From 98dbb23fa5dcd9518beb56fd2410667b385b5524 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 17 Jul 2015 09:18:28 +0200 Subject: first beta version of new MOA-ID WebGUI module for configuration --- .../exception/ConfigurationException.java | 47 -- id/moa-id-webgui/pom.xml | 31 +- .../id/config/webgui/MOAIDConfigurationModul.java | 48 +- .../config/webgui/MOAIDSpringResourceProvider.java | 29 +- .../id/config/webgui/MOAIDWebGUIConfiguration.java | 160 ++++++ .../webgui/exception/ConfigurationException.java | 48 ++ .../exception/SchemaValidationException.java | 43 ++ .../exception/SignatureValidationException.java | 58 +++ .../validation/MOAIDConfigurationValidator.java | 17 +- .../validation/modul/impl/GatewayValidator.java | 19 +- .../modul/impl/InterfederationIDPValidator.java | 7 + .../modul/impl/OnlineApplicationValidator.java | 30 +- .../validation/modul/impl/VIDPValidator.java | 20 +- .../validation/task/AbstractTaskValidator.java | 4 +- .../task/impl/GeneralMOAIDConfigurationTask.java | 5 +- .../task/impl/GeneralOpenIDConfigurationTask.java | 2 +- .../task/impl/GeneralPVP2XConfigurationTask.java | 2 +- .../task/impl/GeneralSTORKConfigurationTask.java | 2 +- .../ServicesAuthenticationInformationTask.java | 229 +++++++++ .../task/impl/ServicesAuthenticationSTORKTask.java | 301 +++++++++++ .../task/impl/ServicesBKUSelectionTask.java | 403 +++++++++++++++ .../task/impl/ServicesGeneralInformationTask.java | 150 +++++- .../task/impl/ServicesInterfederationIDPTask.java | 116 +++++ .../task/impl/ServicesPVPGatewayTask.java | 121 +++++ .../task/impl/ServicesProtocolOpenIDTask.java | 152 ++++++ .../task/impl/ServicesProtocolPVP2XTask.java | 336 +++++++++++++ .../task/impl/ServicesProtocolSAML1Task.java | 114 +++++ .../task/impl/ServicesProtocolSTORKTask.java | 273 ++++++++++ .../task/impl/ServicesSSOAuthenticationTask.java | 101 ++++ .../validation/task/impl/ServicesTargetTask.java | 221 ++++++++ .../task/impl/ServicesbPKDecryptionTask.java | 137 +++++ .../utils/MetaDataVerificationFilter.java | 122 +++++ .../validation/utils/SchemaValidationFilter.java | 98 ++++ ...i.validation.task.IDynamicLoadableTaskValidator | 4 + .../resources/applicationResources_de.properties | 4 +- .../resources/applicationResources_en.properties | 2 + .../src/main/resources/gui/meta.properties | 92 +++- .../src/main/resources/gui/types/gateway.json | 50 ++ .../src/main/resources/gui/types/general.json | 7 + .../src/main/resources/gui/types/iidp.json | 124 +++++ .../src/main/resources/gui/types/oa.json | 557 ++++++++++++++++++++- .../src/main/resources/gui/types/vidp.json | 371 ++++++++++++++ .../src/main/resources/moaid.webgui.beans.xml | 12 +- .../moa/id/auth/AuthenticationServer.java | 2 +- .../moa/id/auth/MOAIDAuthConstants.java | 11 +- .../id/auth/builder/AuthenticationDataBuilder.java | 2 +- .../moa/id/auth/builder/DataURLBuilder.java | 3 +- .../StartAuthentificationParameterParser.java | 2 +- .../moa/id/auth/servlet/AuthServlet.java | 2 +- .../servlet/GenerateIFrameTemplateServlet.java | 9 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 13 +- .../auth/servlet/ProcessEngineSignalServlet.java | 10 +- .../moa/id/auth/servlet/RedirectServlet.java | 11 +- .../moa/id/config/ConfigurationUtils.java | 1 - .../auth/AuthConfigurationProviderFactory.java | 18 +- .../moa/id/config/auth/OAAuthParameter.java | 11 +- .../PropertyBasedAuthConfigurationProvider.java | 19 +- .../moa/id/entrypoints/DispatcherServlet.java | 7 +- .../moa/id/moduls/AuthenticationManager.java | 2 +- .../at/gv/egovernment/moa/id/moduls/IAction.java | 2 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 2 +- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 7 +- .../builder/attributes/IPVPAttributeBuilder.java | 3 +- .../moa/id/protocols/saml1/GetArtifactAction.java | 9 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 2 +- .../protocols/stork2/AttributeProviderFactory.java | 10 +- .../moa/id/protocols/stork2/STORKProtocol.java | 2 +- .../moa/id/util/ParamValidatorUtils.java | 2 +- .../moa/id/util/legacy/LegacyHelper.java | 2 +- .../main/resources/moaid.configuration.beans.xml | 24 + .../resources/properties/id_messages_de.properties | 3 +- .../protocol_response_statuscodes_de.properties | 1 + .../src/test/java/test/tlenz/simpletest.java | 22 + .../egovernment/moa/id/commons/MOAIDConstants.java | 109 ++++ .../config/ConfigurationMigrationUtils.java | 242 +++++---- .../moa/id/commons/config/ConfigurationUtil.java | 34 +- .../config/MOAIDConfigurationConstants.java | 90 +--- .../moa/id/commons/config/MigrationTest.java | 2 +- .../config/persistence/MOAIDConfigurationImpl.java | 10 + .../db/dao/config/DatabaseConfigPropertyImpl.java | 3 +- .../moa/id/commons/utils/KeyValueUtils.java | 13 + .../src/main/resources/configuration.beans.xml | 28 +- .../src/main/resources/moaid.migration.beans.xml | 40 ++ 83 files changed, 5013 insertions(+), 441 deletions(-) delete mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java create mode 100644 id/moa-id-webgui/src/main/resources/gui/types/gateway.json create mode 100644 id/moa-id-webgui/src/main/resources/gui/types/iidp.json create mode 100644 id/moa-id-webgui/src/main/resources/gui/types/vidp.json create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java create mode 100644 id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java deleted file mode 100644 index 3aa3910cc..000000000 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java +++ /dev/null @@ -1,47 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.configuration.exception; - -import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; - -public class ConfigurationException extends Exception { - - private static final long serialVersionUID = 1L; - - public ConfigurationException(String errorname) { - super(LanguageHelper.getErrorString(errorname, null)); - } - - public ConfigurationException(String errorname, Throwable e) { - super(LanguageHelper.getErrorString(errorname, null), e); - } - - public ConfigurationException(String errorname, Object[] params, Throwable e) { - super(LanguageHelper.getErrorString(errorname, params, null), e); - } - - public ConfigurationException(Throwable e) { - super(e); - } - -} diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 76660eac2..35436db4b 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -16,8 +16,16 @@ ${basedir}/../../repository + + + shibboleth.internet2.edu + Internet2 + https://build.shibboleth.net/nexus/content/groups/public/ + + + - src/main/jave + src/main/java maven-compiler-plugin @@ -47,6 +55,27 @@ moa-id-commons + + org.opensaml + opensaml + + + org.slf4j + log4j-over-slf4j + + + + + org.opensaml + xmltooling + + + org.slf4j + log4j-over-slf4j + + + + diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java index 72e2321e9..0ec230324 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java @@ -45,6 +45,9 @@ import at.gv.egiz.components.configuration.meta.api.MetadataConfiguration; import at.gv.egiz.components.configuration.meta.api.SchemaEntry; import at.gv.egiz.components.configuration.meta.api.impl.BaseMetadataConfiguration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.MOAIDConfigurationValidator; @@ -57,7 +60,7 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ private static final String MODULE_NAME = "MOAIDConfigurationModul"; - private static Configuration config; + private static MOAIDConfiguration config; private static Configuration meta; private static MetadataConfiguration metadata = null; @@ -76,23 +79,29 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ } @Autowired - public void setDatabaseConfiguration(Configuration dbconfig) { + public void setDatabaseConfiguration(MOAIDConfiguration dbconfig) { config = dbconfig; } /** + * @throws Exception * */ - public MOAIDConfigurationModul() { - loadType("general", "/gui/types/general.json"); - -// loadType("oa", "/gui/types/oa.json"); - - //TODO: load correct types -// loadType("vidp", "/gui/types/oa.json"); -// loadType("iidp", "/gui/types/oa.json"); -// loadType("gateway", "/gui/types/oa.json"); + public MOAIDConfigurationModul() throws Exception { + loadType("general", "/gui/types/general.json"); + loadType("moaidoa", "/gui/types/oa.json"); + loadType("moaidvidp", "/gui/types/vidp.json"); + loadType("moaidiidp", "/gui/types/iidp.json"); + loadType("moaidgateway", "/gui/types/gateway.json"); + try { + MOAIDWebGUIConfiguration.getInstance(); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + logger.error("MOA-ID WebGUI initialization FAILED! (Reason: {})", e.getMessage()); + throw new Exception(e); + + } } @@ -146,8 +155,19 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ @Override public String buildArrayIdentifier(String arrayId, int refCounter, Map properties) throws ConfigurationException { - // TODO Auto-generated method stub - return null; + logger.trace("Search next free list index for key: " + arrayId); + + if (arrayId.startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { + String[] allListKeys = config.findConfigurationId(arrayId + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + int freeIndex = KeyValueUtils.findNextFreeListCounter(allListKeys, arrayId) + refCounter; + logger.debug("Found free listIndex: " + freeIndex + " for serviceKey: " + arrayId); + return String.valueOf(freeIndex); + + } else { + logger.warn("Actually, only services are from type array and need an index."); + throw new ConfigurationException("Actually, only services are from type array and need an index."); + + } } /* (non-Javadoc) @@ -203,7 +223,7 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ Iterator deleteInterator = deleted.iterator(); while (deleteInterator.hasNext()) { String el = deleteInterator.next(); - try { + try { config.deleteIds(el); logger.trace("Delete key {}", el); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java index 61e1a1192..f9f8d1d2d 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java @@ -22,10 +22,14 @@ */ package at.gv.egovernment.moa.id.config.webgui; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; import at.gv.egiz.components.spring.api.SpringResourceProvider; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolPVP2XTask; /** * @author tlenz @@ -33,16 +37,33 @@ import at.gv.egiz.components.spring.api.SpringResourceProvider; */ public class MOAIDSpringResourceProvider implements SpringResourceProvider { - private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + private static final Logger log = LoggerFactory.getLogger(MOAIDSpringResourceProvider.class); /* (non-Javadoc) * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() */ @Override - public Resource[] getResourcesToLoad() { - ClassPathResource webguicontextconfig = new ClassPathResource("/moaid.webgui.beans.xml", MOAIDSpringResourceProvider.class); + public Resource[] getResourcesToLoad() { +// try { + //TODO: is not a nice solution -> fix in futher version + //MOAIDWebGUIConfiguration moaIdWebguiConfig = MOAIDWebGUIConfiguration.getInstance(); + //JPAPropertiesWithJavaConfig.setLocalProperties(moaIdWebguiConfig.getDatabaseProperties()); + ClassPathResource databasecontextconfig = new ClassPathResource("/configuration.beans.xml", MOAIDSpringResourceProvider.class); - return new Resource[] {webguicontextconfig, databasecontextconfig}; + ClassPathResource webguicontextconfig = new ClassPathResource("/moaid.webgui.beans.xml", MOAIDSpringResourceProvider.class); + ClassPathResource webguidatabasecontextconfig = new ClassPathResource("/moaid.migration.beans.xml", MOAIDSpringResourceProvider.class); + + + + return new Resource[] {databasecontextconfig, webguidatabasecontextconfig, webguicontextconfig}; + +// } catch (ConfigurationException e) { +// log.error("Can not load MOA-ID WebGUI configuration.", e); +// return null; +// +// } + + } diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java new file mode 100644 index 000000000..0a3a9eef8 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java @@ -0,0 +1,160 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Properties; + +import org.opensaml.DefaultBootstrap; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Service +public class MOAIDWebGUIConfiguration { + + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + + private static final Logger log = LoggerFactory.getLogger(MOAIDWebGUIConfiguration.class); + + + + private Properties props; + private String configFileName; + private String configRootDir; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.commons.config.persistence.LocalConfigurationBean#getLocalDatabaseProperties() + */ + + private static MOAIDWebGUIConfiguration instance = null; + + public static MOAIDWebGUIConfiguration getInstance() throws ConfigurationException { + if (instance == null) { + instance = new MOAIDWebGUIConfiguration(); + + } + return instance; + } + + + MOAIDWebGUIConfiguration() throws ConfigurationException { + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + + if (configFileName == null) { + throw new ConfigurationException("config.05"); + } + try { + URI fileURI = new URI(configFileName); + + // determine the directory of the root config file + configRootDir = new File(fileURI).getParent(); + + log.info("Loading MOA-ID WebGUI configuration from file " + fileURI); + + //Load MOAID-2.0 properties file + + File propertiesFile = new File(fileURI); + FileInputStream fis; + props = new Properties(); + + fis = new FileInputStream(propertiesFile); + props.load(fis); + + fis.close(); + + log.debug("OpenSAML initialization started ..."); + DefaultBootstrap.bootstrap(); + log.info("OpenSAML initialization complete."); + + log.info("Pre-Initialization step of MOA-ID WebGUI module finished ... "); + + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.01", new Object[]{configFileName}, e); + + } catch (IOException e) { + throw new ConfigurationException("config.02", new Object[]{configFileName}, e); + + } catch (org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); + + } catch (URISyntaxException e) { + throw new ConfigurationException("config.06", new Object[]{MOAIDConfigurationConstants.FILE_URI_PREFIX, configFileName}, e); + + } + } + +// @Override +// protected Properties getLocalDatabaseProperties() { +// return this.props; +// } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + + public String getCertStoreDirectory() throws ConfigurationException { + String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); + + } + + public String getTrustStoreDirectory() throws ConfigurationException { + String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); + + } + + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java new file mode 100644 index 000000000..2f2decab9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java @@ -0,0 +1,48 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; + + +public class ConfigurationException extends Exception { + + private static final long serialVersionUID = 1L; + + public ConfigurationException(String errorname) { + super(LanguageHelper.getErrorString(errorname, null)); + } + + public ConfigurationException(String errorname, Throwable e) { + super(LanguageHelper.getErrorString(errorname, null), e); + } + + public ConfigurationException(String errorname, Object[] params, Throwable e) { + super(LanguageHelper.getErrorString(errorname, params), e); + } + + public ConfigurationException(Throwable e) { + super(e); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java new file mode 100644 index 000000000..3c0827a62 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java @@ -0,0 +1,43 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SchemaValidationException extends FilterException { + + /** + * @param string + */ + public SchemaValidationException(String string) { + super(string); + + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java new file mode 100644 index 000000000..7c4c48e6b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java @@ -0,0 +1,58 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SignatureValidationException extends FilterException { + + /** + * @param string + */ + public SignatureValidationException(String string) { + super(string); + + } + + /** + * @param e + */ + public SignatureValidationException(Exception e) { + super(e); + } + + /** + * @param string + * @param object + */ + public SignatureValidationException(String string, Exception e) { + super(string, e); + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java index a1cafe702..5fc5b86d2 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java @@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; @@ -48,7 +49,7 @@ import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTa */ public class MOAIDConfigurationValidator { private static final Logger logger = LoggerFactory.getLogger(MOAIDConfigurationValidator.class); - private static Configuration dbconfig; + private static MOAIDConfiguration dbconfig; private static ServiceLoader moduleLoader = ServiceLoader.load(IModuleValidator.class); @@ -61,7 +62,7 @@ public class MOAIDConfigurationValidator { private boolean isDataValidated = false; @Autowired - public void setDatabaseConfiguration(Configuration config) { + public void setDatabaseConfiguration(MOAIDConfiguration config) { dbconfig = config; } @@ -81,7 +82,7 @@ public class MOAIDConfigurationValidator { } - //load tasks + //load dynamic tasks Iterator taskLoaderInterator = taskLoader.iterator(); while (taskLoaderInterator.hasNext()) { IDynamicLoadableTaskValidator task = taskLoaderInterator.next(); @@ -151,8 +152,13 @@ public class MOAIDConfigurationValidator { if (moduleValidator.containsKey(moduleID)) { logger.trace("Starting validation process of keyGroup: " + groupEl.getKey() + " with module: " + moduleValidator.get(moduleID).getName()); + Map servicekeys = KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey()); + + //put service prefix to validation Map to check if service already stored + servicekeys.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, groupEl.getKey()); + moduleValidator.get(moduleID) - .validate(KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey())); + .validate(servicekeys); } else logger.info("No ModulValidator for keygroup {} found.", moduleID); @@ -268,6 +274,7 @@ public class MOAIDConfigurationValidator { for (String key : validationModuleKeys) { if (el.getKey().startsWith(key)) { selectedModul = moduleValidator.get(key); + break; } } @@ -276,7 +283,7 @@ public class MOAIDConfigurationValidator { String groupkey = null; if (selectedModul.getKeyPrefix().startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { String oaIndex = KeyValueUtils.getFirstChildAfterPrefix(el.getKey(), selectedModul.getKeyPrefix()); - groupkey = selectedModul + "." + oaIndex; + groupkey = selectedModul.getKeyPrefix() + "." + oaIndex; } else groupkey = selectedModul.getKeyPrefix(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java index 22281c973..e7775beba 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java @@ -22,12 +22,10 @@ */ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; -import java.util.Map; - import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; -import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesPVPGatewayTask; /** * @author tlenz @@ -35,17 +33,12 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; */ public class GatewayValidator extends AbstractModuleValidator { - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map) - */ - @Override - public void validate(Map input) - throws ConfigurationModulValidationException { - // TODO Auto-generated method stub - + public GatewayValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesPVPGatewayTask()); } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() */ diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java index 2e9288415..5b9312e8e 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesInterfederationIDPTask; /** * @author tlenz @@ -31,6 +33,11 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleVal */ public class InterfederationIDPValidator extends AbstractModuleValidator { + public InterfederationIDPValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesInterfederationIDPTask()); + + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java index a71d425f2..dbce8ec3a 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java @@ -22,13 +22,15 @@ */ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; -import java.util.Map; - import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; -import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesAuthenticationInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolSAML1Task; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesSSOAuthenticationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesbPKDecryptionTask; /** * @author tlenz @@ -36,14 +38,18 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; */ public class OnlineApplicationValidator extends AbstractModuleValidator { - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map) + /** + * */ - @Override - public void validate(Map input) - throws ConfigurationModulValidationException { - // TODO Auto-generated method stub - + public OnlineApplicationValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesTargetTask()); + addTaskValidator(new ServicesAuthenticationInformationTask()); + addTaskValidator(new ServicesSSOAuthenticationTask()); + addTaskValidator(new ServicesbPKDecryptionTask()); + addTaskValidator(new ServicesProtocolSAML1Task()); + addTaskValidator(new ServicesBKUSelectionTask()); + } /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java index 17dc66550..ad3c15b16 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java @@ -22,13 +22,11 @@ */ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; -import java.util.Map; - import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; -import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask; /** * @author tlenz @@ -36,14 +34,12 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; */ public class VIDPValidator extends AbstractModuleValidator { - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map) - */ - @Override - public void validate(Map input) - throws ConfigurationModulValidationException { - // TODO Auto-generated method stub + public VIDPValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesTargetTask()); + addTaskValidator(new ServicesBKUSelectionTask()); + } /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java index 394bc4da7..a124949f1 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java @@ -49,7 +49,7 @@ public abstract class AbstractTaskValidator implements ITaskValidator { throws ConfigurationTaskValidationException { //start task specific validation - tastValidate(input); + taskValidate(input); } @@ -59,7 +59,7 @@ public abstract class AbstractTaskValidator implements ITaskValidator { * @param input Key/Value pairs of a module for validation * @throws ConfigurationModulValidationException */ - abstract protected void tastValidate(Map input) + abstract protected void taskValidate(Map input) throws ConfigurationTaskValidationException; /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index e4646bc04..b8836b90c 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -94,7 +94,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - protected void tastValidate(Map input) + protected void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); @@ -451,7 +451,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); - if (MiscUtil.isEmpty(check)) { + if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { log.info("AuthBlock Transformation file is empty"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, @@ -537,6 +537,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme //TODO: add AuthBlock transformation filename String authBlockTransformation = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); + String[] splittet = authBlockTransformation.split(","); if (splittet.length > 1) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java index 95f6c8349..35fed19a3 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java @@ -54,7 +54,7 @@ public class GeneralOpenIDConfigurationTask extends AbstractTaskValidator { * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override - protected void tastValidate(Map input) + protected void taskValidate(Map input) throws ConfigurationTaskValidationException { } diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java index 46dce77a0..a593b5461 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java @@ -82,7 +82,7 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - protected void tastValidate(Map input) + protected void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index a12c8f0cd..c6086583a 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -90,7 +90,7 @@ public static final List KEYWHITELIST; * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - public void tastValidate(Map input) + public void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); Map validatedCPeps = new HashedMap(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java new file mode 100644 index 000000000..c39e857e4 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java @@ -0,0 +1,229 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationInformationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationInformationTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + //Check BKU URLs + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY, + "BKU - Handy", + LanguageHelper.getErrorString("validation.general.bku.handy.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL, + "BKU - Local", + LanguageHelper.getErrorString("validation.general.bku.local.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - Online", + LanguageHelper.getErrorString("validation.general.bku.online.valid"))); + } + + //check KeyBoxIdentifier + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"))); + } + } + + //check LegacyMode SLTemplates + String isLegacyModeActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY); + if (MiscUtil.isNotEmpty(isLegacyModeActive) && Boolean.parseBoolean(isLegacyModeActive)) { + if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, + "BKU - SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplates.empty"))); + + } else { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE, + "BKU - 1. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate1.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE, + "BKU - 2. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate2.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE, + "BKU - 3. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate3.valid"))); + } + } + } + + //check Mandate Profiles + String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_USE); + if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES); + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES, + "Mandates - Profiles", + LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + + } + + String isTestCredentialsActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); + if (MiscUtil.isNotEmpty(isTestCredentialsActive) && + Boolean.parseBoolean(isTestCredentialsActive) && + MiscUtil.isNotEmpty(check)) { + String[] oids = check.split(","); + for (String el : oids) { + if (!el.startsWith(MOAIDConfigurationConstants.TESTCREDENTIALROOTOID)) { + log.warn("Test credential OID does not start with test credential root OID"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs, + "Test-Identities - allowed OIDs", + LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", + new Object[] {el}) )); + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java new file mode 100644 index 000000000..087334c4b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java @@ -0,0 +1,301 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationSTORKTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + //C-PEPS + try { + //search all actually configured C-PEPS + String[] cPepsKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); + List cPepsCountries = new ArrayList(); + for (String el : cPepsKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + cPepsCountries.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map GUICountries = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); + Iterator> GUICountriesInterator = GUICountries.entrySet().iterator(); + while (GUICountriesInterator.hasNext()) { + Entry entry = GUICountriesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)) { + + if (cPepsCountries.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains C-PEPS with countryCode: " + entry.getValue()); + cPepsCountries.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No C-PEPS with service countryCode: " + entry.getValue() + + " Remove countryCode from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove countryCode from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUICountries.keySet(), new String()); + for (String el : cPepsCountries) { + log.debug("Add new C-PEPS: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE, + el); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED, + String.valueOf(true)); + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + //STORK attributes + try { + //search all actually configured C-PEPS + String[] attributeKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + List attributeNames = new ArrayList(); + for (String el : attributeKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + attributeNames.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map GUIAttributes = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); + Iterator> GUIAttributesInterator = GUIAttributes.entrySet().iterator(); + while (GUIAttributesInterator.hasNext()) { + Entry entry = GUIAttributesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { + + if (attributeNames.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains STORK attribute with name: " + entry.getValue()); + attributeNames.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No STORK attribute with service attributeName: " + entry.getValue() + + " Remove STORK attribte from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove STORK attribute from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUIAttributes.keySet(), new String()); + for (String el : attributeNames) { + log.debug("Add new STORK attribute: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME, + el); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED, + String.valueOf(false)); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + String.valueOf(false)); + + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + // check qaa + String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); + if (MiscUtil.isNotEmpty(qaaString)) { + try { + int qaa = Integer.parseInt(qaaString); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa}))); + } + + } catch (NumberFormatException e) { + log.warn("QAA level is not a number: " + qaaString); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaaString}))); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java new file mode 100644 index 000000000..7ed9751cb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java @@ -0,0 +1,403 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.apache.commons.codec.binary.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesBKUSelectionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesBKUSelectionTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.templates"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - BKU-Selection Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + + Map newConfigValues = new HashMap(); + + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplateUploadedFileName); + + } + + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, sendAssertionTemplateUploadedFileName); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + + //validate aditionalAuthBlockText + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT, + "AuthBlock - Addition AuthBlocktext", + LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + //validate BKU selection template + String bkuSelectTemplate = null; + String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); + if (MiscUtil.isNotEmpty(bkuSelectionFileUpload) && + !bkuSelectionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) ) { + String bkuSelectTemplateFileName = "unknown"; + try { + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(bkuSelectTemplateUploadedFileName, false)) { + log.info("BKU Selection Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, + "Templates - BKU Selection Filename", + LanguageHelper.getErrorString("validation.general.bkuselection.filename.valid"))); + + } else + bkuSelectTemplateFileName = bkuSelectTemplateUploadedFileName; + + } else { + String bkuSelectTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW); + if (MiscUtil.isNotEmpty(bkuSelectTemplatePreView)) + bkuSelectTemplateFileName = bkuSelectTemplatePreView; + + } + + String[] bkuSelectTemplateSplitted = bkuSelectionFileUpload.split(","); + if (bkuSelectTemplateSplitted.length > 1) + bkuSelectTemplate = bkuSelectTemplateSplitted[1]; + else + bkuSelectTemplate = bkuSelectionFileUpload; + + if (!Base64.isBase64(bkuSelectTemplate)) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } + + //validate send-assertion template + String sendAssertionTemplate = null; + String sendAssertionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); + if (MiscUtil.isNotEmpty(sendAssertionFileUpload) && + !sendAssertionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String sendAssertionTemplateFileName = "unknown"; + try { + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(sendAssertionTemplateUploadedFileName, false)) { + log.info("Send Assertion Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, + "Templates - Send Assertion Filename", + LanguageHelper.getErrorString("validation.general.sendassertion.filename.valid"))); + + } else + sendAssertionTemplateFileName = sendAssertionTemplateUploadedFileName; + + } else { + String sendAssertionTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW); + if (MiscUtil.isNotEmpty(sendAssertionTemplatePreView)) + sendAssertionTemplateFileName = sendAssertionTemplatePreView; + + } + + String[] sendAssertionTemplateSplitted = sendAssertionFileUpload.split(","); + if (sendAssertionTemplateSplitted.length > 1) + sendAssertionTemplate = sendAssertionTemplateSplitted[1]; + else + sendAssertionTemplate = sendAssertionFileUpload; + + if (!Base64.isBase64(sendAssertionTemplate)) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR, + "Templates - Background Color", + LanguageHelper.getErrorString("validation.general.form.color.background"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR, + "Templates - Front Color", + LanguageHelper.getErrorString("validation.general.form.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR, + "Templates - Header Background-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR, + "Templates - Header Front-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT, + "Templates - Header Text", + LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR, + "Templates - Button Background-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS, + "Templates - Button Background-Color on Focus", + LanguageHelper.getErrorString("validation.general.form.button.color.back.focus"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR, + "Templates - Button Front-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!MOAIDConfigurationConstants.ALLOWED_REDIRECTTARGETNAMES.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET, + "Templates - Applet Redirect-Target", + LanguageHelper.getErrorString("validation.general.form.appletredirecttarget"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE, + "Templates - Font Type", + LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT, + "Templates - Applet Height", + LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH, + "Templates - Applet Width", + LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java index f27cb9ce7..86d047c74 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java @@ -28,47 +28,50 @@ import java.util.List; import java.util.Map; import java.util.regex.Pattern; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class ServicesGeneralInformationTask extends AbstractTaskValidator implements ITaskValidator { - + private static final Logger log = LoggerFactory.getLogger(ServicesGeneralInformationTask.class); private static final List KEYWHITELIST; + private static MOAIDConfiguration dbconfig; + static { - ArrayList temp = new ArrayList(); - temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, MOAIDConfigurationConstants.PREFIX_GENERAL)); - temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_LEGACY, MOAIDConfigurationConstants.PREFIX_GENERAL)); - + ArrayList temp = new ArrayList(); KEYWHITELIST = Collections.unmodifiableList(temp); } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) - */ - @Override - public void validate(Map input) - throws ConfigurationTaskValidationException { - // TODO Auto-generated method stub + @Autowired + public void setDatabaseConfiguration(MOAIDConfiguration config) { + dbconfig = config; + } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() */ @Override public String getKeyPrefix() { - // TODO Auto-generated method stub - return null; + return ""; } /* (non-Javadoc) @@ -76,8 +79,7 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem */ @Override public String getName() { - // TODO Auto-generated method stub - return null; + return "Service - General Configuration Task"; } /* (non-Javadoc) @@ -86,7 +88,6 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem @Override public Map postProcessing(Map input, List keysToDelete, Configuration dbconfig) { - // TODO Auto-generated method stub return null; } @@ -94,10 +95,113 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override - protected void tastValidate(Map input) - throws ConfigurationTaskValidationException { - // TODO Auto-generated method stub + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + if (dbconfig == null) { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!")); + + } + + List errors = new ArrayList(); + + String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } else { + log.info("OA friendlyName is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); + } + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (MiscUtil.isEmpty(isBusinessService)) { + log.info("OA businessservice flag is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + LanguageHelper.getErrorString("validation.general.businessservice.empty"))); + + } + + String servicePrefixId = input.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + if (MiscUtil.isNotEmpty(servicePrefixId)) { + String uniqueServiceID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (MiscUtil.isEmpty(uniqueServiceID)) { + log.info("Empty unique service identifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.empty"))); + + } else { + if (!ValidationHelper.validateURL(uniqueServiceID)) { + log.warn("Unique serice identifier is not a valid URL: " + uniqueServiceID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.valid"))); + + } else { + //check uniqueness of service identifier + try { + String[] allServiceKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + +".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (allServiceKeys != null) { + List foundKeys = new ArrayList(); + for (String elKey : allServiceKeys) { + String elValue = dbconfig.getStringValue(elKey); + if (uniqueServiceID.startsWith(elValue) || + (elValue != null && elValue.startsWith(uniqueServiceID))) { + log.debug("Found service with key: " + elKey + + " and uniqueID: " + elValue + + " which maches to edited service with uniqueID:" + + uniqueServiceID); + foundKeys.add(elKey); + + } + + } + if ((foundKeys.size() > 1) || + ((foundKeys.size() == 1) && !foundKeys.get(0).startsWith(servicePrefixId) )) { + log.info("The service identifier is not unique"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"))); + + } + } + + } catch (ConfigurationException e) { + log.error("Configuration not readable!", e); + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!"); + + } + } + } + + } else { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "No MOA-ID service prefix! Can not check uniqueness of service configuration.")); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + } /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java new file mode 100644 index 000000000..8c3475d8b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java @@ -0,0 +1,116 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesInterfederationIDPTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesInterfederationIDPTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Interfederation IDP"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String queryURL = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL, + "Attribute Querry URL", + LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid"))); + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java new file mode 100644 index 000000000..2e9dd1c30 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java @@ -0,0 +1,121 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesPVPGatewayTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesPVPGatewayTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - PVP Gateway Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String entityID = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); + if (MiscUtil.isNotEmpty(entityID)) { + if (!ValidationHelper.validateURL(entityID)) { + log.info("PVP gateway EntityID is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid"))); + + } + + } else + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty"))); + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java new file mode 100644 index 000000000..e8cdbba90 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java @@ -0,0 +1,152 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolOpenIDTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolOpenIDTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + //TODO: check secret + String guiClientID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID); + String guiClientSecret = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET); + + if (MiscUtil.isEmpty(guiClientSecret)) { + log.info("OpenID Connect client-secret is empty --> generate a new secrete."); + guiClientSecret = UUID.randomUUID().toString(); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET, + guiClientSecret); + + } + + if (MiscUtil.isEmpty(guiClientID)) { + log.info("OpenID Connect ClientID is empty --> Set ClientID to unique identifier."); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID, + input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER)); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String redirectURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL); + // validate redirectUri + if (StringUtils.isNotEmpty(redirectURL) && !ValidationHelper.validateURL(redirectURL)) { + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL, + "OpenID - Redirect URL", + LanguageHelper.getErrorString("error.oa.oauth.redirecturi"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java new file mode 100644 index 000000000..6da1bc389 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java @@ -0,0 +1,336 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Timer; +import java.util.regex.Pattern; + +import javax.net.ssl.SSLHandshakeException; + +import org.apache.commons.httpclient.MOAHttpClient; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataFilterChain; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.MOAIDWebGUIConfiguration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.MetaDataVerificationFilter; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolPVP2XTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + + Map newConfigValues = new HashMap(); + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + String[] splittet = certBase64.split(","); + if (splittet.length > 1) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + splittet[1]); + log.debug("Extract PVP2X metadata validation certificate from GUI upload and add it to key: {}", MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(certBase64)) { + certSerialized = Base64Utils.decode(certBase64, true); + X509Certificate cert = new X509Certificate(certSerialized); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE_SUBJECT, + cert.getSubjectDN().getName()); + + } + + } catch (IOException | CertificateException e) { + log.error("PVP2X metadata signing certificate is not parseable.", e); + + } + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; + + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(certBase64) && + !certBase64.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String[] splittet = certBase64.split(","); + if (splittet.length > 1) + certSerialized = Base64Utils.decode(splittet[1], true); + else + certSerialized = Base64Utils.decode(certBase64, true); + } + + + String metadataURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + if (MiscUtil.isNotEmpty(metadataURL)) { + + if (!ValidationHelper.validateURL(metadataURL)) { + log.info("MetaDataURL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata URL", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"))); + + } else { + + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + "PVP2x - Metadata Certificate", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } else { + + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (metadataURL.startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + MOAIDWebGUIConfiguration.getInstance().getCertStoreDirectory(), + MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true); + + httpClient.setCustomSSLTrustStore( + metadataURL, + protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + + } + + List filterList = new ArrayList(); + filterList.add(new MetaDataVerificationFilter(credential)); + + try { + filterList.add(new SchemaValidationFilter( + MOAIDWebGUIConfiguration.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, metadataURL); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.validation"))); + } + } + } + } + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } catch (IOException e) { + log.info("Metadata can not be loaded from URL", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"))); + + } catch (MetadataProviderException e) { + + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.ssl"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema"))); + + } else { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + + } + + } finally { + if (httpProvider != null) + httpProvider.destroy(); + + if (timer != null) + timer.cancel(); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_IIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java new file mode 100644 index 000000000..fe3a791e7 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java @@ -0,0 +1,114 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSAML1Task extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSAML1Task.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "protocols.saml1"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SAML1 Protocol Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String isProvideBaseID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID); + + if (Boolean.parseBoolean(isBusinessService) && + MiscUtil.isNotEmpty(isProvideBaseID) && Boolean.parseBoolean(isProvideBaseID)) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID, + "Protocols - SAML1 BaseID", + LanguageHelper.getErrorString("validation.saml1.providestammzahl"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java new file mode 100644 index 000000000..d4e80bed9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java @@ -0,0 +1,273 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSTORKTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + try { + //search actually stored service configurations + List storedServices = new ArrayList(); + for (String prefix : getModulValidatorPrefix()) { + String[] storedService = dbconfig.findConfigurationId(prefix + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (storedService != null && storedService.length > 0) + storedServices.addAll(Arrays.asList(storedService)); + } + + String GUIServiceUniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + String selectedServiceKey = null; + for (String serviceKey : storedServices) { + String storedUniqueId = dbconfig.getStringValue(serviceKey); + if (storedUniqueId.equals(GUIServiceUniqueID)) { + selectedServiceKey = KeyValueUtils.getPrefixFromKey(serviceKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + log.debug("Find service with key: " + selectedServiceKey + " --> Start STORK attribute provider postProcessing."); + break; + } + + } + + //load actually stored attribute provider names for service + Map storedAttributeProviders = new HashMap(); + if (MiscUtil.isNotEmpty(selectedServiceKey)) { + String[] storedAttribteProviderNames = dbconfig.findConfigurationId( + selectedServiceKey + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + ".%." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + if (storedAttribteProviderNames != null) { + for (String el : storedAttribteProviderNames) { + String attrProviderName = dbconfig.getStringValue(el); + storedAttributeProviders.put(attrProviderName, el); + + } + } + } + + Map storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + String guiAttrProviderName = current.getValue(); + if (storedAttributeProviders.containsKey(guiAttrProviderName)) { + log.trace("STORK attribute provider: " + guiAttrProviderName + + " is already stored"); + storedAttributeProviders.remove(guiAttrProviderName); + + } else { + log.trace("Add new STORK attribute provider: " + guiAttrProviderName + + " to service"); + + } + } + } + + if (!storedAttributeProviders.isEmpty()) { + log.trace("Remove STORK attribute providers from configuration."); + for (String el : storedAttributeProviders.values()) { + String removeString = KeyValueUtils.getPrefixFromKey(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + keysToDelete.add(removeString + "*"); + log.debug("Remove STORK attribute provider with key:" + removeString + "*"); + + } + + } + + } catch (ConfigurationException e) { + log.error("Configuration access FAILED.", e); + + } + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + //check V-IDP specific Target configurations + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (!Boolean.parseBoolean(isBusinessService)) { + log.info("STORK V-IDP only allowed as business Service."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + "STORK V-IDP only allowed as business Service.")); + } + + String identificationType = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (MiscUtil.isEmpty(identificationType) || + !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) { + log.info("STORK V-IDP only allowes identification numbers with STORK prefix."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - IdentificationType", + "STORK V-IDP only allowes identification numbers with STORK prefix")); + + } + + + Map storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + log.trace("Validate STORK attribute provider with key: " + current.getKey() + " value: " + current.getValue()); + String index = KeyValueUtils.getParentKey(current.getKey()); + + //validate attribute provider name + String attrProviderName = current.getValue(); + if (MiscUtil.isEmpty(attrProviderName)) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_STORKATTRIBUTEPROVIDERS.contains(attrProviderName)) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.valid"))); + } + } + + String attrProviderURL = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL); + String attrProviderAttr = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES); + + if (MiscUtil.isEmpty(attrProviderURL) || !ValidationHelper.validateURL(attrProviderURL)) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.url.valid"))); + } + + + if (MiscUtil.isEmpty(attrProviderAttr) || !attrProviderAttr.matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.attributes.valid"))); + } + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_VIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java new file mode 100644 index 000000000..bf2a38cd9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java @@ -0,0 +1,101 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; + +/** + * @author tlenz + * + */ +public class ServicesSSOAuthenticationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesSSOAuthenticationTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.sso"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SSO Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + //Actually, there is nothing to validate. + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java new file mode 100644 index 000000000..766032f1f --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -0,0 +1,221 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.CompanyNumberValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesTargetTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesTargetTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Target Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String check; + if (Boolean.parseBoolean(isBusinessService)) { + + //check identification type + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (!MOAIDConfigurationConstants.BUSINESSSERVICENAMES.keySet().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - Type", + LanguageHelper.getErrorString("validation.general.stork.sptarget"))); + } + + //check identification number + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.empty"))); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + + if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + .equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid"))); + } + } + } + + } else { + + //check own target + String useOwnTarget = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN); + if (MiscUtil.isNotEmpty(useOwnTarget) && Boolean.parseBoolean(useOwnTarget)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME, + "Own Target - FriendlyName", + LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + //check Own Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET, + "Own Target - Target", + LanguageHelper.getErrorString("validation.general.target.admin.valid"))); + } + } + + } else { + + //check PublicURL Prefix allows PublicService + String uniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (!ValidationHelper.isPublicServiceAllowed(input.get(uniqueID))) { + log.warn("PublicURLPrefix does not allow PublicService: " + uniqueID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {uniqueID}) )); + + } + + //check Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.valid"))); + } + } + + String isSubTargetUsed = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB); + if (MiscUtil.isNotEmpty(isSubTargetUsed) && Boolean.parseBoolean(isSubTargetUsed)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB, + "PublicService - Target SubSector", + LanguageHelper.getErrorString("validation.general.target.subsector.valid"))); + + } + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java new file mode 100644 index 000000000..96088b6eb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java @@ -0,0 +1,137 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesbPKDecryptionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesbPKDecryptionTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - bPK-Decryption Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + + //TODO: + + +// String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +// log.warn("OAFriendlyName contains potentail XSS characters: " + check); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", +// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); +// } +// } else { +// log.info("OA friendlyName is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); +// } +// +// String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); +// if (MiscUtil.isEmpty(isBusinessService)) { +// log.info("OA businessservice flag is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, +// "BusinessService", +// LanguageHelper.getErrorString("validation.general.businessservice.empty"))); +// +// } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java new file mode 100644 index 000000000..6ec48fa43 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java @@ -0,0 +1,122 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +import java.util.Iterator; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.validation.ValidationException; + +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.logging.Logger; + +public class MetaDataVerificationFilter implements MetadataFilter { + + BasicX509Credential credential; + + public MetaDataVerificationFilter(BasicX509Credential credential) { + this.credential = credential; + } + + + public void doFilter(XMLObject metadata) throws SignatureValidationException { + + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if(entitiesDescriptor.getSignature() == null) { + throw new SignatureValidationException("Root element of metadata file has to be signed"); + } + try { + processEntitiesDescriptor(entitiesDescriptor); + + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); + } + + } if (metadata instanceof EntityDescriptor) { + try { + EntityDescriptor entity = (EntityDescriptor) metadata; + if (entity.getSignature() != null) + verify(entity, this.credential); + + else + throw new SignatureValidationException("Root element of metadata file has to be signed", null); + + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); + } + } + } + + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws SignatureValidationException { + Iterator entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + verify(desc, this.credential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator entIT = desc.getEntityDescriptors().iterator(); + + while(entIT.hasNext()) { + EntityDescriptor entity = entIT.next(); + if (entity.getSignature() != null) + verify(entity, this.credential); + } + } + + private void verify(SignableSAMLObject entityDescriptor, Credential cred) + throws SignatureValidationException { + if (entityDescriptor.getSignature() == null) { + throw new SignatureValidationException("PVP2X Metadata not signed"); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SignatureValidationException("Failed to validate Signature", e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SignatureValidationException("Failed to verfiy Signature", e); + + } + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java new file mode 100644 index 000000000..587afe381 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java @@ -0,0 +1,98 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.opensaml.common.xml.SAMLSchemaBuilder; + +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SchemaValidationFilter implements MetadataFilter { + + private boolean isActive = true; + + /** + * + */ + public SchemaValidationFilter(boolean useSchemaValidation) { + this.isActive = useSchemaValidation; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws SchemaValidationException { + + String errString = null; + + if (isActive) { + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + DOMSource source = new DOMSource(arg0.getDOM()); + val.validate(source); + Logger.info("Metadata Schema validation check done OK"); + return; + + } catch (SAXException e) { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Metadata Schema validation FAILED with exception:", e); + else + Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } catch (Exception e) { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Metadata Schema validation FAILED with exception:", e); + else + Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } + + throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString); + + } else + Logger.info("Metadata Schema validation check is DEACTIVATED!"); + + } + +} diff --git a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator index 42bc23c95..8faf16843 100644 --- a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator +++ b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator @@ -1 +1,5 @@ +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolOpenIDTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolPVP2XTask at.gv.egovernment.moa.id.config.webgui.validation.task.impl.GeneralSTORKConfigurationTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesAuthenticationSTORKTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolSTORKTask \ No newline at end of file diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties index 2f36ab125..bb0499020 100644 --- a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties +++ b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties @@ -6,6 +6,7 @@ config.02=Configfile is not readable. ({0}) config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file not defined +config.06=Configfile {1} does not start with {0} prefix. error.title=Fehler: error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. @@ -372,7 +373,8 @@ validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folge validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer. -validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00F6ltiges Format. +validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00FCltiges Format. +validation.general.businessservice.empty=Die Application ist weder dem \u00F6ffentlichen noch dem privaten Sektor zugeordnet. validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties index 154f380ae..420ac27ec 100644 --- a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties +++ b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties @@ -6,6 +6,7 @@ config.02=Configfile is not readable. ({0}) config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file is not defined +config.06=Configfile {1} does not start with {0} prefix. error.title=Error: error.login.internal=The error occurred during the processing. Please try again or contact Administrator. @@ -371,6 +372,7 @@ validation.edituser.bpk.valid=BPK contains forbidden characters. The following c validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0} validation.general.publicURLprefix.empty=Public URL Prefix is blank. validation.general.publicURLprefix.valid=Public URL Prefix has invalid format. +validation.general.businessservice.empty=Online application is no public or private application. validation.general.certStoreDirectory.empty=CertStoreDirectory is blank. validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0} validation.general.Defaultchainigmode.empty=There is no DefaultChainingMode selected. diff --git a/id/moa-id-webgui/src/main/resources/gui/meta.properties b/id/moa-id-webgui/src/main/resources/gui/meta.properties index 177dff6f1..0abf358d9 100644 --- a/id/moa-id-webgui/src/main/resources/gui/meta.properties +++ b/id/moa-id-webgui/src/main/resources/gui/meta.properties @@ -1,28 +1,76 @@ -__BASE__.moaid.0=moa.id.general - -#__BASE__.all.1=moa.id.gateway +__BASE__.moaidgeneral.0=moa.id.general +__BASE__.moaidoa.0=moa.id.services.oa +__BASE__.moaidinterfederation.0=moa.id.services moa.id.general.__TY=general moa.id.general.__CA=General Configuration moa.id.general.__DE=General MOA-ID Configuration -#moa.id.oa.__GR=moa.id -#moa.id.oa.__TY=ARRAY -#moa.id.oa.__ADD=true -#moa.id.oa.__DEL=true -#moa.id.oa.__CA=List of online Applications -#moa.id.oa.__DE=Long description of the list of online Applications... -#moa.id.oa.__CTY=OA -#moa.id.oa.__CCA=Name;Online Applications URL -#moa.id.oa.__CIDS=name;url -#moa.id.oa.__CDE=An online Application - - -#moa.id.oa.__TE.name=Online Application Template -#moa.id.oa.__TE.url=http://sampleonline.application.com/ -#moa.id.oa.__TE.attributes.0.name=Vorname -#moa.id.oa.__TE.attributes.0.type=FIRSTNAME -#moa.id.oa.__TE.attributes.0.required=true -#moa.id.oa.__TE.__CA=A Template for an online Application -#moa.id.oa.__TE.__DE=Long description of the list of online Applications... +moa.id.services.__TY=GROUP +moa.id.services.__CA=MOA-ID Interfederation Services +moa.id.services.__DE=Interfederation Services + +##Online application## +moa.id.services.oa.__TY=ARRAY +moa.id.services.oa.__ADD=true +moa.id.services.oa.__DEL=true +moa.id.services.oa.__CA=List of online Applications +moa.id.services.oa.__DE=All actually configured online application +moa.id.services.oa.__CTY=moaidoa +moa.id.services.oa.__CCA=Unique ID;Friendlyname +moa.id.services.oa.__CIDS=uniqueID;friendlyName +moa.id.services.oa.__CDE=Online Application + +moa.id.services.oa.__TE.friendlyName=Sample Name +moa.id.services.oa.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.oa.__TE.isActive=false + +##V-IDP## +moa.id.services.vidp.__GR=moa.id.services +moa.id.services.vidp.__TY=ARRAY +moa.id.services.vidp.__ADD=true +moa.id.services.vidp.__DEL=true +moa.id.services.vidp.__CA=List of V-IDPs +moa.id.services.vidp.__DE=All actually configured V-IDP instances +moa.id.services.vidp.__CTY=moaidvidp +moa.id.services.vidp.__CCA=Unique ID;Friendlyname +moa.id.services.vidp.__CIDS=uniqueID;friendlyName +moa.id.services.vidp.__CDE=V-IDP + +moa.id.services.vidp.__TE.friendlyName=Sample V-IDP +moa.id.services.vidp.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.vidp.__TE.isActive=false + +##I-IDP## +moa.id.services.iidp.__GR=moa.id.services +moa.id.services.iidp.__TY=ARRAY +moa.id.services.iidp.__ADD=true +moa.id.services.iidp.__DEL=true +moa.id.services.iidp.__CA=List of Interfederation IDPs +moa.id.services.iidp.__DE=All actually configured I-IDP instances +moa.id.services.iidp.__CTY=moaidiidp +moa.id.services.iidp.__CCA=Unique ID;Friendlyname +moa.id.services.iidp.__CIDS=uniqueID;friendlyName +moa.id.services.iidp.__CDE=I-IDP + +moa.id.services.iidp.__TE.friendlyName=Sample I-IDP +moa.id.services.iidp.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.iidp.__TE.isActive=false + +##Gateway## +moa.id.services.gateway.__GR=moa.id.services +moa.id.services.gateway.__TY=ARRAY +moa.id.services.gateway.__ADD=true +moa.id.services.gateway.__DEL=true +moa.id.services.gateway.__CA=List of STORK<->PVP Gateways +moa.id.services.gateway.__DE=All actually configured Gateway instances +moa.id.services.gateway.__CTY=moaidgateway +moa.id.services.gateway.__CCA=Unique ID;Friendlyname +moa.id.services.gateway.__CIDS=uniqueID;friendlyName +moa.id.services.gateway.__CDE=V-IDP + +moa.id.services.gateway.__TE.friendlyName=Sample Gateway +moa.id.services.gateway.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.gateway.__TE.isActive=false + diff --git a/id/moa-id-webgui/src/main/resources/gui/types/gateway.json b/id/moa-id-webgui/src/main/resources/gui/types/gateway.json new file mode 100644 index 000000000..50ccd200c --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/gateway.json @@ -0,0 +1,50 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidgateway", + "type": "object", + "title": "STORK<->PVP Gateway", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "interfederation": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation", + "type": "object", + "title": "PVP Gateway", + "description": "STORK<->PVP Gateway configuration", + "options": { + "collapsed": true + }, + "properties": { + "forward.IDP": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/forward/entityID", + "type": "string", + "title": "PVP portal EntityID" + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/general.json b/id/moa-id-webgui/src/main/resources/gui/types/general.json index a4addb5f8..f7861332d 100644 --- a/id/moa-id-webgui/src/main/resources/gui/types/general.json +++ b/id/moa-id-webgui/src/main/resources/gui/types/general.json @@ -24,16 +24,19 @@ "onlineBKU" : { "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/online", "type": "string", + "format": "url", "title": "Online BKU" }, "handyBKU" : { "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/handy", "type": "string", + "format": "url", "title": "Handy BKU" }, "localBKU" : { "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/local", "type": "string", + "format": "url", "title": "Local BKU" } } @@ -87,6 +90,10 @@ "preview" : { "id": "http://www.egiz.gv.at/dynUI/general/auth/authblock/transform/preview", "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/general/auth/authblock/transform/filename", + "type": "string" } } }, diff --git a/id/moa-id-webgui/src/main/resources/gui/types/iidp.json b/id/moa-id-webgui/src/main/resources/gui/types/iidp.json new file mode 100644 index 000000000..a42254c36 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/iidp.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidiidp", + "type": "object", + "title": "Interfederation IDP", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "interfederation": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation", + "type": "object", + "title": "PVP Gateway", + "description": "STORK<->PVP Gateway configuration", + "options": { + "collapsed": true + }, + "properties": { + "SSO.inbound": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/inbound", + "type": "boolean", + "format" : "checkbox", + "title": "Allow inbound SSO" + }, + "SSO.outbound": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/outbound", + "type": "boolean", + "format" : "checkbox", + "title": "Allow outbound SSO" + }, + "SSO.store": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/store", + "type": "boolean", + "format" : "checkbox", + "title": "Store SSO session" + }, + "passiveReqeust": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/passiveReqeust", + "type": "boolean", + "format" : "checkbox", + "title": "Use SAML2 isPassive attribute" + }, + "localAuthOnError": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/localAuthOnError", + "type": "boolean", + "format" : "checkbox", + "title": "Local authentication in case of an error" + }, + "attributequery.url": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/attributequery/url", + "type": "string", + "title": "AttributeQuery service URL" + } + } + }, + "protocols": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols", + "type": "object", + "title": "Protocols", + "description": "Authentication protocol configuration", + "options": { + "collapsed": true + }, + "properties": { + "pvp2x": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x", + "type": "object", + "title": "PVP Configuration", + "description": "PVP 2.x authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "URL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/url", + "type": "string", + "title": "Metadata URL" + }, + "certificate": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate", + "type": "object", + "format": "file", + "title": "Metadata certificate", + "description": "Certificate for metadata signature validation", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/preview", + "type": "string" + } + } + } + } + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/oa.json b/id/moa-id-webgui/src/main/resources/gui/types/oa.json index eee0e97aa..aafc63b2e 100644 --- a/id/moa-id-webgui/src/main/resources/gui/types/oa.json +++ b/id/moa-id-webgui/src/main/resources/gui/types/oa.json @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/draft-04/schema#", "id": "http://www.egiz.gv.at/dynUI/OA", - "typeName": "oa", + "typeName": "moaidoa", "type": "object", "title": "Online Application Configuration", "format": "tabs", @@ -29,7 +29,7 @@ "format" : "checkbox", "title": "Private Sector application" }, - "target": { + "auth.target": { "id": "http://www.egiz.gv.at/dynUI/OA/target", "type": "object", "title": "Target definition", @@ -96,25 +96,36 @@ "type": "string", "title": "Sub-Target" }, - "use.own" : { - "id": "http://www.egiz.gv.at/dynUI/OA/target/public/useowntarget", - "type": "boolean", - "format" : "checkbox", - "title": "Use own-target" - }, - "own.target" : { - "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget", - "type": "string", - "title": "Own target" - }, - "own.name" : { - "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget/friendlyname", - "type": "string", - "title": "Own target - friendlyname" - } + "own" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/own", + "type": "object", + "title": "Own Target", + "description": "Own Target definition", + "options": { + "collapsed": true + }, + "properties": { + "use" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/useowntarget", + "type": "boolean", + "format" : "checkbox", + "title": "Use own-target" + }, + "target" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget", + "type": "string", + "title": "Own target" + }, + "name" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget/friendlyname", + "type": "string", + "title": "Own target - friendlyname" + } + } + } } }, - "private": { + "business": { "id": "http://www.egiz.gv.at/dynUI/OA/target/private", "type": "object", "title": "Private Sector definition", @@ -138,11 +149,515 @@ "id": "http://www.egiz.gv.at/dynUI/OA/target/private/value", "type": "string", "title": "Identifier" - }, + } } } } - } + }, + "auth": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth", + "type": "object", + "title": "Authentication", + "description": "Authentication configuration", + "options": { + "collapsed": true + }, + "properties": { + "bku": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku", + "type": "object", + "title": "BKU configuration", + "description": "Online application specific BKU communikation", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/online", + "type": "string", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/handy", + "type": "string", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/local", + "type": "string", + "title": "Local BKU" + }, + "keyBoxIdentifier" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/keyBoxIdentifier", + "type": "string", + "title": "KeyBoxIdentifier", + "enum": [ + "SecureSignatureKeypair", + "CertifiedKeypair" + ] + }, + "template": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template", + "type": "object", + "title": "SecurityLayer Templates", + "description": "Online application specific SecurityLayer templates", + "options": { + "collapsed": true + }, + "properties": { + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template/legacy", + "type": "boolean", + "format" : "checkbox", + "title": "Activate Legacy Mode" + }, + "first.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/first/url", + "type": "string", + "title": "First SL-Template" + }, + "second.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/second/url", + "type": "string", + "title": "Second SL-Template" + }, + "third.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/third/url", + "type": "string", + "title": "Third SL-Template" + } + } + } + } + }, + "templates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/templates", + "type": "object", + "title": "BKU selection customization", + "description": "Customization of the BKU selection form", + "options": { + "collapsed": true + }, + "properties": { + "customize": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize", + "type": "object", + "title": "Customize default template", + "description": "Customization of the default template", + "options": { + "collapsed": true + }, + "properties": { + "fonttype" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/fonttype", + "type": "string", + "title": "Font Type" + }, + "color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/back", + "type": "string", + "title": "Backcolor" + }, + "color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/front", + "type": "string", + "title": "Frontcolor" + }, + "header.color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/back", + "type": "string", + "title": "Header Backcolor" + }, + "header.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/front", + "type": "string", + "title": "Header Frontcolor" + }, + "header.text" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/text", + "type": "string", + "title": "Header Text" + }, + "button.color.back.focus" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/back/focus", + "type": "string", + "title": "Font Type" + }, + "button.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/front", + "type": "string", + "title": "Font Type" + }, + "applet.redirecttarget" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/redirecttarget", + "type": "string", + "title": "Applet - Redirect Target", + "enum": [ + "_blank", + "_self", + "_parent", + "_top" + ] + }, + "applet.hight" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/hight", + "type": "string", + "title": "Applet - Hight" + }, + "applet.width" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/width", + "type": "string", + "title": "Applet - Width" + } + } + }, + "bkuselection": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection", + "type": "object", + "format": "file", + "title": "BKU selection template", + "description": "Applicatio specific BKU selection template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/filename", + "type": "string" + } + } + }, + "sendAssertion": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion", + "type": "object", + "format": "file", + "title": "SendAssertion selection template", + "description": "Applicatio specific SendAssertion template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/filename", + "type": "string" + } + } + } + } + }, + "authblock": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock", + "type": "object", + "title": "AuthBlock configuration", + "description": "Online application specific AuthBlock configuration", + "options": { + "collapsed": true + }, + "properties": { + "removebPK" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/removebpk", + "type": "boolean", + "format" : "checkbox", + "title": "Remove bPK/wbPK" + }, + "additionaltext" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/text", + "type": "string", + "format": "textarea", + "title": "Additional AuthBlock Text" + } + } + }, + "testcredentials": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials", + "type": "object", + "title": "Test identities", + "description": "Test identities configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable test identities" + }, + "oids" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/oids", + "type": "string", + "title": "Allowed test-identity OIDs" + } + } + }, + "mandates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates", + "type": "object", + "title": "Mandates", + "description": "Online mandate configuration", + "options": { + "collapsed": true + }, + "properties": { + "use" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/use", + "type": "boolean", + "format" : "checkbox", + "title": "Mandates (yes/no)" + }, + "only" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/only", + "type": "boolean", + "format" : "checkbox", + "title": "Only mandates allowed" + }, + "profiles" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/profiles", + "type": "string", + "title": "Allowed mandated profiles" + } + } + }, + "sso": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso", + "type": "object", + "title": "Single Sign-On (SSO)", + "description": "Single Sign-On configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Single Sign-On (yes/no)" + }, + "userRequest" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso/sendassertionrequest", + "type": "boolean", + "format" : "checkbox", + "title": "Additional Userrequest" + } + } + }, + "stork": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork", + "type": "object", + "title": "STORK", + "description": "STORK configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable STORK logon" + }, + "minqaalevel" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/minqaa", + "type": "boolean", + "format" : "checkbox", + "title": "Minimum QAA Level" + }, + "countries" : { + "type": "array", + "title": "Countries", + "format": "table", + "options": { + "collapsed": true, + "disable_array_add": true, + "disable_array_delete": true, + "disable_array_reorder": true + }, + "items": { + "type": "object", + "properties": { + "countrycode": { + "type": "string", + "readOnly": true, + "title": "CountryCode" + }, + "enabled": { + "type": "boolean", + "format": "checkbox", + "title": "Enabled" + } + } + } + }, + "attributes" : { + "type": "array", + "title": "Attributes", + "format": "table", + "options": { + "collapsed": true, + "disable_array_add": true, + "disable_array_delete": true, + "disable_array_reorder": true + }, + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "readOnly": true, + "title": "CountryCode" + }, + "requested": { + "type": "boolean", + "format": "checkbox", + "title": "Requested" + }, + "mandatory": { + "type": "boolean", + "format": "checkbox", + "title": "Mandatory" + } + } + } + } + } + } + } + }, + "protocols": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols", + "type": "object", + "title": "Protocols", + "description": "Authentication protocol configuration", + "options": { + "collapsed": true + }, + "properties": { + "saml1": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1", + "type": "object", + "title": "SAML1 Configuration", + "description": "SAML1 authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enabled" + }, + "idl" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/idl", + "type": "boolean", + "format" : "checkbox", + "title": "IdentityLink" + }, + "baseid" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/baseid", + "type": "boolean", + "format" : "checkbox", + "title": "BaseID" + }, + "authblock" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/authblock", + "type": "boolean", + "format" : "checkbox", + "title": "AuthBlock" + }, + "certificate" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/certificate", + "type": "boolean", + "format" : "checkbox", + "title": "Signer Certificate" + }, + "mandate" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/mandate", + "type": "boolean", + "format" : "checkbox", + "title": "Full mandate" + }, + "returnError" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/returnError", + "type": "boolean", + "format" : "checkbox", + "title": "Return Errors to Application" + } + } + }, + "pvp2x": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x", + "type": "object", + "title": "PVP Configuration", + "description": "PVP 2.x authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "URL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/url", + "type": "string", + "title": "Metadata URL" + }, + "certificate": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate", + "type": "object", + "format": "file", + "title": "Metadata certificate", + "description": "Certificate for metadata signature validation", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/preview", + "type": "string" + } + } + } + } + }, + "openID" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid", + "type": "object", + "title": "OpenID Connect Configuration", + "description": "OpenID Connect authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "clientID" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/clientid", + "type": "string", + "readOnly" : true, + "title": "Client-ID" + }, + "secret" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/clientsecret", + "type": "string", + "readOnly" : true, + "title": "Client-Secret" + }, + "redirectURL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/redirectURL", + "type": "string", + "title": "Client-Secret" + } + } + } + } + } }, "required": ["uniqueID", "friendlyName"] } diff --git a/id/moa-id-webgui/src/main/resources/gui/types/vidp.json b/id/moa-id-webgui/src/main/resources/gui/types/vidp.json new file mode 100644 index 000000000..3e6e4fb7b --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/vidp.json @@ -0,0 +1,371 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidvidp", + "type": "object", + "title": "STORK V-IDP", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "auth.target": { + "id": "http://www.egiz.gv.at/dynUI/OA/target", + "type": "object", + "title": "Target definition", + "description": "bPK or wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "business": { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private", + "type": "object", + "title": "Private Sector definition", + "description": "wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "type" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/type", + "type": "string", + "title": "Sector Type", + "enum": [ + "FN", + "ZVR", + "ERSB", + "STORK" + ] + }, + "value" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/value", + "type": "string", + "title": "Identifier" + } + } + } + } + }, + "auth": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth", + "type": "object", + "title": "Authentication", + "description": "Authentication configuration", + "options": { + "collapsed": true + }, + "properties": { + "bku": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku", + "type": "object", + "title": "BKU configuration", + "description": "Online application specific BKU communikation", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/online", + "type": "string", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/handy", + "type": "string", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/local", + "type": "string", + "title": "Local BKU" + }, + "keyBoxIdentifier" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/keyBoxIdentifier", + "type": "string", + "title": "KeyBoxIdentifier", + "enum": [ + "SecureSignatureKeypair", + "CertifiedKeypair" + ] + }, + "template": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template", + "type": "object", + "title": "SecurityLayer Templates", + "description": "Online application specific SecurityLayer templates", + "options": { + "collapsed": true + }, + "properties": { + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template/legacy", + "type": "boolean", + "format" : "checkbox", + "title": "Activate Legacy Mode" + }, + "first.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/first/url", + "type": "string", + "title": "First SL-Template" + }, + "second.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/second/url", + "type": "string", + "title": "Second SL-Template" + }, + "third.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/third/url", + "type": "string", + "title": "Third SL-Template" + } + } + } + } + }, + "templates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/templates", + "type": "object", + "title": "BKU selection customization", + "description": "Customization of the BKU selection form", + "options": { + "collapsed": true + }, + "properties": { + "customize": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize", + "type": "object", + "title": "Customize default template", + "description": "Customization of the default template", + "options": { + "collapsed": true + }, + "properties": { + "fonttype" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/fonttype", + "type": "string", + "title": "Font Type" + }, + "color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/back", + "type": "string", + "title": "Backcolor" + }, + "color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/front", + "type": "string", + "title": "Frontcolor" + }, + "header.color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/back", + "type": "string", + "title": "Header Backcolor" + }, + "header.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/front", + "type": "string", + "title": "Header Frontcolor" + }, + "header.text" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/text", + "type": "string", + "title": "Header Text" + }, + "button.color.back.focus" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/back/focus", + "type": "string", + "title": "Font Type" + }, + "button.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/front", + "type": "string", + "title": "Font Type" + }, + "applet.redirecttarget" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/redirecttarget", + "type": "string", + "title": "Applet - Redirect Target", + "enum": [ + "_blank", + "_self", + "_parent", + "_top" + ] + }, + "applet.hight" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/hight", + "type": "string", + "title": "Applet - Hight" + }, + "applet.width" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/width", + "type": "string", + "title": "Applet - Width" + } + } + }, + "bkuselection": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection", + "type": "object", + "format": "file", + "title": "BKU selection template", + "description": "Applicatio specific BKU selection template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/filename", + "type": "string" + } + } + }, + "sendAssertion": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion", + "type": "object", + "format": "file", + "title": "SendAssertion selection template", + "description": "Applicatio specific SendAssertion template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/filename", + "type": "string" + } + } + } + } + }, + "authblock": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock", + "type": "object", + "title": "AuthBlock configuration", + "description": "Online application specific AuthBlock configuration", + "options": { + "collapsed": true + }, + "properties": { + "removebPK" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/removebpk", + "type": "boolean", + "format" : "checkbox", + "title": "Remove bPK/wbPK" + }, + "additionaltext" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/text", + "type": "string", + "format": "textarea", + "title": "Additional AuthBlock Text" + } + } + }, + "testcredentials": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials", + "type": "object", + "title": "Test identities", + "description": "Test identities configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable test identities" + }, + "oids" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/oids", + "type": "string", + "title": "Allowed test-identity OIDs" + } + } + }, + "stork": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork", + "type": "object", + "title": "STORK", + "description": "STORK configuration", + "options": { + "collapsed": true + }, + "properties": { + "requireConsent" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/requireConsent", + "type": "boolean", + "format" : "checkbox", + "title": "Ask the user for attributes transfer consent" + }, + "attributeprovider" : { + "type": "array", + "title": "Attribute-Provider Plug-ins", + "format": "table", + "options": { + "collapsed": true + }, + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "title": "Attribute Plug-in", + "enum": [ + "StorkAttributeRequestProvider", + "EHvdAttributeProvider_deprecated", + "EHvdAttributeProvider", + "SignedDocAttributeRequestProvider", + "MandateAttributeRequestProvider", + "PVPAuthenticationProvider" + ] + }, + "url": { + "type": "string", + "format": "url", + "title": "URL" + }, + "attributes": { + "type": "string", + "title": "Attribute (CSV)" + } + } + } + } + } + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml b/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml index 3d1528fdf..0ee7ac89c 100644 --- a/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml +++ b/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml @@ -9,14 +9,16 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - - + - + - - + + + + + \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f62c21ed9..54484a854 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -99,7 +99,7 @@ import at.gv.util.xsd.srzgw.MISType.Filters; * @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher * $ */ -public class AuthenticationServer implements MOAIDAuthConstants { +public class AuthenticationServer extends MOAIDAuthConstants { /** * single instance diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 5223a181d..3d12bae61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -9,6 +9,9 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; + import iaik.asn1.ObjectID; @@ -18,7 +21,7 @@ import iaik.asn1.ObjectID; * @author Paul Ivancsics * @version $Id$ */ -public interface MOAIDAuthConstants { +public class MOAIDAuthConstants extends MOAIDConstants{ /** servlet parameter "Target" */ public static final String PARAM_TARGET = "Target"; @@ -113,9 +116,7 @@ public interface MOAIDAuthConstants { // /** the number of the certifcate extension for party organ representatives */ // public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; - - public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; - + /** OW */ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; @@ -143,8 +144,6 @@ public interface MOAIDAuthConstants { public static final String PARAM_APPLET_HEIGTH = "heigth"; public static final String PARAM_APPLET_WIDTH = "width"; - public static final String TESTCREDENTIALROOTOID = "1.2.40.0.10.2.4.1"; - public static final Map COUNTRYCODE_XX_TO_NAME = Collections.unmodifiableMap(new HashMap() { private static final long serialVersionUID = 1L; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index ffadc2631..573f2e09f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -116,7 +116,7 @@ import at.gv.util.xsd.szr.PersonInfoType; * @author tlenz * */ -public class AuthenticationDataBuilder implements MOAIDAuthConstants { +public class AuthenticationDataBuilder extends MOAIDAuthConstants { public static IAuthData buildAuthenticationData(IRequest protocolRequest, AuthenticationSession session, List reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 924051e2a..899b0fd15 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.builder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; /** @@ -96,7 +97,7 @@ public class DataURLBuilder { dataURL = authBaseURL + authServletName; - dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); + dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID); return dataURL; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index a26dec969..3b903009c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -44,7 +44,7 @@ import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ +public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ public static void parse(AuthenticationSession moasession, String target, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index c4c4b2691..43f4f90ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -96,7 +96,7 @@ import at.gv.egovernment.moa.util.URLDecoder; * @author Paul Ivancsics * @version $Id$ */ -public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { +public class AuthServlet extends HttpServlet { /** * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 5802ce3b9..7b55564c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -64,10 +65,10 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { String pendingRequestID = null; try { - String bkuid = req.getParameter(PARAM_BKU); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - String moasessionid = req.getParameter(PARAM_SESSIONID); + String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); + String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); + String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); + String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); moasessionid = StringEscapeUtils.escapeHtml(moasessionid); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 626c95b19..0a6d30be7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -32,6 +32,7 @@ import org.apache.velocity.VelocityContext; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -64,9 +65,9 @@ public class IDPSingleLogOutServlet extends AuthServlet { SSOManager ssomanager = SSOManager.getInstance(); String ssoid = ssomanager.getSSOSessionID(req); - Object restartProcessObj = req.getParameter(PARAM_SLORESTART); + Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART); - Object tokkenObj = req.getParameter(PARAM_SLOSTATUS); + Object tokkenObj = req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS); String tokken = null; String status = null; if (tokkenObj != null && tokkenObj instanceof String) { @@ -78,7 +79,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { } VelocityContext context = new VelocityContext(); - if (SLOSTATUS_SUCCESS.equals(status)) + if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status)) context.put("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else @@ -148,12 +149,12 @@ public class IDPSingleLogOutServlet extends AuthServlet { String statusCode = null; if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) - statusCode = SLOSTATUS_SUCCESS; + statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS; else - statusCode = SLOSTATUS_ERROR; + statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; AssertionStorage.getInstance().put(artifact, statusCode); - redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact); + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); } //redirect to Redirect Servlet diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java index 43b6c03d4..0b6180d0f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -33,10 +33,10 @@ public class ProcessEngineSignalServlet extends AuthServlet { * The HttpServletResponse. */ private void setNoCachingHeaders(HttpServletResponse resp) { - resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); } /** @@ -95,7 +95,7 @@ public class ProcessEngineSignalServlet extends AuthServlet { * @return The current MOA session id. */ public String getMoaSessionId(HttpServletRequest request) { - return StringEscapeUtils.escapeHtml(request.getParameter(PARAM_SESSIONID)); + return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID)); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 7266a3302..431a7e0f7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -29,6 +29,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -55,9 +56,9 @@ public class RedirectServlet extends AuthServlet{ Logger.debug("Receive " + RedirectServlet.class + " Request"); String url = req.getParameter(REDIRCT_PARAM_URL); - String target = req.getParameter(PARAM_TARGET); - String artifact = req.getParameter(PARAM_SAMLARTIFACT); - String interIDP = req.getParameter(INTERFEDERATION_IDP); + String target = req.getParameter(MOAIDAuthConstants.PARAM_TARGET); + String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT); + String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); Logger.debug("Check URL against online-applications"); OAAuthParameter oa = null; @@ -85,12 +86,12 @@ public class RedirectServlet extends AuthServlet{ if (MiscUtil.isNotEmpty(target)) { // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, // URLEncoder.encode(session.getTarget(), "UTF-8")); - url = addURLParameter(url, PARAM_TARGET, + url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(target, "UTF-8")); } - url = addURLParameter(url, PARAM_SAMLARTIFACT, + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(artifact, "UTF-8")); url = resp.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java index d4cb909d9..d36a4318a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java @@ -27,7 +27,6 @@ import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java index 8fad1bc83..38135b028 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java @@ -22,6 +22,10 @@ */ package at.gv.egovernment.moa.id.config.auth; +import java.net.URI; +import java.net.URISyntaxException; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; @@ -50,13 +54,21 @@ public class AuthConfigurationProviderFactory { * @throws ConfigurationException */ public static AuthConfiguration reload() throws ConfigurationException { - String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); if (fileName == null) { throw new ConfigurationException("config.01", null); } Logger.info("Loading MOA-ID-AUTH configuration " + fileName); - - instance = new PropertyBasedAuthConfigurationProvider(fileName); + + try { + URI fileURI = new URI(fileName); + instance = new PropertyBasedAuthConfigurationProvider(fileURI); + + } catch (URISyntaxException e){ + Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix."); + throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, fileName}); + + } return instance; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 3bf631108..4587f0bc3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -59,6 +59,7 @@ import java.util.Set; import org.apache.commons.lang.SerializationUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.TargetValidator; @@ -113,11 +114,11 @@ public String getIdentityLinkDomainIdentifier() { String type = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) { - if (MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(type)) { - return MOAIDConfigurationConstants.PREFIX_STORK + "AT" + "+" + value; + if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) { + return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value; } else { - return MOAIDConfigurationConstants.PREFIX_WPBK + type + "+" + value; + return MOAIDConstants.PREFIX_WPBK + type + "+" + value; } } @@ -567,7 +568,7 @@ public Collection getStorkAPs() { @Override public byte[] getBKUSelectionTemplate() { try { - String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION); + String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); @@ -587,7 +588,7 @@ public byte[] getBKUSelectionTemplate() { @Override public byte[] getSendAssertionTemplate() { try { - String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION); + String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index 9535c9aa3..9fc03e2df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -62,7 +62,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @param fileName the path to the properties file * @throws ConfigurationException if an error occurs during loading the properties file. */ - public PropertyBasedAuthConfigurationProvider(String fileName) throws ConfigurationException { + public PropertyBasedAuthConfigurationProvider(URI fileName) throws ConfigurationException { File propertiesFile = new File(fileName); rootConfigFileDir = propertiesFile.getParent(); try { @@ -72,14 +72,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide throw new ConfigurationException("config.03", null, t); } - - System.getProperties().setProperty("location", "file:" + fileName); - context = new ClassPathXmlApplicationContext( - new String[] { "moaid.configuration.beans.xml", - "configuration.beans.xml" - }); - AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); - acbFactory.autowireBean(this); FileInputStream in = null; try { @@ -87,6 +79,15 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide properties.load(in); super.initial(properties); +// JPAPropertiesWithJavaConfig.setLocalProperties(configProp); +// System.getProperties().setProperty("location", "file:" + fileName); + context = new ClassPathXmlApplicationContext( + new String[] { "moaid.configuration.beans.xml", + "configuration.beans.xml" + }); + AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); + acbFactory.autowireBean(this); + } catch (FileNotFoundException e) { throw new ConfigurationException("config.03", null, e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 2e0aa5486..15dbf818d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -279,7 +280,7 @@ public class DispatcherServlet extends AuthServlet{ //create interfederated MOASession String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); - req.getParameterMap().put(PARAM_SESSIONID, new String[]{ sessionID }); + req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID }); Logger.info("PreProcessing of SSO interfederation response complete. "); @@ -459,7 +460,7 @@ public class DispatcherServlet extends AuthServlet{ } } else { - moasessionID = (String) req.getParameter(PARAM_SESSIONID); + moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); } @@ -475,7 +476,7 @@ public class DispatcherServlet extends AuthServlet{ } } else { - moasessionID = (String) req.getParameter(PARAM_SESSIONID); + moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index e4a358cdb..25aaf4310 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -103,7 +103,7 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -public class AuthenticationManager implements MOAIDAuthConstants { +public class AuthenticationManager extends MOAIDAuthConstants { private static final AuthenticationManager INSTANCE = new AuthenticationManager(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index 529e2ab81..fda92d71a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -31,7 +31,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; -public interface IAction extends MOAIDAuthConstants { +public interface IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException; public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 6b5e6a0f3..e9b18348c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -99,7 +99,7 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { +public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index 9884d2a8a..b567798fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -60,6 +60,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -265,12 +266,12 @@ public class SingleLogOutAction implements IAction { String statusCode = null; if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) - statusCode = SLOSTATUS_SUCCESS; + statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS; else - statusCode = SLOSTATUS_ERROR; + statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; AssertionStorage.getInstance().put(artifact, statusCode); - redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact); + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); } //redirect to Redirect Servlet diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java index 8adf5cad9..72775ec02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -interface IPVPAttributeBuilder extends PVPConstants, MOAIDAuthConstants, IAttributeBuilder { +interface IPVPAttributeBuilder extends PVPConstants, IAttributeBuilder { } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 5b1f49411..2019b0d20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,6 +27,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; @@ -83,8 +84,8 @@ public class GetArtifactAction implements IAction { String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) - url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); httpResp.setContentType("text/html"); @@ -94,12 +95,12 @@ public class GetArtifactAction implements IAction { } else { String redirectURL = oaURL; if (!oaParam.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = httpResp.encodeRedirectURL(redirectURL); httpResp.setContentType("text/html"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index bc38735ac..cdc50d8a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -49,7 +49,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; -public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { +public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index f0b0f58de..de1924ba1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; @@ -50,14 +51,7 @@ public class AttributeProviderFactory { * @return the available plugins */ public static List getAvailablePlugins() { - List result = new ArrayList(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider_deprecated"); - result.add("EHvdAttributeProvider"); - result.add("SignedDocAttributeRequestProvider"); - result.add("MandateAttributeRequestProvider"); - result.add("PVPAuthenticationProvider"); - return result; + return MOAIDConstants.ALLOWED_STORKATTRIBUTEPROVIDERS; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 9eab99c52..42cf04877 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -45,7 +45,7 @@ import java.util.HashMap; * * @author bsuzic */ -public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { +public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = STORKProtocol.class.getName(); public static final String PATH = "id_stork2"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 64ae95093..47010a735 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -72,7 +72,7 @@ import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -public class ParamValidatorUtils implements MOAIDAuthConstants{ +public class ParamValidatorUtils extends MOAIDAuthConstants{ /** * Checks if the given target is valid diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java index 9ce44fe15..dd4e67bcd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java @@ -30,7 +30,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -public class LegacyHelper implements MOAIDAuthConstants{ +public class LegacyHelper extends MOAIDAuthConstants{ public static boolean isUseMandateRequested(HttpServletRequest req) throws WrongParametersException { diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml index cdfde11b1..e9e4eb23d 100644 --- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml @@ -9,6 +9,30 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index fc1aa714e..827eeec8d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -75,7 +75,8 @@ config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefu config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt. config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert. -config.23=Fehler beim initialisieren von OpenSAML +config.23=Fehler beim initialisieren von OpenSAML +config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix. parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index faafa6fd2..59a29d9bd 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -55,6 +55,7 @@ config.20=9199 config.21=9006 config.22=9008 config.23=9199 +config.24=9199 parser.00=1101 parser.01=1101 diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java index 6e1f612c8..fd1473b1f 100644 --- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java +++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java @@ -1,10 +1,19 @@ package test.tlenz; +import java.io.FileInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + import iaik.asn1.structures.Name; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; +import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.util.DOMUtils; /******************************************************************************* * Copyright 2014 Federal Chancellery Austria @@ -49,6 +58,19 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; public class simpletest { // public static void main(String[] args) { + try { + InputStream s = new FileInputStream("D:/idl_test/identity_link.xml"); + Element idlTemplate = DOMUtils.parseXmlValidating(s); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning"); + IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); + + } catch (Exception e) { + System.out.println(e.getMessage()); + + } String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java new file mode 100644 index 000000000..e084c07e5 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -0,0 +1,109 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Hashtable; +import java.util.List; +import java.util.Map; + +/** + * @author tlenz + * + */ +public class MOAIDConstants { + + //general configuration constants + + public static final String FILE_URI_PREFIX = "file:/"; + + public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; + public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+"; + + public static final String IDENIFICATIONTYPE_FN = "FN"; + public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; + public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; + public static final String IDENIFICATIONTYPE_STORK = "STORK"; + + public static final String KEYBOXIDENTIFIER_SECURE = "SecureSignatureKeypair"; + public static final String KEYBOXIDENTIFIER_CERTIFIED = "CertifiedKeypair"; + + public static final String TESTCREDENTIALROOTOID = "1.2.40.0.10.2.4.1"; + + public static final String REDIRECTTARGET_TOP = "_top"; + public static final String REDIRECTTARGET_SELF = "_self"; + public static final String REDIRECTTARGET_PARENT = "_parent"; + public static final String REDIRECTTARGET_BLANK = "_blank"; + + public static final Map BUSINESSSERVICENAMES; + public static final List ALLOWED_WBPK_PREFIXES; + public static final List ALLOWED_KEYBOXIDENTIFIER; + public static final List ALLOWED_REDIRECTTARGETNAMES; + public static final List ALLOWED_STORKATTRIBUTEPROVIDERS; + + + static { + Hashtable tmp = new Hashtable(); + tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); + tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); + tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); + tmp.put(IDENIFICATIONTYPE_STORK, "STORK"); + BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); + + List awbpk = new ArrayList(); + awbpk.add(IDENIFICATIONTYPE_FN); + awbpk.add(IDENIFICATIONTYPE_ERSB); + awbpk.add(IDENIFICATIONTYPE_ZVR); + awbpk.add(PREFIX_WPBK + IDENIFICATIONTYPE_FN); + awbpk.add(PREFIX_WPBK + IDENIFICATIONTYPE_ERSB); + awbpk.add(PREFIX_WPBK + IDENIFICATIONTYPE_ZVR); + ALLOWED_WBPK_PREFIXES = Collections.unmodifiableList(awbpk); + + List keyboxIDs = new ArrayList(); + awbpk.add(KEYBOXIDENTIFIER_SECURE); + awbpk.add(KEYBOXIDENTIFIER_CERTIFIED); + ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs); + + List redirectTargets = new ArrayList(); + redirectTargets.add(REDIRECTTARGET_BLANK); + redirectTargets.add(REDIRECTTARGET_PARENT); + redirectTargets.add(REDIRECTTARGET_SELF); + redirectTargets.add(REDIRECTTARGET_TOP); + ALLOWED_REDIRECTTARGETNAMES = Collections.unmodifiableList(redirectTargets); + + } + + static { + List storkAttrProvider = new ArrayList(); + storkAttrProvider.add("StorkAttributeRequestProvider"); + storkAttrProvider.add("EHvdAttributeProvider_deprecated"); + storkAttrProvider.add("EHvdAttributeProvider"); + storkAttrProvider.add("SignedDocAttributeRequestProvider"); + storkAttrProvider.add("MandateAttributeRequestProvider"); + storkAttrProvider.add("PVPAuthenticationProvider"); + ALLOWED_STORKATTRIBUTEPROVIDERS = Collections.unmodifiableList(storkAttrProvider); + + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 694ff0720..4f47efb78 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -30,6 +30,7 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -110,12 +111,10 @@ public class ConfigurationMigrationUtils { * but no MOA-ID configuration prefix * * @param oa MOA-ID 2.x OnlineApplication configuration + * @param storkConfig * @return MOA-ID 3.x OnlineApplication configuration without prefix but never Null */ - public static Map convertHyberJaxBOnlineApplicationToKeyValue(OnlineApplication oa) { - //TODO: add C-PEPS countries and STORK attributes from general config!!!! - //TODO: add correct list identifiers for metadata handling - + public static Map convertHyberJaxBOnlineApplicationToKeyValue(OnlineApplication oa, STORK storkConfig) { Map result = new HashMap(); if (oa != null) { //convert oaID and friendlyname @@ -296,6 +295,34 @@ public class ConfigurationMigrationUtils { result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST, Boolean.TRUE.toString()); } + //convert interfederation configuration + InterfederationIDPType moaIDP = oa.getInterfederationIDP(); + if (moaIDP != null) { + result.put(MOAIDConfigurationConstants.PREFIX_SERVICES, MOAIDConfigurationConstants.PREFIX_IIDP); + result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL, + moaIDP.getAttributeQueryURL()); + result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND, + String.valueOf(moaIDP.isInboundSSO())); + result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND, + String.valueOf(moaIDP.isOutboundSSO())); + + result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE, + String.valueOf(moaIDP.isStoreSSOSession())); + result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR, + String.valueOf(moaIDP.isPerformLocalAuthenticationOnError())); + result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST, + String.valueOf(moaIDP.isPerformPassivRequest())); + } + + //convert STORK <-> PVP2X gateway configuration + InterfederationGatewayType gateway = oa.getInterfederationGateway(); + if (gateway != null) { + result.put(MOAIDConfigurationConstants.PREFIX_SERVICES, MOAIDConfigurationConstants.PREFIX_GATEWAY); + result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + gateway.getForwardIDPIdentifier()); + + } + //convert STORK config OASTORK config = oaauth.getOASTORK(); if(config != null) { @@ -309,46 +336,6 @@ public class ConfigurationMigrationUtils { else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4"); - if (config.getCPEPS() != null) { - for (int i=0; i configuredCPEPs = new ArrayList(); + if (storkConfig != null && storkConfig.getCPEPS() != null) { + for (CPEPS el : storkConfig.getCPEPS()) { + if (MiscUtil.isNotEmpty(el.getCountryCode())) + configuredCPEPs.add(el.getCountryCode()); + + } + } + int listCounter = 0; + if (config.getCPEPS() != null) { + Iterator oaCPEPSInterator = config.getCPEPS().iterator(); + while(oaCPEPSInterator.hasNext()) { + CPEPS oaCpeps = oaCPEPSInterator.next(); + String oaCountryCode = oaCpeps.getCountryCode(); + if (MiscUtil.isNotEmpty(oaCountryCode)) { + if (configuredCPEPs.contains(oaCountryCode)) + configuredCPEPs.remove(oaCountryCode); + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED, + Boolean.TRUE.toString()); + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE, + oaCountryCode); + + listCounter++; + } + } + } + Iterator confCPEPS = configuredCPEPs.iterator(); + while (confCPEPS.hasNext()) { + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED, + Boolean.TRUE.toString()); + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE, + confCPEPS.next()); + listCounter++; + + } + + //fetch STORK attributes + List configuredAttributs = new ArrayList(); + if (storkConfig != null && storkConfig.getAttributes() != null) { + for (StorkAttribute el : storkConfig.getAttributes()) { + if (MiscUtil.isNotEmpty(el.getName())) + configuredAttributs.add(el.getName()); + + } + } + listCounter = 0; + if (config.getOAAttributes() != null) { + Iterator oaAttributeInterator = config.getOAAttributes().iterator(); + while (oaAttributeInterator.hasNext()) { + OAStorkAttribute oaAttr = oaAttributeInterator.next(); + if (MiscUtil.isNotEmpty(oaAttr.getName())) { + if (configuredAttributs.contains(oaAttr.getName())) + configuredAttributs.remove(oaAttr.getName()); + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME, + oaAttr.getName()); + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED, + Boolean.TRUE.toString()); + + + if (oaAttr.isMandatory() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + oaAttr.isMandatory().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + Boolean.FALSE.toString()); + listCounter++; + } + } + } + Iterator configuredAttributsInterator = configuredAttributs.iterator(); + while (configuredAttributsInterator.hasNext()) { + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME, + configuredAttributsInterator.next()); + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED, + Boolean.TRUE.toString()); + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(listCounter) + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + Boolean.FALSE.toString()); + listCounter++; + + } + } } //convert protocols SAML1 @@ -479,9 +580,9 @@ public class ConfigurationMigrationUtils { TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) { try { - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION, + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, Base64Utils.encode(bkuSelectTemplate.getTransformation())); - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplate.getFilename()); } catch (Exception e) { @@ -495,9 +596,9 @@ public class ConfigurationMigrationUtils { TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) { try { - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION, + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, Base64Utils.encode(sendAssertionTemplate.getTransformation())); - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW, sendAssertionTemplate.getFilename()); } catch (Exception e) { @@ -577,38 +678,11 @@ public class ConfigurationMigrationUtils { } } } - - //convert interfederation configuration - InterfederationIDPType moaIDP = oa.getInterfederationIDP(); - if (moaIDP != null) { - result.put(MOAIDConfigurationConstants.PREFIX_SERVICES, MOAIDConfigurationConstants.PREFIX_IIDP); - result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL, - moaIDP.getAttributeQueryURL()); - result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND, - String.valueOf(moaIDP.isInboundSSO())); - result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND, - String.valueOf(moaIDP.isOutboundSSO())); - - result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE, - String.valueOf(moaIDP.isStoreSSOSession())); - result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR, - String.valueOf(moaIDP.isPerformLocalAuthenticationOnError())); - result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST, - String.valueOf(moaIDP.isPerformPassivRequest())); - } - - //convert STORK <-> PVP2X gateway configuration - InterfederationGatewayType gateway = oa.getInterfederationGateway(); - if (gateway != null) { - result.put(MOAIDConfigurationConstants.PREFIX_SERVICES, MOAIDConfigurationConstants.PREFIX_GATEWAY); - result.put(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, - gateway.getForwardIDPIdentifier()); - - } - + //set onlineapplication identifier if nothing is set - if (!result.containsKey(MOAIDConfigurationConstants.PREFIX_SERVICES)) + if (!result.containsKey(MOAIDConfigurationConstants.PREFIX_SERVICES)) { result.put(MOAIDConfigurationConstants.PREFIX_SERVICES, MOAIDConfigurationConstants.PREFIX_OA); + } } return result; @@ -922,11 +996,11 @@ public class ConfigurationMigrationUtils { templates.setAditionalAuthBlockText(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT)); //store BKU-selection and send-assertion templates - if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION))) { + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA))) { TransformsInfoType el1 = new TransformsInfoType(); try { - el1.setTransformation(Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION), false)); - el1.setFilename(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME)); + el1.setTransformation(Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA), false)); + el1.setFilename(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW)); templates.setBKUSelectionTemplate(el1); } catch (IOException e) { @@ -934,11 +1008,11 @@ public class ConfigurationMigrationUtils { } } - if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION))) { + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA))) { TransformsInfoType el1 = new TransformsInfoType(); try { - el1.setTransformation(Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION), false)); - el1.setFilename(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME)); + el1.setTransformation(Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA), false)); + el1.setFilename(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW)); templates.setSendAssertionTemplate(el1); } catch (IOException e) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java index bac2d0011..399533d3f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java @@ -23,6 +23,7 @@ import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -86,11 +87,24 @@ public class ConfigurationUtil { Properties result = new Properties(); + if (config == null) { + return null; + + } + STORK storkConfig = null; + try { + storkConfig = config.getAuthComponentGeneral().getForeignIdentities().getSTORK(); + + } catch (Exception e) { + Logger.debug("No general STORK configuration found."); + + } + //convert all online applications List oaList = config.getOnlineApplication(); for (int i=0; i keyValueOA = ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa); + Map keyValueOA = ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); String serviceIdentifier = keyValueOA.get(MOAIDConfigurationConstants.PREFIX_SERVICES); if (MiscUtil.isEmpty(serviceIdentifier)) { @@ -106,7 +120,13 @@ public class ConfigurationUtil { + key, keyValueOA.get(key)); - } + } + //set correct metadata list identifier + result.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + + "." + serviceIdentifier + "." + String.valueOf(i) + "." + + MOAIDConfigurationConstants.METADATA_LIST +".0", + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + + "." + serviceIdentifier); } Map keyValueGeneral = ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(config); @@ -189,8 +209,12 @@ public class ConfigurationUtil { Properties inProperties = new Properties(); inProperties.load(inStream); - System.getProperties().setProperty("location", "file:" + outputDBConfigFilePath); - ApplicationContext context = new ClassPathXmlApplicationContext("configuration.beans.xml"); + System.getProperties().setProperty("moa.id.webconfig", "file:" + outputDBConfigFilePath); + ApplicationContext context = new ClassPathXmlApplicationContext( + new String[]{ + "configuration.beans.xml", + "moaid.migration.beans.xml" + }); Configuration dbConfiguration = (Configuration) context.getBean("moaidconfig"); List keys = null; @@ -217,7 +241,7 @@ public class ConfigurationUtil { // remove existing entries for (String key : keys) { try { - dbConfiguration.setStringValue(key, null); + dbConfiguration.deleteIds(key); } catch (ConfigurationException e) { System.out.println("Could NOT persist the configuration file's information in the database."); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 34e3f3c7e..fab5b437f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -1,54 +1,20 @@ package at.gv.egovernment.moa.id.commons.config; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Hashtable; -import java.util.List; -import java.util.Map; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; /** * * */ -public final class MOAIDConfigurationConstants { +public final class MOAIDConfigurationConstants extends MOAIDConstants { private MOAIDConfigurationConstants() { // restrict instantiation } - - //general configuration constants - - public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; - public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+"; + public static final String METADATA_LIST = "__LI"; - public static final String IDENIFICATIONTYPE_FN = "FN"; - public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; - public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; - public static final String IDENIFICATIONTYPE_STORK = "STORK"; + public static final String WEBGUI_EMPTY_ELEMENT = "null"; - public static final Map BUSINESSSERVICENAMES; - - public static final List ALLOWED_WBPK_PREFIXES; - - static { - Hashtable tmp = new Hashtable(); - tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); - tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); - tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); - tmp.put(IDENIFICATIONTYPE_STORK, "STORK"); - BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); - - List awbpk = new ArrayList(); - awbpk.add(IDENIFICATIONTYPE_FN); - awbpk.add(IDENIFICATIONTYPE_ERSB); - awbpk.add(IDENIFICATIONTYPE_ZVR); - awbpk.add(PREFIX_WPBK + IDENIFICATIONTYPE_FN); - awbpk.add(PREFIX_WPBK + IDENIFICATIONTYPE_ERSB); - awbpk.add(PREFIX_WPBK + IDENIFICATIONTYPE_ZVR); - ALLOWED_WBPK_PREFIXES = Collections.unmodifiableList(awbpk); - } - - //Basic key namespaces public static final String PREFIX_MOAID = "moa.id"; public static final String PREFIX_GENERAL = "general"; @@ -97,7 +63,7 @@ public final class MOAIDConfigurationConstants { public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB = SERVICE_AUTH_TARGET_PUBLIC + ".target.sub"; public static final String SERVICE_AUTH_TARGET_PUBLIC_USE_SUB = SERVICE_AUTH_TARGET_PUBLIC + ".use.sub"; - public static final String SERVICE_AUTH_TARGET_PUBLIC_USE_OWN = SERVICE_AUTH_TARGET_PUBLIC + ".use.own"; + public static final String SERVICE_AUTH_TARGET_PUBLIC_USE_OWN = SERVICE_AUTH_TARGET_PUBLIC + ".own.use"; public static final String SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".own.target"; public static final String SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME = SERVICE_AUTH_TARGET_PUBLIC + ".own.name"; @@ -111,13 +77,15 @@ public final class MOAIDConfigurationConstants { public static final String SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE = SERVICE_AUTH_BKU_TEMPLATE + ".first.url"; public static final String SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE = SERVICE_AUTH_BKU_TEMPLATE + ".second.url"; public static final String SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE = SERVICE_AUTH_BKU_TEMPLATE + ".third.url"; - public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = SERVICE_AUTH_BKU + "authblock.additionaltext"; - public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = SERVICE_AUTH_BKU + "authblock.removebPK"; + public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext"; + public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK"; private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES; - public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION = SERVICE_AUTH_TEMPLATES + ".bkuselection"; + public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data"; + public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview"; public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME = SERVICE_AUTH_TEMPLATES + ".bkuselection.filename"; - public static final String SERVICE_AUTH_TEMPLATES_SENDASSERTION = SERVICE_AUTH_TEMPLATES + ".sendAssertion"; + public static final String SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA = SERVICE_AUTH_TEMPLATES + ".sendAssertion.data"; + public static final String SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".sendAssertion.preview"; public static final String SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME = SERVICE_AUTH_TEMPLATES + ".sendAssertion.filename"; private static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION = SERVICE_AUTH_TEMPLATES + ".customize"; public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".fonttype"; @@ -184,8 +152,8 @@ public final class MOAIDConfigurationConstants { private static final String SERVICE_PROTOCOLS_PVP2X = PROTOCOLS + "." + PVP2X; public static final String SERVICE_PROTOCOLS_PVP2X_RELOAD = SERVICE_PROTOCOLS_PVP2X + ".reload"; public static final String SERVICE_PROTOCOLS_PVP2X_URL = SERVICE_PROTOCOLS_PVP2X + ".URL"; - public static final String SERVICE_PROTOCOLS_PVP2X_CERTIFICATE = SERVICE_PROTOCOLS_PVP2X + ".certificate"; - public static final String SERVICE_PROTOCOLS_PVP2X_CERTIFICATE_SUBJECT = SERVICE_PROTOCOLS_PVP2X + ".certificate.subject"; + public static final String SERVICE_PROTOCOLS_PVP2X_CERTIFICATE = SERVICE_PROTOCOLS_PVP2X + ".certificate.data"; + public static final String SERVICE_PROTOCOLS_PVP2X_CERTIFICATE_SUBJECT = SERVICE_PROTOCOLS_PVP2X + ".certificate.preview"; private static final String SERVICE_PROTOCOLS_OPENID = PROTOCOLS + "." + OPENID; public static final String SERVICE_PROTOCOLS_OPENID_CLIENTID = SERVICE_PROTOCOLS_OPENID + ".clientID"; @@ -270,6 +238,7 @@ public final class MOAIDConfigurationConstants { public static final String GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_TYPE = GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT + ".type"; public static final String GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME = GENERAL_AUTH + ".authblock.transformation.preview"; + public static final String GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_FILENAME = GENERAL_AUTH + ".authblock.transformation.filename"; public static final String GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64 = GENERAL_AUTH + ".authblock.transformation.data"; public static final String GENERAL_AUTH_STORK = GENERAL_AUTH + "." + STORK; @@ -282,35 +251,4 @@ public final class MOAIDConfigurationConstants { public static final String GENERAL_AUTH_STORK_ATTRIBUTES_LIST = GENERAL_AUTH_STORK + ".attributes"; public static final String GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME = "friendlyname"; public static final String GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY = "mandatory"; - -// // old!!!!!!!!!!! // -// // keys for the object in the key-value database -// public static final String ONLINE_APPLICATIONS_KEY = "OnlineApplications"; -// public static final String AUTH_COMPONENT_GENERAL_KEY = "AuthComponentGeneral"; -// public static final String CHAINING_MODES_KEY = "ChainingModes"; -// public static final String TRUSTED_CERTIFICATES_KEY = "TruestedCertificates"; -// public static final String DEFAULT_BKUS_KEY = "DefaultBKUs"; -// public static final String SLREQUEST_TEMPLATES_KEY = "SLRequestTemplates"; -// public static final String TIMESTAMP_ITEM_KEY = "TimestampItem"; -// public static final String PVP2REFRESH_ITEM_KEY = "Pvp2RefreshItem"; -// public static final String GENERIC_CONFIGURATION_KEY = "GenericConfiguration"; -// -// /** -// * Returns all relevant (database-) keys that {@link MOAIDConfiguration} contains. -// * @return the keys as {@code String[]} -// */ -// public static final String[] getMOAIDConfigurationKeys() { -// return new String[] { AUTH_COMPONENT_GENERAL_KEY, CHAINING_MODES_KEY, TRUSTED_CERTIFICATES_KEY, -// DEFAULT_BKUS_KEY, SLREQUEST_TEMPLATES_KEY, TIMESTAMP_ITEM_KEY, PVP2REFRESH_ITEM_KEY }; -// } -// -// /** -// * Returns all (database-) keys that {@link MOAIDConfiguration} contains. -// * @return the keys as {@code String[]} -// */ -// public static final String[] getAllMOAIDConfigurationKeys() { -// return new String[] { ONLINE_APPLICATIONS_KEY, AUTH_COMPONENT_GENERAL_KEY, CHAINING_MODES_KEY, -// TRUSTED_CERTIFICATES_KEY, DEFAULT_BKUS_KEY, SLREQUEST_TEMPLATES_KEY, TIMESTAMP_ITEM_KEY, -// PVP2REFRESH_ITEM_KEY }; -// } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrationTest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrationTest.java index 7dbbac5b4..c472299b9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrationTest.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrationTest.java @@ -40,7 +40,7 @@ public class MigrationTest { String inputFile = "D:/Projekte/svn/moa-id/MOAID-2.0_config_labda_12.05.2015.xml"; String outputFile = "D:/Projekte/svn/moa-id/MOAID-3.0_config.propery"; - String moaidconfig = "D:/Projekte/svn/moa-id/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/moa-id.properties"; + String moaidconfig = "D:/Projekte/svn/moa-id/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id-configuration/moa-id.properties"; try { FileInputStream input = new FileInputStream(inputFile); File out = new File(outputFile); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java index 832c82e78..805bcb33e 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java @@ -38,6 +38,16 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement // this.configPropertyDao = configPropertyDao; // } + public void setStringValue(String id, String value) throws ConfigurationException { + super.setStringValue(id, value); + + } + + public void deleteIds(String idSearch) throws ConfigurationException { + super.deleteIds(idSearch); + + } + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration#getPropertySubset(java.lang.String) */ diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java index 00c191228..f47b0c9e2 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java @@ -82,7 +82,7 @@ public class DatabaseConfigPropertyImpl extends AbstractConfigurationImpl { * @see at.gv.egiz.components.configuration.api.AbstractConfigurationImpl#storeKey(java.lang.String, java.lang.String) */ @Override - @Transactional(value="transactionManager") + @Transactional("transactionManager") protected void storeKey(String key, String value) throws ConfigurationException { if (null == em) { log.error("No EntityManager set!"); @@ -176,6 +176,7 @@ public class DatabaseConfigPropertyImpl extends AbstractConfigurationImpl { * @see at.gv.egiz.components.configuration.api.AbstractConfigurationImpl#deleteIds(java.lang.String) */ @Override + @Transactional("transactionManager") public void deleteIds(String idSearch) throws ConfigurationException { String[] keyList = findConfigurationId(idSearch); for (String el : keyList) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index 0e4616825..f20647fb0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -29,6 +29,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; +import java.util.Set; import at.gv.egovernment.moa.util.MiscUtil; @@ -213,5 +214,17 @@ public class KeyValueUtils { return counters.get(counters.size()-1) + 1; } } + + /** + * Find the highest free list counter + * + * @param keySet {Set} of list keys + * @param listPrefix {String} prefix of the list + * @return {int} highest free list counter + */ + public static int findNextFreeListCounter(Set keySet, + String listPrefix) { + return findNextFreeListCounter((String[]) keySet.toArray(), listPrefix); + } } diff --git a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml index ea0e7c78d..775d02d05 100644 --- a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml +++ b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml @@ -11,7 +11,10 @@ - + + + @@ -24,22 +27,27 @@ - + - + diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml new file mode 100644 index 000000000..a2961b0f6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3