From 0436de6184c1a95d463da52929e3bf60923d6e04 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 13 Dec 2021 09:23:09 +0100
Subject: update third-party libs and resolve API issues

---
 .../validation/UserDatabaseFormValidator.java      | 312 ++++++++++-----------
 1 file changed, 154 insertions(+), 158 deletions(-)

(limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index f0594c38d..13708c257 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -27,8 +27,6 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.log4j.Logger;
-
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
@@ -38,163 +36,161 @@ import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
 import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
 
+@Slf4j
 public class UserDatabaseFormValidator {
 
-	private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class);
-	
-	public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, 
-			boolean isMandateUser, HttpServletRequest request) {
-		List<String> errors = new ArrayList<String>();
-		
-		String check = null;
-		FileBasedUserConfiguration newConfigRead = null;
-		try {
-			newConfigRead = ConfigurationProvider.getInstance().getUserManagement();
-			
-		} catch (ConfigurationException e) {
-			log.error("MOA-ID-Configuration initialization FAILED.", e);
-			errors.add("Internal Server Error");
-			return errors;
-			
-		}
-		
-		if (!isPVP2Generated) { 
-			check = form.getGivenName();
-			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsNotValidCharacter(check, false)) {
-					log.warn("GivenName contains potentail XSS characters: " + check);
-					errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", 
-							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-				}
-			} else {
-				log.warn("GivenName is empty");
-				errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request));			
-			}
-			
-			
-			check = form.getFamilyName();
-			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsNotValidCharacter(check, false)) {
-					log.warn("FamilyName contains potentail XSS characters: " + check);
-					errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", 
-							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-				}
-			} else {
-				log.warn("FamilyName is empty");
-				errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request));			
-			}
-		}
-		
-		if (!isMandateUser) {
-			check = form.getInstitut();
-			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsNotValidCharacter(check, false)) {
-					log.warn("Organisation contains potentail XSS characters: " + check);
-					errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", 
-							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-				}
-			} else {
-				log.warn("Organisation is empty");
-				errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));			
-			}
-		}
-		
-		check = form.getMail();
-		if (MiscUtil.isNotEmpty(check)) {
-			if (!ValidationHelper.isEmailAddressFormat(check)) {
-				log.warn("Mailaddress is not valid: " + check);
-				errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", 
-						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-			}
-		} else {
-			log.warn("Mailaddress is empty");
-			errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));			
-		}
-		
-		check = form.getPhone();
-		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsNotValidCharacter(check, false)) {
-				log.warn("Phonenumber contains potentail XSS characters: " + check);
-				errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", 
-						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-			}
-		} else {
-			log.warn("Phonenumber is empty");
-			errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));			
-		}
-		
-		if (form.isIsusernamepasswordallowed()) {
-			check = form.getUsername();
-			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsNotValidCharacter(check, false)) {
-					log.warn("Username contains potentail XSS characters: " + check);
-					errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", 
-							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-					
-				} else {
-					UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
-					if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID ))) {
-						log.warn("Username " + check + " exists in UserDatabase");
-						errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request));
-						form.setUsername("");
-					}	
-				}
-			} else {
-				if (userID == -1) {
-					log.warn("Username is empty");
-					errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
-				} else {
-					UserDatabase dbuser = newConfigRead.getUserWithID(userID);
-					if (dbuser == null) {
-						log.warn("Username is empty");
-						errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
-					} else {
-						form.setUsername(dbuser.getUsername());
-					}
-				}
-			}
-			
-			check = form.getPassword();
-				
-			if (MiscUtil.isEmpty(check)) {
-				if (userID == -1) {
-					log.warn("Password is empty");
-					errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
-				} else {
-					UserDatabase dbuser = newConfigRead.getUserWithID(userID);
-					if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
-						log.warn("Password is empty");
-						errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
-					}
-				}
-				
-			} else {
-				
-				if (check.equals(form.getPassword_second())) {
-				
-					String key = AuthenticationHelper.generateKeyFormPassword(check);
-					if (key == null) {
-						errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
-					}
-					
-				}
-				else {
-					errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request));
-				}
-			}
-		}
-				
-		check = form.getBpk();
-		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
-				log.warn("BPK contains potentail XSS characters: " + check);
-				errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", 
-						new Object[] {ValidationHelper.getNotValidIdentityLinkSignerCharacters()}, request ));
-			}
-		}
-		
-		return errors;
-		
-	}
+  public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated,
+      boolean isMandateUser, HttpServletRequest request) {
+    final List<String> errors = new ArrayList<>();
+
+    String check = null;
+    FileBasedUserConfiguration newConfigRead = null;
+    try {
+      newConfigRead = ConfigurationProvider.getInstance().getUserManagement();
+
+    } catch (final ConfigurationException e) {
+      log.error("MOA-ID-Configuration initialization FAILED.", e);
+      errors.add("Internal Server Error");
+      return errors;
+
+    }
+
+    if (!isPVP2Generated) {
+      check = form.getGivenName();
+      if (MiscUtil.isNotEmpty(check)) {
+        if (ValidationHelper.containsNotValidCharacter(check, false)) {
+          log.warn("GivenName contains potentail XSS characters: " + check);
+          errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
+              new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+        }
+      } else {
+        log.warn("GivenName is empty");
+        errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request));
+      }
+
+      check = form.getFamilyName();
+      if (MiscUtil.isNotEmpty(check)) {
+        if (ValidationHelper.containsNotValidCharacter(check, false)) {
+          log.warn("FamilyName contains potentail XSS characters: " + check);
+          errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
+              new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+        }
+      } else {
+        log.warn("FamilyName is empty");
+        errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request));
+      }
+    }
+
+    if (!isMandateUser) {
+      check = form.getInstitut();
+      if (MiscUtil.isNotEmpty(check)) {
+        if (ValidationHelper.containsNotValidCharacter(check, false)) {
+          log.warn("Organisation contains potentail XSS characters: " + check);
+          errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+              new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+        }
+      } else {
+        log.warn("Organisation is empty");
+        errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));
+      }
+    }
+
+    check = form.getMail();
+    if (MiscUtil.isNotEmpty(check)) {
+      if (!ValidationHelper.isEmailAddressFormat(check)) {
+        log.warn("Mailaddress is not valid: " + check);
+        errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid",
+            new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+      }
+    } else {
+      log.warn("Mailaddress is empty");
+      errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));
+    }
+
+    check = form.getPhone();
+    if (MiscUtil.isNotEmpty(check)) {
+      if (ValidationHelper.containsNotValidCharacter(check, false)) {
+        log.warn("Phonenumber contains potentail XSS characters: " + check);
+        errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid",
+            new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+      }
+    } else {
+      log.warn("Phonenumber is empty");
+      errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));
+    }
+
+    if (form.isIsusernamepasswordallowed()) {
+      check = form.getUsername();
+      if (MiscUtil.isNotEmpty(check)) {
+        if (ValidationHelper.containsNotValidCharacter(check, false)) {
+          log.warn("Username contains potentail XSS characters: " + check);
+          errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
+              new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+
+        } else {
+          final UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
+          if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID))) {
+            log.warn("Username " + check + " exists in UserDatabase");
+            errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request));
+            form.setUsername("");
+          }
+        }
+      } else {
+        if (userID == -1) {
+          log.warn("Username is empty");
+          errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
+        } else {
+          final UserDatabase dbuser = newConfigRead.getUserWithID(userID);
+          if (dbuser == null) {
+            log.warn("Username is empty");
+            errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
+          } else {
+            form.setUsername(dbuser.getUsername());
+          }
+        }
+      }
+
+      check = form.getPassword();
+
+      if (MiscUtil.isEmpty(check)) {
+        if (userID == -1) {
+          log.warn("Password is empty");
+          errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
+        } else {
+          final UserDatabase dbuser = newConfigRead.getUserWithID(userID);
+          if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+            log.warn("Password is empty");
+            errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
+          }
+        }
+
+      } else {
+
+        if (check.equals(form.getPassword_second())) {
+
+          final String key = AuthenticationHelper.generateKeyFormPassword(check);
+          if (key == null) {
+            errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
+          }
+
+        } else {
+          errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request));
+        }
+      }
+    }
+
+    check = form.getBpk();
+    if (MiscUtil.isNotEmpty(check)) {
+      if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+        log.warn("BPK contains potentail XSS characters: " + check);
+        errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid",
+            new Object[] { ValidationHelper.getNotValidIdentityLinkSignerCharacters() }, request));
+      }
+    }
+
+    return errors;
+
+  }
 }
-- 
cgit v1.2.3