From 0436de6184c1a95d463da52929e3bf60923d6e04 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Dec 2021 09:23:09 +0100 Subject: update third-party libs and resolve API issues --- .../id/configuration/data/oa/OABPKEncryption.java | 633 +++++++++++---------- 1 file changed, 326 insertions(+), 307 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java index bac69cf34..1f4d842ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.SerializationUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; @@ -49,322 +48,342 @@ import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OABPKEncryption implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OABPKEncryption.class); - - private static final String MODULENAME = "bPKEncryptionDecryption"; - - private String keyStorePassword = null; - private String keyAlias = null; - private String keyPassword = null; - - private Map keyStoreForm = new HashMap(); - - private List keyStoreFileUpload = null; - private List keyStoreFileUploadContentType = null; - private List keyStoreFileUploadFileName = new ArrayList();; - private boolean deletekeyStore = false; - private boolean validationError = false; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - // TODO Auto-generated method stub - return MODULENAME; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth != null) { - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec != null) { - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec != null) { - keyAlias = bPKDec.getKeyAlias(); - if (bPKDec.getKeyStoreFileName() != null) - keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); - - } - } - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth == null) { - oaAuth = new AuthComponentOA(); - dbOA.setAuthComponentOA(oaAuth); - - } - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec == null) { - bPKEncDec = new EncBPKInformation(); - oaAuth.setEncBPKInformation(bPKEncDec); - - } - - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec == null) { - bPKDec = new BPKDecryption(); - bPKEncDec.setBPKDecryption(bPKDec); - } - - if (isDeletekeyStore()) { - bPKDec.setIv(null); - bPKDec.setKeyAlias(null); - bPKDec.setKeyInformation(null); - bPKDec.setKeyStoreFileName(null); - - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - if (keyStoreForm != null && keyStoreForm.size() > 0) { - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - - Iterator interator = keyStoreForm.keySet().iterator(); - bPKDec.setKeyStoreFileName(interator.next()); - bPKDec.setKeyAlias(keyAlias); - keyInfo.setKeyStore(keyStoreForm.get( - bPKDec.getKeyStoreFileName())); - - //encrypt key information - byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); - try { - EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); - bPKDec.setIv(encryptkeyInfo.getIv()); - bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); - - } catch (BuildException e) { - log.error("Configuration encryption FAILED.", e); - return LanguageHelper.getErrorString("error.general.text", request); - - } - } - - request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - HttpSession session = request.getSession(); - List errors = new ArrayList(); - - String check = null; - - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - //validate BKU-selection template - List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName() - , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); - if (templateError != null && templateError.size() == 0) { - if (keyStoreForm != null && keyStoreForm.size() > 0) { - session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); - - } else - keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); - - } else { - errors.addAll(templateError); + private static final String MODULENAME = "bPKEncryptionDecryption"; + + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + private Map keyStoreForm = new HashMap<>(); + + private List keyStoreFileUpload = null; + private List keyStoreFileUploadContentType = null; + private List keyStoreFileUploadFileName = new ArrayList<>(); + private boolean deletekeyStore = false; + private boolean validationError = false; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + // TODO Auto-generated method stub + return MODULENAME; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth != null) { + final EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec != null) { + final BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec != null) { + keyAlias = bPKDec.getKeyAlias(); + if (bPKDec.getKeyStoreFileName() != null) { + keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); + } } - - if (keyStoreForm != null && keyStoreForm.size() > 0) { - check = getKeyStorePassword(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption keystore password is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyAlias(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption key alias is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key alias contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyPassword(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - Iterator interator = keyStoreForm.keySet().iterator(); - String fileName = interator.next(); - keyInfo.setKeyStore(keyStoreForm.get(fileName)); - if (keyInfo.getPrivateKey() == null) { - log.info("Open keyStore FAILED."); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); - - } + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth == null) { + oaAuth = new AuthComponentOA(); + dbOA.setAuthComponentOA(oaAuth); + + } + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec == null) { + bPKEncDec = new EncBPKInformation(); + oaAuth.setEncBPKInformation(bPKEncDec); + + } + + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec == null) { + bPKDec = new BPKDecryption(); + bPKEncDec.setBPKDecryption(bPKDec); + } + + if (isDeletekeyStore()) { + bPKDec.setIv(null); + bPKDec.setKeyAlias(null); + bPKDec.setKeyInformation(null); + bPKDec.setKeyStoreFileName(null); + + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + if (keyStoreForm != null && keyStoreForm.size() > 0) { + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + + final Iterator interator = keyStoreForm.keySet().iterator(); + bPKDec.setKeyStoreFileName(interator.next()); + bPKDec.setKeyAlias(keyAlias); + keyInfo.setKeyStore(keyStoreForm.get( + bPKDec.getKeyStoreFileName())); + + // encrypt key information + final byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); + try { + final EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); + bPKDec.setIv(encryptkeyInfo.getIv()); + bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); + + } catch (final BuildException e) { + log.error("Configuration encryption FAILED.", e); + return LanguageHelper.getErrorString("error.general.text", request); + + } + } + + request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + final HttpSession session = request.getSession(); + final List errors = new ArrayList<>(); + + String check = null; + + final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + // validate BKU-selection template + final List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName(), + getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); + if (templateError != null && templateError.size() == 0) { + if (keyStoreForm != null && keyStoreForm.size() > 0) { + session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); + + } else { + keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); + } + + } else { + errors.addAll(templateError); + + } + + if (keyStoreForm != null && keyStoreForm.size() > 0) { + check = getKeyStorePassword(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption keystore password is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - if (errors.size() > 0) { - validationError = true; - + } + + check = getKeyAlias(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption key alias is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key alias contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - return errors; - - } - - /** - * @return the keyStorePassword - */ - public String getKeyStorePassword() { - return keyStorePassword; - } - - /** - * @param keyStorePassword the keyStorePassword to set - */ - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - - /** - * @return the keyAlias - */ - public String getKeyAlias() { - return keyAlias; - } - - /** - * @param keyAlias the keyAlias to set - */ - public void setKeyAlias(String keyAlias) { - this.keyAlias = keyAlias; - } - - /** - * @return the keyPassword - */ - public String getKeyPassword() { - return keyPassword; - } - - /** - * @param keyPassword the keyPassword to set - */ - public void setKeyPassword(String keyPassword) { - this.keyPassword = keyPassword; - } - - /** - * @return the keyStoreFileUpload - */ - public List getKeyStoreFileUpload() { - return keyStoreFileUpload; - } - - /** - * @param keyStoreFileUpload the keyStoreFileUpload to set - */ - public void setKeyStoreFileUpload(List keyStoreFileUpload) { - this.keyStoreFileUpload = keyStoreFileUpload; - } - - /** - * @return the keyStoreFileUploadContentType - */ - public List getKeyStoreFileUploadContentType() { - return keyStoreFileUploadContentType; - } - - /** - * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set - */ - public void setKeyStoreFileUploadContentType( - List keyStoreFileUploadContentType) { - this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; - } - - /** - * @return the keyStoreFileUploadFileName - */ - public List getKeyStoreFileUploadFileName() { - return keyStoreFileUploadFileName; - } - - /** - * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set - */ - public void setKeyStoreFileUploadFileName( - List keyStoreFileUploadFileName) { - this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; - } - - /** - * @return the deletekeyStore - */ - public boolean isDeletekeyStore() { - return deletekeyStore; - } - - /** - * @param deletekeyStore the deletekeyStore to set - */ - public void setDeletekeyStore(boolean deletekeyStore) { - this.deletekeyStore = deletekeyStore; - } - - /** - * @return the validationError - */ - public boolean isValidationError() { - return validationError; - } - - + } + + check = getKeyPassword(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + + } + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + final Iterator interator = keyStoreForm.keySet().iterator(); + final String fileName = interator.next(); + keyInfo.setKeyStore(keyStoreForm.get(fileName)); + if (keyInfo.getPrivateKey() == null) { + log.info("Open keyStore FAILED."); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); + + } + } + + if (errors.size() > 0) { + validationError = true; + + } + + return errors; + + } + + /** + * @return the keyStorePassword + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @return the keyAlias + */ + public String getKeyAlias() { + return keyAlias; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @return the keyPassword + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + /** + * @return the keyStoreFileUpload + */ + public List getKeyStoreFileUpload() { + return keyStoreFileUpload; + } + + /** + * @param keyStoreFileUpload the keyStoreFileUpload to set + */ + public void setKeyStoreFileUpload(List keyStoreFileUpload) { + this.keyStoreFileUpload = keyStoreFileUpload; + } + + /** + * @return the keyStoreFileUploadContentType + */ + public List getKeyStoreFileUploadContentType() { + return keyStoreFileUploadContentType; + } + + /** + * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set + */ + public void setKeyStoreFileUploadContentType( + List keyStoreFileUploadContentType) { + this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; + } + + /** + * @return the keyStoreFileUploadFileName + */ + public List getKeyStoreFileUploadFileName() { + return keyStoreFileUploadFileName; + } + + /** + * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set + */ + public void setKeyStoreFileUploadFileName( + List keyStoreFileUploadFileName) { + this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; + } + + /** + * @return the deletekeyStore + */ + public boolean isDeletekeyStore() { + return deletekeyStore; + } + + /** + * @param deletekeyStore the deletekeyStore to set + */ + public void setDeletekeyStore(boolean deletekeyStore) { + this.deletekeyStore = deletekeyStore; + } + + /** + * @return the validationError + */ + public boolean isValidationError() { + return validationError; + } } -- cgit v1.2.3