =form.getBkuLocalURL(); - if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check = form.getBkuLocalURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Local-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); - } - } - - check =form.getBkuOnlineURL(); - if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check = form.getBkuOnlineURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Online-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); - } - } - } - - if (isAdmin) { - //check KeyBoxIdentifier - check = form.getKeyBoxIdentifier(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty KeyBoxIdentifier"); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); - } else { - Map list = form.getKeyBoxIdentifierList(); - if (!list.containsKey(check)) { - log.info("Not valid KeyBoxIdentifier " + check); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); - } - } - - //check LegacyMode SLTemplates - if (form.isLegacy()) { - if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && - MiscUtil.isEmpty(form.getSLTemplateURL2()) && - MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { - log.info("Empty OA-specific SecurityLayer Templates"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); - - } else { - check = form.getSLTemplateURL1(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("First OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); - } - check = form.getSLTemplateURL2(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("Second OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); - } - check = form.getSLTemplateURL3(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("Third OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); - } - } - } - } - - //check Mandate Profiles - check = form.getMandateProfiles(); - if (MiscUtil.isNotEmpty(check)) { - - if (!form.isUseMandates()) { - log.info("MandateProfiles configured but useMandates is false."); - errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); - } - - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.warn("MandateProfiles contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check =form.getMisServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MIS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", - new Object[]{check}, request)); - } - } - - check =form.getElgaServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid ELGA Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", - new Object[]{check}, request)); - } - } - - check =form.getSzrgwServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid SZR-GW Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{check}, request)); - } - } - - check =form.getEidServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid E-ID Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", - new Object[]{check}, request)); - } - } - - if (form.isEnableTestCredentials() - && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { - for (String el : form.getTestCredialOIDList()) { - if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) { - log.warn("Test credential OID does not start with test credential root OID"); - errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", - new Object[] {el}, request )); - } - } - - - } - - if (form.isSl20Active()) { - if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { - log.debug("Validate SL2.0 configuration ... "); - List sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); - if (sl20Endpoints.size() == 1) { - String value = sl20Endpoints.get(0); - - if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && - value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { - log.warn("SL2.0 endpoint '" + value + "' has wrong format"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {value}, request )); - - } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && - !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { - log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); - form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); - - } - - } else { - boolean findDefault = false; - for (String el : sl20Endpoints) { - if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { - log.warn("SL2.0 endpoint '" + el + "' has wrong format"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {el}, request )); - - } else { - if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { - log.debug("Find default endpoint."); - findDefault = true; - - } else { - String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; - try { - Integer.valueOf(firstPart); - - } catch (NumberFormatException e) { - log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {el}, request )); - - } - } - } - } - - if (!findDefault) { - log.warn("SL2.0 endpoints contains NO default endpoint"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", - new Object[] {}, request )); - - } - } - } - } - - return errors; - } + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + } + + if (isAdmin) { + // check KeyBoxIdentifier + check = form.getKeyBoxIdentifier(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); + } else { + final Map list = form.getKeyBoxIdentifierList(); + if (!list.containsKey(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); + } + } + + // check LegacyMode SLTemplates + if (form.isLegacy()) { + if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && + MiscUtil.isEmpty(form.getSLTemplateURL2()) && + MiscUtil.isEmpty(form.getSLTemplateURL3())) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); + + } else { + check = form.getSLTemplateURL1(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); + } + check = form.getSLTemplateURL2(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); + } + check = form.getSLTemplateURL3(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); + } + } + } + } + + // check Mandate Profiles + check = form.getMandateProfiles(); + if (MiscUtil.isNotEmpty(check)) { + + if (!form.isUseMandates()) { + log.info("MandateProfiles configured but useMandates is false."); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); + } + + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getMisServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MIS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[] { check }, request)); + } + } + + check = form.getElgaServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid ELGA Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[] { check }, request)); + } + } + + check = form.getSzrgwServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid SZR-GW Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[] { check }, request)); + } + } + + check = form.getEidServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid E-ID Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[] { check }, request)); + } + } + + if (form.isEnableTestCredentials() + && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { + for (final String el : form.getTestCredialOIDList()) { + if (!el.startsWith(MOAIDConstants.TESTCREDENTIALROOTOID)) { + log.warn("Test credential OID does not start with test credential root OID"); + errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", + new Object[] { el }, request)); + } + } + + } + + if (form.isSl20Active()) { + if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { + log.debug("Validate SL2.0 configuration ... "); + final List sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); + if (sl20Endpoints.size() == 1) { + final String value = sl20Endpoints.get(0); + + if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + value + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { value }, request)); + + } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + !value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); + form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); + + } + + } else { + boolean findDefault = false; + for (final String el : sl20Endpoints) { + if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { el }, request)); + + } else { + if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { + log.debug("Find default endpoint."); + findDefault = true; + + } else { + final String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; + try { + Integer.valueOf(firstPart); + + } catch (final NumberFormatException e) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { el }, request)); + + } + } + } + } + + if (!findDefault) { + log.warn("SL2.0 endpoints contains NO default endpoint"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", + new Object[] {}, request)); + + } + } + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java index 2011a07f1..951b89753 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -27,67 +27,62 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.io.IOUtils; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAFileUploadValidation { - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List validate(List fileName, List files, - String errorMsgPreFix, Map output, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (fileName != null) { - - if (fileName.size() > 1) { - log.info("Only one BKU-selecten template file can be stored"); - errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request)); - } - - for (int i=0; i validate(List fileName, List files, + String errorMsgPreFix, Map output, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (fileName != null) { + + if (fileName.size() > 1) { + log.info("Only one BKU-selecten template file can be stored"); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request)); + } + + for (int i = 0; i < fileName.size(); i++) { + final String filename = fileName.get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsNotValidCharacter(filename, false)) { + log.info("Filename is not valid"); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request)); + + } else { + try { + final File file = files.get(i); + final InputStream stream = new FileInputStream(file); + output.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + stream.close(); + + } catch (final IOException e) { + log.info("File with FileName " + + filename + " can not be loaded.", e); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid", + new Object[] { filename }, request)); + } + } + } + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java index c30c11f5a..205e792fa 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java @@ -28,30 +28,29 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAOAUTH20ConfigValidation { - - private static final Logger log = Logger.getLogger(OAOAUTH20ConfigValidation.class); - - public List validate(OAOAuth20Config form, HttpServletRequest request) { - - List errors = new ArrayList(); - - // validate secret + + public List validate(OAOAuth20Config form, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + // validate secret // if (StringUtils.isEmpty(form.getClientSecret())) { // errors.add(LanguageHelper.getErrorString("error.oa.oauth.clientSecret")); // } - - // validate redirectUri - if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); - } - - return errors; - } + + // validate redirectUri + if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index cbb7c88b2..8e9865a3a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -33,7 +33,6 @@ import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; -import org.apache.log4j.Logger; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataFilterChain; @@ -57,186 +56,189 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAPVP2ConfigValidation { - private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); - - public List validate(OAPVP2Config form, String oaID, HttpServletRequest request) { - - Timer timer = null; - MOAHttpClient httpClient = null; - HTTPMetadataProvider httpProvider = null; - - List errors = new ArrayList(); - try { - byte[] certSerialized = null; - if (form.getFileUpload() != null) - certSerialized = form.getCertificate(); - - else { - try { - //Some databases does not allow the selection of a lob in SQL where expression - String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); - boolean backupVersion = false; - if (MiscUtil.isNotEmpty(dbDriver)) { - for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { - if (dbDriver.startsWith(el)) { - backupVersion = true; - log.debug("JDBC driver '" + dbDriver - + "' is blacklisted --> Switch to alternative DB access methode implementation."); - - } - - } - } - - Map oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion); - if (oa != null && - MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) { - certSerialized = Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false); - form.setStoredCert(certSerialized); - } - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - } - - String check = form.getMetaDataURL(); - if (MiscUtil.isNotEmpty(check)) { - - if (!ValidationHelper.validateURL(check)) { - log.info("MetaDataURL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); - - } else { - if (certSerialized == null) { - log.info("No certificate for metadata validation"); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - - } else { - if (form.getMetaDataURL().startsWith("http")) { - X509Certificate cert = new X509Certificate(certSerialized); - BasicX509Credential credential = new BasicX509Credential(); - credential.setEntityCertificate(cert); - - timer = new Timer(); - httpClient = new MOAHttpClient(); - - if (form.getMetaDataURL().startsWith("https:")) - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - true, - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - false); - - httpClient.setCustomSSLTrustStore( - form.getMetaDataURL(), - protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); - - } catch (ConfigurationException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); - - } - - List filterList = new ArrayList(); - filterList.add(new MetaDataVerificationFilter(credential)); - - try { - filterList.add(new SchemaValidationFilter( - ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); - - } catch (ConfigurationException e) { - log.warn("Configuration access FAILED!", e); - - } - - MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - httpProvider = - new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); - httpProvider.setParserPool(new BasicParserPool()); - httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(filter); - httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes - httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - - httpProvider.setRequireValidMetadata(true); - - httpProvider.initialize(); - - - - - if (httpProvider.getMetadata() == null) { - log.info("Metadata could be received but validation FAILED."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); - } - - } else { - log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL()); - - } - - } - } - } - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - - } catch (IOException e) { - log.info("Metadata can not be loaded from URL", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); - - } catch (MetadataProviderException e) { - - try { - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - log.info("SSL Server certificate not trusted.", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); - - } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); - - } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); - - } else { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - } - - } catch (Exception e1) { - log.info("MetaDate verification failed", e1); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - - } - - } finally { - if (httpProvider != null) - httpProvider.destroy(); - - if (timer != null) - timer.cancel(); - - } - - return errors; - } + public List validate(OAPVP2Config form, String oaID, HttpServletRequest request) { + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; + + final List errors = new ArrayList<>(); + try { + byte[] certSerialized = null; + if (form.getFileUpload() != null) { + certSerialized = form.getCertificate(); + } else { + try { + // Some databases does not allow the selection of a lob in SQL where expression + final String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties() + .getProperty("hibernate.connection.driver_class"); + boolean backupVersion = false; + if (MiscUtil.isNotEmpty(dbDriver)) { + for (final String el : MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + backupVersion = true; + log.debug("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + + } + } + + final Map oa = ConfigurationProvider.getInstance().getDbRead() + .getOnlineApplicationKeyValueWithId(oaID, backupVersion); + if (oa != null && + MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) { + certSerialized = Base64Utils.decode(oa.get( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false); + form.setStoredCert(certSerialized); + } + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + } + + final String check = form.getMetaDataURL(); + if (MiscUtil.isNotEmpty(check)) { + + if (!ValidationHelper.validateURL(check)) { + log.info("MetaDataURL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); + + } else { + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + + } else { + if (form.getMetaDataURL().startsWith("http")) { + final X509Certificate cert = new X509Certificate(certSerialized); + final BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (form.getMetaDataURL().startsWith("https:")) { + try { + final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + true, + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[] { "crl" }, + false); + + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); + + } catch (final MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } catch (final ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); + + } + } + + final List filterList = new ArrayList<>(); + filterList.add(new MetaDataVerificationFilter(credential)); + + try { + filterList.add(new SchemaValidationFilter( + ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (final ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes + httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours + + httpProvider.setRequireValidMetadata(true); + + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } + + } else { + log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form + .getMetaDataURL()); + + } + + } + } + } + + } catch (final CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + + } catch (final IOException e) { + log.info("Metadata can not be loaded from URL", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); + + } catch (final MetadataProviderException e) { + + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + } + + } catch (final Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + + } + + } finally { + if (httpProvider != null) { + httpProvider.destroy(); + } + + if (timer != null) { + timer.cancel(); + } + + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java index 95104b929..903e8899a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java @@ -27,25 +27,23 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASAML1ConfigValidation { - private static final Logger log = Logger.getLogger(OASAML1ConfigValidation.class); - - public List validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (general.isBusinessService() && form.isProvideStammZahl()) { - log.info("ProvideStammZahl can not be used with BusinessService applications"); - errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request)); - } - - return errors; - } + public List validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (general.isBusinessService() && form.isProvideStammZahl()) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index 971e11cc4..109257551 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -27,33 +27,31 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASSOConfigValidation { - - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) { - - List errors = new ArrayList(); - - String urlString = form.getSingleLogOutURL(); - if (MiscUtil.isEmpty(urlString)) { - log.info("No Single Log-Out URL"); - //TODO: set error if it is implemented - //errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty")); - } else { - if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { - log.info("Single Log-Out url validation error"); - errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request)); - } - } - - return errors; - } + + public List validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + final String urlString = form.getSingleLogOutURL(); + if (MiscUtil.isEmpty(urlString)) { + log.info("No Single Log-Out URL"); + // TODO: set error if it is implemented + // errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty")); + } else { + if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { + log.info("Single Log-Out url validation error"); + errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request)); + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 00ccdca8c..a8836145a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -28,60 +28,59 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASTORKConfigValidation { - private static final Logger log = Logger.getLogger(OASTORKConfigValidation.class); + public List validate(OASTORKConfig oageneral, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + // check qaa + final String qaa = oageneral.getQaa(); + if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] { qaa }, request)); + } + + if (oageneral.isVidpEnabled()) { + final Iterator interator = oageneral.getAttributeProviderPlugins().iterator(); + while (interator.hasNext()) { + final AttributeProviderPlugin current = interator.next(); + if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); + } + if (MiscUtil.isEmpty(current.getName())) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request)); - public List validate(OASTORKConfig oageneral, HttpServletRequest request) { + } else { + if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request)); + } + } - List errors = new ArrayList(); + if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches( + "[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request)); + } + } - // check qaa - String qaa = oageneral.getQaa(); - if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { - log.warn("eIDAS LoA is not allowed : " + qaa); - errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}, request )); - } - - if (oageneral.isVidpEnabled()) { - Iterator interator = oageneral.getAttributeProviderPlugins().iterator(); - while (interator.hasNext()) { - AttributeProviderPlugin current = interator.next(); - if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { - log.info("AttributeProviderPlugin URL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); - } - if (MiscUtil.isEmpty(current.getName())) { - log.info("AttributeProviderPlugin Name is empty."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request)); - - } else { - if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { - log.info("AttributeProviderPlugin Name is not supported."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request)); - } - } - - if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { - log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request)); - } - } - - } else { - oageneral.setAttributeProviderPlugins(null); - } + } else { + oageneral.setAttributeProviderPlugins(null); + } - return errors; - } + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java index 4807d479e..3e1ed0a38 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -29,8 +29,6 @@ import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; @@ -38,133 +36,133 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OATargetConfigValidation { - private static final Logger log = Logger.getLogger(OATargetConfigValidation.class); - - public List validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - if (general.isBusinessService()) { - - //check identification type - check = form.getIdentificationType(); - if (!form.getIdentificationTypeList().contains(check)) { - log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); - } - - //check identification number - check = form.getIdentificationNumber(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty IdentificationNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - - if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { - CompanyNumberValidator val = new CompanyNumberValidator(); - if (!val.validate(check)) { - log.info("Not valid CompanyNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); - } - - } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { - Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}"); - Matcher matcher = pattern.matcher(check); - if (!matcher.matches()) { - log.info("Not valid eIDAS Target"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid", request)); - - } - - } - } - - } else { - - check = form.getTarget_subsector(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target-Subsector"); - errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); - } - } - - - if (!isAdmin) { - //check PublicURL Prefix allows PublicService - if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { - log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); - errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", - new Object[] {general.getIdentifier()}, request )); - general.setBusinessService(true); - return errors; - - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - - } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - } else { - - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - //check Admin Target - check = form.getTarget_admin(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); - } - } - } - } - - - //foreign bPK configuration - - - return errors; - } + public List validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, + HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + if (general.isBusinessService()) { + + // check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); + } + + // check identification number + check = form.getIdentificationNumber(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { + final CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", + request)); + } + + } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { + final Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}"); + final Matcher matcher = pattern.matcher(check); + if (!matcher.matches()) { + log.info("Not valid eIDAS Target"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid", + request)); + + } + + } + } + + } else { + + check = form.getTarget_subsector(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); + } + } + + if (!isAdmin) { + // check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] { general.getIdentifier() }, request)); + general.setBusinessService(true); + return errors; + + } + + // check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + } else { + + // check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + } + + // check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + // check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); + } + } + } + } + + // foreign bPK configuration + + return errors; + } } diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 36275beea..7bc933703 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -60,9 +60,9 @@ - - org.slf4j - slf4j-log4j12 + + org.apache.logging.log4j + log4j-slf4j-impl diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index e78ebd175..f6fb3ecd7 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -38,6 +38,17 @@ default https://git.egiz.gv.at/EAAF-Components/plain/eaaf_modules/eaaf_module_moa-sig/repository + + egiz-commons + https://apps.egiz.gv.at/maven + + true + ignore + + + false + + @@ -57,37 +68,37 @@ - MOA.spss.server - moa-sig-lib - 3.1.3 - - - commons-logging - commons-logging - - - * - axis - - + moaSig + moa-sig-lib + 3.1.4 + + + commons-logging + commons-logging + + + * + axis + + - MOA.spss - common - 3.1.3 + moaSig + common + 3.1.4 - MOA.spss - tsl_lib - 2.0.3 + at.gv.egovernment.moa.sig + tsl-lib + 2.0.5 iaik.prod iaik_cms - 5.1 + 5.1.1 iaik.prod @@ -129,7 +140,7 @@ iaik.prod iaik_moa - 2.06 + 2.07 iaik.prod @@ -162,8 +173,10 @@ 2.14_moa - - + + joda-time + joda-time + javax.mail diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 2897de96b..6dfd29b59 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -98,10 +98,10 @@ org.slf4j slf4j-api - - org.slf4j - slf4j-log4j12 - + + org.apache.logging.log4j + log4j-slf4j-impl + MOA.id.server diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java index 07edb250d..5db37d2f7 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java @@ -35,7 +35,6 @@ import java.util.Timer; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.HttpClient; -import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.xml.parse.BasicParserPool; @@ -45,11 +44,10 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.MetaDataVerificationFilter; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class Configuration { - - private static final Logger log = Logger.getLogger(Configuration.class); private Properties props; private static final String SYSTEM_PROP_CONFIG = "moa.id.demoOA"; diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index d4c67cfae..040ec330c 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -48,12 +48,10 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; -import org.opensaml.saml2.common.Extensions; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; @@ -64,12 +62,10 @@ import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.io.Unmarshaller; import org.opensaml.xml.io.UnmarshallingException; -import org.opensaml.xml.schema.XSAny; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; @@ -82,296 +78,299 @@ import org.xml.sax.SAXException; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; -import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver; import at.gv.egovernment.moa.id.demoOA.Configuration; import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - - /** * Servlet implementation class Authenticate */ public class Authenticate extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - - /** - * @see HttpServlet#HttpServlet() - */ - public Authenticate() { - super(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - builder = factory.newDocumentBuilder(); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - } - } - - DocumentBuilder builder; - - - //generate AuthenticationRequest - protected void process(HttpServletRequest request, - HttpServletResponse response, Map legacyParameter) throws ServletException, IOException { - try { - - Configuration config = Configuration.getInstance(); - config.initializePVP2Login(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - String relayState = String.valueOf(RandomUtils.nextLong()); - - if (config.useRedirectBindingResponse()) - authReq.setAssertionConsumerServiceIndex(1); - else - authReq.setAssertionConsumerServiceIndex(0); - - authReq.setAttributeConsumingServiceIndex(0); - - authReq.setIssueInstant(new DateTime()); + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public Authenticate() { + super(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + } + } + + DocumentBuilder builder; + + // generate AuthenticationRequest + protected void process(HttpServletRequest request, + HttpServletResponse response, Map legacyParameter) throws ServletException, + IOException { + try { + + final Configuration config = Configuration.getInstance(); + config.initializePVP2Login(); + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + final String relayState = String.valueOf(RandomUtils.nextLong()); + + if (config.useRedirectBindingResponse()) { + authReq.setAssertionConsumerServiceIndex(1); + } else { + authReq.setAssertionConsumerServiceIndex(0); + } + + authReq.setAttributeConsumingServiceIndex(0); + + authReq.setIssueInstant(new DateTime()); // Subject subject = SAML2Utils.createSAMLObject(Subject.class); // NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - //name.setValue(serviceURL); - issuer.setValue(serviceURL); - + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + // name.setValue(serviceURL); + issuer.setValue(serviceURL); + // subject.setNameID(name); // authReq.setSubject(subject); - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - - if (config.setNameIdPolicy()) { - NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); - } - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config.useRedirectBindingRequest()) { - redirectEndpoint = sss; - } - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config.useRedirectBindingRequest()) { - redirectEndpoint = sss; - } - - } - - if (redirectEndpoint == null) { - log.warn("Can not find valid EndPoint for SAML2 response"); - throw new ConfigurationException("Can not find valid EndPoint for SAML2 response"); - - } - - authReq.setDestination(redirectEndpoint.getLocation()); - - //authReq.setDestination("http://test.test.test"); - - if (config.setAuthnContextClassRef()) { - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { - authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); - - } else { - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - } - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - authReq.setRequestedAuthnContext(reqAuthContext); - } - - if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { - Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); - RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); - requesterId.setRequesterID(config.getScopeRequesterId()); - scope.getRequesterIDs().add(requesterId ); - authReq.setScoping(scope ); - - } - - if (config.isEidasProxySimulatorEnabled()) { - authReq = injectEidasMsProxyAttributes(request, authReq); - - } - - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - authReq.setSignature(signer); - - - if (!config.useRedirectBindingRequest()) { - //generate Http-POST Binding message - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - engine.init(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "templates/pvp_postbinding_template.html"); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(authReq); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - encoder.encode(context); - - } else { - //generate Redirect Binding message - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(redirectEndpoint.getLocation()); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(authReq); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - encoder.encode(context); - - } - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - - private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq) - throws SAXException, IOException, ParserConfigurationException, MarshallingException, UnmarshallingException { - - //build extension from template - String xmlTemplate = IOUtils.toString( - Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"), - StandardCharsets.UTF_8); - - String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, "eidasCountry", "DE"); - String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high"); - String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", "test"); - String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + + if (config.setNameIdPolicy()) { + final NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameIDType.PERSISTENT); + authReq.setNameIDPolicy(policy); + } + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleSignOnService redirectEndpoint = null; + for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleSignOnServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config + .useRedirectBindingRequest()) { + redirectEndpoint = sss; + } + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config + .useRedirectBindingRequest()) { + redirectEndpoint = sss; + } + + } + + if (redirectEndpoint == null) { + log.warn("Can not find valid EndPoint for SAML2 response"); + throw new ConfigurationException("Can not find valid EndPoint for SAML2 response"); + + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + // authReq.setDestination("http://test.test.test"); + + if (config.setAuthnContextClassRef()) { + final RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + final AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { + authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); + + } else { + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + } + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + } + + if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { + final Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); + final RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); + requesterId.setRequesterID(config.getScopeRequesterId()); + scope.getRequesterIDs().add(requesterId); + authReq.setScoping(scope); + + } + + if (config.isEidasProxySimulatorEnabled()) { + authReq = injectEidasMsProxyAttributes(request, authReq); + + } + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + authReq.setSignature(signer); + + if (!config.useRedirectBindingRequest()) { + // generate Http-POST Binding message + final VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + engine.init(); + + final HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "templates/pvp_postbinding_template.html"); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } else { + // generate Redirect Binding message + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq) + throws SAXException, IOException, ParserConfigurationException, MarshallingException, + UnmarshallingException { + + // build extension from template + final String xmlTemplate = IOUtils.toString( + Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"), + StandardCharsets.UTF_8); + + final String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, + "eidasCountry", "DE"); + final String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high"); + final String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", + "test"); + final String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector); log.debug("Formated requested attributes: " + xmlString); - - Document extension = DOMUtils.parseDocument(xmlString, false, null, null); - - - //marshalle, inject, and unmarshalle request to set extension - //TODO: find better solution, be it is good enough for a first simple test + + final Document extension = DOMUtils.parseDocument(xmlString, false, null, null); + + // marshalle, inject, and unmarshalle request to set extension + // TODO: find better solution, be it is good enough for a first simple test DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(authReq); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(authReq); out.marshall(authReq, document); - - Node extElement = document.importNode(extension.getDocumentElement(), true); - //document.getDocumentElement().appendChild(extElement); + + final Node extElement = document.importNode(extension.getDocumentElement(), true); + // document.getDocumentElement().appendChild(extElement); document.getDocumentElement().insertBefore(extElement, document.getChildNodes().item(2)); - - Unmarshaller in = org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(document.getDocumentElement()); + + final Unmarshaller in = org.opensaml.xml.Configuration.getUnmarshallerFactory().getUnmarshaller(document + .getDocumentElement()); return (AuthnRequest) in.unmarshall(document.getDocumentElement()); - + } - - + private String getParameterOrDefault(HttpServletRequest request, String paramName, String defaultValue) { - String reqParam = request.getParameter(paramName); + final String reqParam = request.getParameter(paramName); if (MiscUtil.isEmpty(reqParam)) { return defaultValue; - + } else { return reqParam; - + } - + } + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response, null); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response, null); - } + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index d28f94fd6..005291082 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -42,7 +42,6 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; @@ -75,267 +74,263 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class BuildMetadata extends HttpServlet { - Logger log = Logger.getLogger(BuildMetadata.class); - - private static final long serialVersionUID = 1L; - - private static final int VALIDUNTIL_IN_HOURS = 24; - - /** - * @see HttpServlet#HttpServlet() - */ - public BuildMetadata() { - super(); - } - - protected static Signature getSignature(Credential credentials) { - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - Configuration config = Configuration.getInstance(); - - SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); - - EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. - createSAMLObject(EntitiesDescriptor.class); - - DateTime date = new DateTime(); - spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); - - String name = config.getPVP2MetadataEntitiesName(); - if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); - throw new ConfigurationException("NO Metadata EntitiesName configurated"); - } - - spEntitiesDescriptor.setName(name); - spEntitiesDescriptor.setID(idGen.generateIdentifier()); - - //set period of validity for metadata information - DateTime validUntil = new DateTime(); - spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); - - - EntityDescriptor spEntityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); - - spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); - - //set OA-ID (PublicURL Prefix) as identifier - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - log.debug("Set OnlineApplicationURL to " + serviceURL); - spEntityDescriptor.setEntityID(serviceURL); - - SPSSODescriptor spSSODescriptor = SAML2Utils - .createSAMLObject(SPSSODescriptor.class); - - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(true); - - X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityCertificate(true); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential signingcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreMetadataKeyAlias(), - config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - - - log.debug("Set Metadata key information"); - //Set MetaData Signing key - KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); - entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); - Signature entitiesSignature = getSignature(signingcredential); - spEntitiesDescriptor.setSignature(entitiesSignature); - - - //Set AuthRequest Signing certificate - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - - //set AuthRequest encryption certificate - if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) || - MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) { - X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - - //set encryption methode + + private static final long serialVersionUID = 1L; + + private static final int VALIDUNTIL_IN_HOURS = 24; + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final Configuration config = Configuration.getInstance(); + + final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + final DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + + final String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + // set period of validity for metadata information + final DateTime validUntil = new DateTime(); + spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); + + final EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + // set OA-ID (PublicURL Prefix) as identifier + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + final SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + log.debug("Set Metadata key information"); + // Set MetaData Signing key + final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + final Signature entitiesSignature = getSignature(signingcredential); + spEntitiesDescriptor.setSignature(entitiesSignature); + + // Set AuthRequest Signing certificate + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + final KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + // set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) || + MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) { + final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + final KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + + // set encryption methode // EncryptionMethod encMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class); -// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); +// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); // encryKeyDescriptor.getEncryptionMethods().add(encMethode); -// +// // EncryptionMethod keyencMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class); -// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); +// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); // encryKeyDescriptor.getEncryptionMethods().add(keyencMethode); - - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - - NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); - - spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); - - NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientnameIDFormat.setFormat(NameIDType.TRANSIENT); - - spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); - - NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - - //set HTTP-POST Binding assertion consumer service - AssertionConsumerService postassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - //set HTTP-Redirect Binding assertion consumer service - AssertionConsumerService redirectassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - redirectassertionConsumerService.setIndex(1); - redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); - - //set Single Log-Out service - SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT); - spSSODescriptor.getSingleLogoutServices().add(sloService); - - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - - AttributeConsumingService attributeService = - SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "de")); - attributeService.getNames().add(serviceName); - - //set attributes which are requested - attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - - //build metadata - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); - out.marshall(spEntitiesDescriptor, document); - - Signer.signObject(entitiesSignature); - - Transformer transformer = TransformerFactory.newInstance().newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - String metadataXML = sw.toString(); - - response.setContentType("text/xml"); - response.getOutputStream().write(metadataXML.getBytes()); - - response.getOutputStream().close(); - - } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - } + + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + // set HTTP-POST Binding assertion consumer service + final AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + // set HTTP-Redirect Binding assertion consumer service + final AssertionConsumerService redirectassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + // set Single Log-Out service + final SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT); + spSSODescriptor.getSingleLogoutServices().add(sloService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + final AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + // set attributes which are requested + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + // build metadata + DocumentBuilder builder; + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + final Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + final StringWriter sw = new StringWriter(); + final StreamResult sr = new StreamResult(sw); + final DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + final String metadataXML = sw.toString(); + + response.setContentType("text/xml"); + response.getOutputStream().write(metadataXML.getBytes()); + + response.getOutputStream().close(); + + } catch (final ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (final Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } } \ No newline at end of file diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index df58fbc7a..e4acd8152 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; @@ -85,280 +84,285 @@ import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.PVPConstants; import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class DemoApplication extends HttpServlet { - Logger log = Logger.getLogger(DemoApplication.class); - - private static final long serialVersionUID = -2129228304760706063L; - - - - private void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - - ApplicationBean bean = new ApplicationBean(); - - log.debug("Receive request on secure-area endpoint ..."); - - String method = request.getMethod(); - HttpSession session = request.getSession(); - if (session == null) { - log.info("NO HTTP Session"); - bean.setErrorMessage("NO HTTP session"); - setAnser(request, response, bean); - return; - } - - try { - Configuration config = Configuration.getInstance(); - Response samlResponse = null; - - if (method.equals("GET")) { - log.debug("Find possible SAML2 Redirect-Binding response ..."); - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - - messageContext.setMetadataProvider(config.getMetaDataProvier()); - - MetadataCredentialResolver resolver = new MetadataCredentialResolver(config.getMetaDataProvier()); - List keyInfoProvider = new ArrayList(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( - resolver, keyInfoResolver); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(engine); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy); - messageContext.setSecurityPolicyResolver(resolver1); - - decode.decode(messageContext); - - log.info("PVP2 Assertion with Redirect-Binding is valid"); - - } else if (method.equals("POST")) { - log.debug("Find possible SAML2 Post-Binding response ..."); - //Decode with HttpPost Binding - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); - decode.decode(messageContext); - - samlResponse = (Response) messageContext.getInboundMessage(); - - Signature sign = samlResponse.getSignature(); - if (sign == null) { - log.info("Only http POST Requests can be used"); - bean.setErrorMessage("Only http POST Requests can be used"); - setAnser(request, response, bean); - return; - } - - //Validate Signature - SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); - profileValidator.validate(sign); - - //Verify Signature - List keyInfoProvider = new ArrayList(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); - MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); - criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); - criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); - - ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); - trustEngine.validate(sign, criteriaSet); - - log.info("PVP2 Assertion with POST-Binding is valid"); - - } else { - bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); - setAnser(request, response, bean); - return; - - } - - - if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - List saml2assertions = new ArrayList(); - - //check encrypted Assertion - List encryAssertionList = samlResponse.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - log.debug("Found encryped assertion. Start decryption ..."); - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(authDecCredential); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion); - samlResponse.getAssertions().add(decryptedAssertion); - log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument(decryptedAssertion))); - - } - - log.debug("Assertion decryption finished. "); - - } else { - log.debug("Assertiojn is not encryted. Use it as it is"); - - } - - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - - String principleId = null; - String givenName = null; - String familyName = null; - String birthday = null; - - log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption"); - - for (org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) { - - try { - principleId = saml2assertion.getSubject().getNameID().getValue(); - - } catch (Exception e) { - log.warn("Can not read SubjectNameId", e); - } - - //loop through the nodes to get what we want - List attributeStatements = saml2assertion.getAttributeStatements(); - for (int i = 0; i < attributeStatements.size(); i++) - { - List attributes = attributeStatements.get(i).getAttributes(); - for (int x = 0; x < attributes.size(); x++) - { - - - String strAttributeName = attributes.get(x).getName(); - - log.debug("Find attribute with name: " + strAttributeName + " and value: " - + attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue()); - - if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { - familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - - if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { - givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - - if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { - birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - - if (strAttributeName.equals(PVPConstants.BPK_NAME)) { - principleId = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - } - } - request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, - saml2assertion.getSubject().getNameID().getFormat()); - request.getSession().setAttribute(Constants.SESSION_NAMEID, - saml2assertion.getSubject().getNameID().getValue()); - - } - - bean.setPrincipleId(principleId); - bean.setDateOfBirth(birthday); - bean.setFamilyName(familyName); - bean.setGivenName(givenName); - bean.setLogin(true); - - setAnser(request, response, bean); - return; - - - } else { - bean.setErrorMessage("Der Anmeldevorgang wurde abgebrochen.
Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion."); - setAnser(request, response, bean); - return; - - } - - } catch (Exception e) { - log.warn(e); - bean.setErrorMessage("Internal Error: " + e.getMessage()); - setAnser(request, response, bean); - return; - } - - } - - private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException { - // store bean in session - request.setAttribute("answers", answersBean); - - // you now can forward to some view, for example some results.jsp - request.getRequestDispatcher("demoapp.jsp").forward(request, response); - - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + + private static final long serialVersionUID = -2129228304760706063L; + + private void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + final ApplicationBean bean = new ApplicationBean(); + + log.debug("Receive request on secure-area endpoint ..."); + + final String method = request.getMethod(); + final HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + bean.setErrorMessage("NO HTTP session"); + setAnser(request, response, bean); + return; + } + + try { + final Configuration config = Configuration.getInstance(); + Response samlResponse = null; + + if (method.equals("GET")) { + log.debug("Find possible SAML2 Redirect-Binding response ..."); + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + messageContext.setMetadataProvider(config.getMetaDataProvier()); + + final MetadataCredentialResolver resolver = new MetadataCredentialResolver(config + .getMetaDataProvier()); + final List keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + final ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( + resolver, keyInfoResolver); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + engine); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy); + messageContext.setSecurityPolicyResolver(resolver1); + + decode.decode(messageContext); + + log.info("PVP2 Assertion with Redirect-Binding is valid"); + + } else if (method.equals("POST")) { + log.debug("Find possible SAML2 Post-Binding response ..."); + // Decode with HttpPost Binding + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + samlResponse = (Response) messageContext.getInboundMessage(); + + final Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + bean.setErrorMessage("Only http POST Requests can be used"); + setAnser(request, response, bean); + return; + } + + // Validate Signature + final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + profileValidator.validate(sign); + + // Verify Signature + final List keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory + .getFactory(); + final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config + .getMetaDataProvier()); + + final CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine( + credentialResolver, keyInfoResolver); + trustEngine.validate(sign, criteriaSet); + + log.info("PVP2 Assertion with POST-Binding is valid"); + + } else { + bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); + setAnser(request, response, bean); + return; + + } + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + final List saml2assertions = + new ArrayList<>(); + + // check encrypted Assertion + final List encryAssertionList = samlResponse.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + // decrypt assertions + + log.debug("Found encryped assertion. Start decryption ..."); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + + final StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver()); + + final Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (final EncryptedAssertion encAssertion : encryAssertionList) { + final Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion); + samlResponse.getAssertions().add(decryptedAssertion); + log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument( + decryptedAssertion))); + + } + + log.debug("Assertion decryption finished. "); + + } else { + log.debug("Assertiojn is not encryted. Use it as it is"); + + } + + // set assertion + final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + final String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + String principleId = null; + String givenName = null; + String familyName = null; + String birthday = null; + + log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption"); + + for (final org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) { + + try { + principleId = saml2assertion.getSubject().getNameID().getValue(); + + } catch (final Exception e) { + log.warn("Can not read SubjectNameId", e); + } + + // loop through the nodes to get what we want + final List attributeStatements = saml2assertion.getAttributeStatements(); + for (final AttributeStatement attributeStatement : attributeStatements) { + final List attributes = attributeStatement.getAttributes(); + for (final Attribute attribute : attributes) { + + final String strAttributeName = attribute.getName(); + + log.debug("Find attribute with name: " + strAttributeName + " and value: " + + attribute.getAttributeValues().get(0).getDOM().getNodeValue()); + + if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { + familyName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { + givenName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { + birthday = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.BPK_NAME)) { + principleId = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + } + } + request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, + saml2assertion.getSubject().getNameID().getFormat()); + request.getSession().setAttribute(Constants.SESSION_NAMEID, + saml2assertion.getSubject().getNameID().getValue()); + + } + + bean.setPrincipleId(principleId); + bean.setDateOfBirth(birthday); + bean.setFamilyName(familyName); + bean.setGivenName(givenName); + bean.setLogin(true); + + setAnser(request, response, bean); + return; + + } else { + bean.setErrorMessage( + "Der Anmeldevorgang wurde abgebrochen.
Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion."); + setAnser(request, response, bean); + return; + + } + + } catch (final Exception e) { + log.warn(e.getMessage(), e); + bean.setErrorMessage("Internal Error: " + e.getMessage()); + setAnser(request, response, bean); + return; + } + + } + + private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) + throws ServletException, IOException { + // store bean in session + request.setAttribute("answers", answersBean); + + // you now can forward to some view, for example some results.jsp + request.getRequestDispatcher("demoapp.jsp").forward(request, response); + + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java index bac3e1949..1b0eb35c9 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java @@ -90,241 +90,240 @@ import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +public class Index extends HttpServlet { + private static final long serialVersionUID = -2129228304760706063L; + private static final Logger log = LoggerFactory + .getLogger(Index.class); -public class Index extends HttpServlet { + private void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + final ApplicationBean bean = new ApplicationBean(); + + final String method = request.getMethod(); + final HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + bean.setErrorMessage("NO HTTP session"); + setAnser(request, response, bean); + return; + } + + if (method.equals("GET")) { + try { + final Configuration config = Configuration.getInstance(); + + // Decode with HttpPost Binding + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + decode.decode(messageContext); + + messageContext.setMetadataProvider(config.getMetaDataProvier()); + final CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory + .getFactory(); + final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config + .getMetaDataProvier()); + + // Verify Signature + final List keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine( + credentialResolver, keyInfoResolver); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + trustEngine); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setSecurityPolicyResolver(resolver); + + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + signatureRule.evaluate(messageContext); + + final SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage(); + + log.info("PVP2 statusrequest or statusresponse is valid"); + + if (samlResponse instanceof LogoutResponse) { + + final LogoutResponse sloResp = (LogoutResponse) samlResponse; + + // set assertion + final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + final String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden."); + + setAnser(request, response, bean); + return; + + } else { + bean.setErrorMessage( + "Der Single Log-Out Vorgang war nicht erfolgreich.
Bitte schließen Sie aus sicherheitsgründen den Browser!"); + setAnser(request, response, bean); + return; + + } + + } else if (samlResponse instanceof LogoutRequest) { + // invalidate user session + request.getSession().invalidate(); + + // build LogOutResponse + final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloResp.setID(gen.generateIdentifier()); + sloResp.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloResp.setIssuer(issuer); + + final Status status = SAML2Utils.createSAMLObject(Status.class); + sloResp.setStatus(status); + final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(StatusCode.SUCCESS_URI); + status.setStatusCode(statusCode); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } + } + sloResp.setDestination(redirectEndpoint.getLocation()); + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + sloResp.setSignature(signer); + + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation()); + + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(sloResp); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(messageContext.getRelayState()); + + encoder.encode(context); + + } else { + bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response"); + setAnser(request, response, bean); + return; + + } + + } catch (final Exception e) { + log.warn("Internal error", e); + bean.setErrorMessage("Internal Error: " + e.getMessage()); + setAnser(request, response, bean); + return; + } + + } else { + bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); + setAnser(request, response, bean); + return; + + } + } + + private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) + throws ServletException, IOException { + // store bean in session + request.setAttribute("answers", answersBean); + + // you now can forward to some view, for example some results.jsp + request.getRequestDispatcher("demoapp.jsp").forward(request, response); + + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } - private static final long serialVersionUID = -2129228304760706063L; - private static final Logger log = LoggerFactory - .getLogger(Index.class); - - - private void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - - ApplicationBean bean = new ApplicationBean(); - - - String method = request.getMethod(); - HttpSession session = request.getSession(); - if (session == null) { - log.info("NO HTTP Session"); - bean.setErrorMessage("NO HTTP session"); - setAnser(request, response, bean); - return; - } - - if (method.equals("GET")) { - try { - Configuration config = Configuration.getInstance(); - - //Decode with HttpPost Binding - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(request)); - - decode.decode(messageContext); - - messageContext.setMetadataProvider(config.getMetaDataProvier()); - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); - criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); - criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); - - MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); - MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); - - //Verify Signature - List keyInfoProvider = new ArrayList(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - - ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); - - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - trustEngine); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setSecurityPolicyResolver(resolver); - - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - - signatureRule.evaluate(messageContext); - - SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage(); - - - - log.info("PVP2 statusrequest or statusresponse is valid"); - - - if (samlResponse instanceof LogoutResponse) { - - LogoutResponse sloResp = (LogoutResponse) samlResponse; - - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - - if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden."); - - setAnser(request, response, bean); - return; - - } else { - bean.setErrorMessage("Der Single Log-Out Vorgang war nicht erfolgreich.
Bitte schließen Sie aus sicherheitsgründen den Browser!"); - setAnser(request, response, bean); - return; - - } - - } else if (samlResponse instanceof LogoutRequest) { - //invalidate user session - request.getSession().invalidate(); - - //build LogOutResponse - LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloResp.setID(gen.generateIdentifier()); - sloResp.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloResp.setIssuer(issuer); - - Status status = SAML2Utils.createSAMLObject(Status.class); - sloResp.setStatus(status); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - statusCode.setValue(StatusCode.SUCCESS_URI); - status.setStatusCode(statusCode ); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - redirectEndpoint = sss; - } - } - sloResp.setDestination(redirectEndpoint.getLocation()); - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - sloResp.setSignature(signer); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(sloResp); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(messageContext.getRelayState()); - - encoder.encode(context); - - } else { - bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response"); - setAnser(request, response, bean); - return; - - } - - - } catch (Exception e) { - log.warn("Internal error", e); - bean.setErrorMessage("Internal Error: " + e.getMessage()); - setAnser(request, response, bean); - return; - } - - } else { - bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); - setAnser(request, response, bean); - return; - - } - } - - private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException { - // store bean in session - request.setAttribute("answers", answersBean); - - // you now can forward to some view, for example some results.jsp - request.getRequestDispatcher("demoapp.jsp").forward(request, response); - - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java index 9bd0ff2e3..49d7b2cc6 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java @@ -62,156 +62,158 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - /** * Servlet implementation class Authenticate */ public class SingleLogOut extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(SingleLogOut.class); - - /** - * @see HttpServlet#HttpServlet() - */ - public SingleLogOut() { - super(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - builder = factory.newDocumentBuilder(); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - } - } - - DocumentBuilder builder; - - - //generate AuthenticationRequest - protected void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - - Configuration config = Configuration.getInstance(); - config.initializePVP2Login(); - - String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT); - String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID); - - if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { - log.warn("No user information found. Single Log-Out not possible"); - throw new ServletException("No user information found. Single Log-Out not possible"); - - } else - log.info("Fount user information for user nameID: " + nameID - + " , nameIDFormat: " + nameIDFormat - + ". Build Single Log-Out request ..."); - - //invalidate local session - request.getSession().invalidate(); - - //build Single LogOut request - LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloReq.setID(gen.generateIdentifier()); - sloReq.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloReq.setIssuer(issuer); - - NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); - sloReq.setNameID(userNameID); - userNameID.setFormat(nameIDFormat); - userNameID.setValue(nameID); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - redirectEndpoint = sss; - } - } - sloReq.setDestination(redirectEndpoint.getLocation()); - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - sloReq.setSignature(signer); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response - , true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(redirectEndpoint.getLocation()); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(sloReq); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(SingleLogOut.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public SingleLogOut() { + super(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + } + } + + DocumentBuilder builder; + + // generate AuthenticationRequest + protected void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + + final Configuration config = Configuration.getInstance(); + config.initializePVP2Login(); + + final String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT); + final String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID); + + if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { + log.warn("No user information found. Single Log-Out not possible"); + throw new ServletException("No user information found. Single Log-Out not possible"); + + } else { + log.info("Fount user information for user nameID: " + nameID + + " , nameIDFormat: " + nameIDFormat + + ". Build Single Log-Out request ..."); + } + + // invalidate local session + request.getSession().invalidate(); + + // build Single LogOut request + final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloReq.setID(gen.generateIdentifier()); + sloReq.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloReq.setIssuer(issuer); + + final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); + sloReq.setNameID(userNameID); + userNameID.setFormat(nameIDFormat); + userNameID.setValue(nameID); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } + } + sloReq.setDestination(redirectEndpoint.getLocation()); + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + sloReq.setSignature(signer); + + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(sloReq); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index e8b194f3f..4314bd3fd 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -287,6 +287,10 @@ bcprov-jdk15on org.bouncycastle + + log4j + log4j +
@@ -321,7 +325,17 @@ test-jar tests 1.0.0 - test + test + + + log4j + log4j + + + org.slf4j + slf4j-log4j12 + + - 3.3.0 + 3.7.1
- - org.hibernate diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 4db2aa3ad..014759b5c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -12,12 +12,12 @@ org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 org.bouncycastle bcpkix-jdk15on - 1.52 + 1.70 diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index eabb1fc18..a83a065fa 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -237,14 +237,14 @@ org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 com.ibm.icu icu4j - 58.2 + 70.1 diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 6f9463710..15d129dcb 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -32,7 +32,6 @@ javax.servlet javax.servlet-api - 3.1.0 provided diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index a7a4dad1b..bed0ef11c 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -38,13 +38,13 @@ com.google.http-client google-http-client-jackson2 - 1.22.0 + 1.40.1 test com.google.oauth-client google-oauth-client-jetty - 1.22.0 + 1.32.1 test @@ -78,7 +78,6 @@ com.google.guava guava - 19.0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 1f7606e1d..4734bb3a6 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -53,18 +53,18 @@ com.google.code.gson gson - 2.8.2 + 2.8.9 org.bitbucket.b_c jose4j - 0.6.3 + 0.7.9 org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 759d9c838..6bf297a4e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -13,7 +13,6 @@ import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; -import org.apache.log4j.Logger; import org.jose4j.base64url.Base64Url; import com.google.gson.JsonElement; @@ -23,328 +22,347 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class SL20JSONExtractorUtils { - private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class); - - /** - * Extract String value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsString(); - else - return null; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); - - } - } - - /** - * Extract Boolean value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsBoolean(); - else - return defaultValue; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); - - } - } - - /** - * Extract JSONObject value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsJsonObject(); - else - return null; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); - - } - } - - /** - * Extract a List of String elements from a JSON element - * - * @param input - * @return - * @throws SLCommandoParserException - */ - public static List getListOfStringElements(JsonElement input) throws SLCommandoParserException { - List result = new ArrayList(); - if (input != null) { - if (input.isJsonArray()) { - Iterator arrayIterator = input.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - JsonElement next = arrayIterator.next(); - if (next.isJsonPrimitive()) - result.add(next.getAsString()); - } - - } else if (input.isJsonPrimitive()) { - result.add(input.getAsString()); - - } else { - log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); - throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); - - } - } - - return result; - } - - /** - * Extract Map of Key/Value pairs from a JSON Element - * - * @param input parent JSON object - * @param keyID KeyId of the child that should be parsed - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static Map getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonElement internal = getAndCheck(input, keyID, isRequired); - return getMapOfStringElements(internal); - - } - - /** - * Extract Map of Key/Value pairs from a JSON Element - * - * @param input - * @return - * @throws SLCommandoParserException - */ - public static Map getMapOfStringElements(JsonElement input) throws SLCommandoParserException { - Map result = new HashMap(); - - if (input != null) { - if (input.isJsonArray()) { - Iterator arrayIterator = input.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - JsonElement next = arrayIterator.next(); - Iterator> entry = next.getAsJsonObject().entrySet().iterator(); - entitySetToMap(result, entry); - - } - - } else if (input.isJsonObject()) { - Iterator> objectKeys = input.getAsJsonObject().entrySet().iterator(); - entitySetToMap(result, objectKeys); - - } else - throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); - - } - - return result; - } - - private static void entitySetToMap(Map result, Iterator> entry) { - while (entry.hasNext()) { - Entry el = entry.next(); - if (result.containsKey(el.getKey())) - log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); - - result.put(el.getKey(), el.getValue().getAsString()); - - } - - } - - - public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { - JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); - JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); - - if (result == null && encryptedResult == null) - throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); - - else if (encryptedResult == null && mustBeEncrypted) - throw new SLCommandoParserException("result MUST be signed."); - - else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { - try { - return decrypter.decryptPayload(encryptedResult.getAsString()); - - } catch (Exception e) { - log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); - if (!mustBeEncrypted) { - log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); - - //dummy code - try { - String[] signedPayload = encryptedResult.toString().split("\\."); - JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); - return payLoad; - - } catch (Exception e1) { - log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); - throw new SL20Exception(e.getMessage(), null, e); - - } - - } else - throw e; - - } - - } else if (result != null) { - return result; - - } else - throw new SLCommandoParserException("Internal build error"); - - - } - - /** - * Extract payLoad from generic transport container - * - * @param container - * @param joseTools - * @return - * @throws SLCommandoParserException - */ - public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception { - - JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); - JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); - - if (mustBeSigned && joseTools == null) - throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); - - if (sl20Payload == null && sl20SignedPayload == null) - throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); - - else if (sl20SignedPayload == null && mustBeSigned) - throw new SLCommandoParserException("payLoad MUST be signed."); - - else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { - return joseTools.validateSignature(sl20SignedPayload.getAsString()); - - } else if (sl20Payload != null) - return new VerificationResult(sl20Payload.getAsJsonObject()); - - else - throw new SLCommandoParserException("Internal build error"); - - - } - - - /** - * Extract generic transport container from httpResponse - * - * @param httpResp - * @return - * @throws SLCommandoParserException - */ - public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException { - try { - JsonObject sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 307) { - Header[] locationHeader = httpResp.getHeaders("Location"); - if (locationHeader == null) - throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); - - String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); - sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject(); - - } else if (httpResp.getStatusLine().getStatusCode() == 200) { - if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) - throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - } else if ( (httpResp.getStatusLine().getStatusCode() == 500) || - (httpResp.getStatusLine().getStatusCode() == 401) || - (httpResp.getStatusLine().getStatusCode() == 400) ) { - log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() - + ". Search for error message"); - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - - } else - throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); - - log.info("Find JSON object in http response"); - return sl20Resp; - - } catch (Exception e) { - throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); - - } - } - - private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { - if (resp != null && resp.getContent() != null) { - JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); - if (sl20Resp != null && sl20Resp.isJsonObject()) { - return sl20Resp.getAsJsonObject(); - - } else - throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); - - - } else - throw new SLCommandoParserException("Can NOT find content in http response"); - - } - - - private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonElement internal = input.get(keyID); - - if (internal == null && isRequired) - throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); - - return internal; - - } + + /** + * Extract String value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static String getStringValue(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsString(); + } else { + return null; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); + + } + } + + /** + * Extract Boolean value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, + boolean defaultValue) throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsBoolean(); + } else { + return defaultValue; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract JSONObject value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsJsonObject(); + } else { + return null; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract a List of String elements from a JSON element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static List getListOfStringElements(JsonElement input) throws SLCommandoParserException { + final List result = new ArrayList<>(); + if (input != null) { + if (input.isJsonArray()) { + final Iterator arrayIterator = input.getAsJsonArray().iterator(); + while (arrayIterator.hasNext()) { + final JsonElement next = arrayIterator.next(); + if (next.isJsonPrimitive()) { + result.add(next.getAsString()); + } + } + + } else if (input.isJsonPrimitive()) { + result.add(input.getAsString()); + + } else { + log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); + + } + } + + return result; + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static Map getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + return getMapOfStringElements(internal); + + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static Map getMapOfStringElements(JsonElement input) + throws SLCommandoParserException { + final Map result = new HashMap<>(); + + if (input != null) { + if (input.isJsonArray()) { + final Iterator arrayIterator = input.getAsJsonArray().iterator(); + while (arrayIterator.hasNext()) { + final JsonElement next = arrayIterator.next(); + final Iterator> entry = next.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, entry); + + } + + } else if (input.isJsonObject()) { + final Iterator> objectKeys = input.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, objectKeys); + + } else { + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); + } + + } + + return result; + } + + private static void entitySetToMap(Map result, Iterator> entry) { + while (entry.hasNext()) { + final Entry el = entry.next(); + if (result.containsKey(el.getKey())) { + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + } + + result.put(el.getKey(), el.getValue().getAsString()); + + } + + } + + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, + boolean mustBeEncrypted) throws SL20Exception { + final JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); + final JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + + if (result == null && encryptedResult == null) { + throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); + } else if (encryptedResult == null && mustBeEncrypted) { + throw new SLCommandoParserException("result MUST be signed."); + } else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { + try { + return decrypter.decryptPayload(encryptedResult.getAsString()); + + } catch (final Exception e) { + log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); + if (!mustBeEncrypted) { + log.warn( + "Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + + // dummy code + try { + final String[] signedPayload = encryptedResult.toString().split("\\."); + final JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode( + signedPayload[1]))); + return payLoad; + + } catch (final Exception e1) { + log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); + throw new SL20Exception(e.getMessage(), null, e); + + } + + } else { + throw e; + } + + } + + } else if (result != null) { + return result; + + } else { + throw new SLCommandoParserException("Internal build error"); + } + + } + + /** + * Extract payLoad from generic transport container + * + * @param container + * @param joseTools + * @return + * @throws SLCommandoParserException + */ + public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, + boolean mustBeSigned) throws SL20Exception { + + final JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); + final JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); + + if (mustBeSigned && joseTools == null) { + throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); + } + + if (sl20Payload == null && sl20SignedPayload == null) { + throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); + } else if (sl20SignedPayload == null && mustBeSigned) { + throw new SLCommandoParserException("payLoad MUST be signed."); + } else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { + return joseTools.validateSignature(sl20SignedPayload.getAsString()); + + } else if (sl20Payload != null) { + return new VerificationResult(sl20Payload.getAsJsonObject()); + } else { + throw new SLCommandoParserException("Internal build error"); + } + + } + + /** + * Extract generic transport container from httpResponse + * + * @param httpResp + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) + throws SLCommandoParserException { + try { + JsonObject sl20Resp = null; + if (httpResp.getStatusLine().getStatusCode() == 307) { + final Header[] locationHeader = httpResp.getHeaders("Location"); + if (locationHeader == null) { + throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); + } + + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0) + .getValue(); + sl20Resp = new JsonParser().parse(Base64Url.encode(sl20RespString.getBytes())).getAsJsonObject(); + + } else if (httpResp.getStatusLine().getStatusCode() == 200) { + if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp + .getEntity().getContentType().getValue()); + } + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else if (httpResp.getStatusLine().getStatusCode() == 500 || + httpResp.getStatusLine().getStatusCode() == 401 || + httpResp.getStatusLine().getStatusCode() == 400) { + log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + ". Search for error message"); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else { + throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine() + .getStatusCode()); + } + + log.info("Find JSON object in http response"); + return sl20Resp; + + } catch (final Exception e) { + throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); + + } + } + + private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + final JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); + if (sl20Resp != null && sl20Resp.isJsonObject()) { + return sl20Resp.getAsJsonObject(); + + } else { + throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); + } + + } else { + throw new SLCommandoParserException("Can NOT find content in http response"); + } + + } + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + final JsonElement internal = input.get(keyID); + + if (internal == null && isRequired) { + throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); + } + + return internal; + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index dbf91dccf..458eb3f85 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -36,14 +36,14 @@ org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 org.bouncycastle bcpkix-jdk15on - 1.52 + 1.70 diff --git a/pom.xml b/pom.xml index 90ab19386..41eef6d83 100644 --- a/pom.xml +++ b/pom.xml @@ -34,53 +34,54 @@ 0.3 1.0.15 - 5.2.11.RELEASE - 2.3.5.RELEASE - 2.3.5.RELEASE + 5.3.13 + 2.6.0 + 2.6.0 2.22.0 2.3.1 2.3.0.1 - 30.0-jre + 31.0.1-jre 2.6.6 1.5.6 1.4.6 - 2.1.5 + 2.3.0 2.3.1 1.1 - 5.4.25.Final - 2.8.0 + 5.6.2.Final + 2.9.0 - 3.3.8 - 2.5.26 + 3.3.12 + 2.5.28 2.0.0 1.7.30 + 2.15.0 4.5.13 - 4.4.14 + 4.4.15 - 8.0.22 + 8.0.27 - 4.12 - 2.8.0 - 3.11 + 4.13.2 + 2.11.0 + 3.12.0 4.4 3.2.2 1.9 - 2.10.8 - - 2.12.0 + 2.10.13 + + 2.13.0 1.4 ${org.springframework.version} - 1.18.16 + 1.18.22 0.8.6 3.1.1 @@ -337,6 +338,12 @@ + + joda-time + joda-time + ${joda-time.version} + + org.apache.commons commons-dbcp2 @@ -443,9 +450,9 @@ ${slf4j.version} - org.slf4j - slf4j-log4j12 - ${slf4j.version} + org.apache.logging.log4j + log4j-slf4j-impl + ${log4j.version} @@ -460,12 +467,6 @@ compile - - org.apache.logging.log4j - log4j-core - 2.13.3 - - org.apache.httpcomponents httpclient @@ -745,7 +746,7 @@ iaik.prod iaik_jce_full - 5.61_moa + 5.62_moa @@ -824,7 +825,7 @@ xerces xercesImpl - 2.11.0 + 2.12.1 compile