From 96407baacd66fef7f3581a5377180a152795bd78 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Jul 2014 09:02:30 +0200 Subject: add additionl trustmanagerrevoationchecking default value --- .../gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 681641834..f29780f05 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -159,7 +159,8 @@ public class GeneralMOAIDConfig { if (authgen != null) { alternativeSourceID = authgen.getAlternativeSourceID(); certStoreDirectory = authgen.getCertStoreDirectory(); - trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + if (authgen.isTrustManagerRevocationChecking() != null) + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); publicURLPrefix = authgen.getPublicURLPreFix(); -- cgit v1.2.3 From a25c112bc34957cdaaf7dbb950c229666da52499 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 15 Jul 2014 12:32:46 +0200 Subject: solve Sub-Target problems in MOA-ID-Configuration --- .../data/oa/OATargetConfiguration.java | 23 ++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index e988cc292..550844700 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -83,7 +83,6 @@ public class OATargetConfiguration implements IOnlineApplicationData { @Override public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector()); String target_full = dbOA.getTarget(); if (MiscUtil.isNotEmpty(target_full)) { @@ -95,8 +94,10 @@ public class OATargetConfiguration implements IOnlineApplicationData { if (TargetValidator.isValidTarget(target_split[0])) { target = target_split[0]; - if (target_split.length > 1) + if (target_split.length > 1) { target_subsector = target_split[1]; + subTargetSet = true; + } } else { target = ""; @@ -367,4 +368,22 @@ public class OATargetConfiguration implements IOnlineApplicationData { public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { this.deaktivededBusinessService = deaktivededBusinessService; } + + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + } -- cgit v1.2.3 From a777e9ba26db80ca30ed97a4910e3003aaae8b46 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 4 Nov 2014 07:30:10 +0100 Subject: add metadata schema validation filters --- .../auth/pvp2/MetaDataVerificationFilter.java | 3 +-- .../validation/oa/OAPVP2ConfigValidation.java | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index 332adaa80..7bf2cf93f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -46,7 +46,6 @@ public class MetaDataVerificationFilter implements MetadataFilter { public void doFilter(XMLObject metadata) throws FilterException { if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; - if(entitiesDescriptor.getSignature() == null) { throw new FilterException("Root element of metadata file has to be signed", null); } @@ -57,7 +56,7 @@ public class MetaDataVerificationFilter implements MetadataFilter { throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } - } if (metadata instanceof EntityDescriptor) { + } if (metadata instanceof EntityDescriptor) { try { EntityDescriptor entity = (EntityDescriptor) metadata; if (entity.getSignature() != null) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 40e243d0b..a64a0eaf1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataFilterChain; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallerFactory; @@ -58,6 +60,7 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { @@ -127,16 +130,28 @@ public class OAPVP2ConfigValidation { log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); } + + List filterList = new ArrayList(); + filterList.add(new MetaDataVerificationFilter(credential)); + filterList.add(new SchemaValidationFilter()); + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); httpProvider = new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential)); + httpProvider.setMetadataFilter(filter); httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + + httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); + + + if (httpProvider.getMetadata() == null) { log.info("Metadata could be received but validation FAILED."); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); -- cgit v1.2.3 From fe077762d22fca69bc39741616166755bee82c7d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 4 Nov 2014 09:26:42 +0100 Subject: do not list STORK-PVP gateways in OA lists --- .../at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index 150483dd8..8ed1f3a88 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -63,7 +63,8 @@ public class FormDataHelper { if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || (dboa.getAuthComponentOA().getOASTORK() != null && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) || + (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) { formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); } } -- cgit v1.2.3 From 306b421d07f29ed6a0e6a009a38c2f558a7e310d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 24 Nov 2014 09:29:34 +0100 Subject: fix configTool list OA problem --- .../at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index 150483dd8..b66bf878a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -60,7 +60,8 @@ public class FormDataHelper { for (OnlineApplication dboa : dbOAs) { - if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || + if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || + (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) || (dboa.getAuthComponentOA().getOASTORK() != null && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { -- cgit v1.2.3 From 6e32481ed5ac19a82165f229e690184e824a3008 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 27 Nov 2014 07:04:29 +0100 Subject: fix wrong error message if SSL server certificate is not trusted --- .../moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 40e243d0b..964a10a1b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -126,6 +126,9 @@ public class OAPVP2ConfigValidation { } catch (ConfigurationException e) { log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + } catch (CertificateException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + } httpProvider = @@ -157,6 +160,8 @@ public class OAPVP2ConfigValidation { } catch (MetadataProviderException e) { + + //TODO: check exception handling if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { log.info("SSL Server certificate not trusted.", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); -- cgit v1.2.3 From 309f381c1ef98a82a23da42cda99734032b73bf4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 4 Dec 2014 09:56:03 +0100 Subject: change exception handling for TrustStore configuration --- .../moa/id/configuration/config/ConfigurationProvider.java | 8 ++++---- .../id/configuration/validation/oa/OAPVP2ConfigValidation.java | 5 +---- 2 files changed, 5 insertions(+), 8 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 957479b29..e6000319e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -437,23 +437,23 @@ public class ConfigurationProvider { return parseVersionFromManifest(); } - public String getCertStoreDirectory() throws CertificateException { + public String getCertStoreDirectory() throws ConfigurationException { String dir = props.getProperty("general.ssl.certstore"); if (MiscUtil.isNotEmpty(dir)) return FileUtils.makeAbsoluteURL(dir, configRootDir); else - throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore."); + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); } - public String getTrustStoreDirectory() throws CertificateException { + public String getTrustStoreDirectory() throws ConfigurationException { String dir = props.getProperty("general.ssl.truststore"); if (MiscUtil.isNotEmpty(dir)) return FileUtils.makeAbsoluteURL(dir, configRootDir); else - throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore."); + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 964a10a1b..d122b6bde 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -126,10 +126,7 @@ public class OAPVP2ConfigValidation { } catch (ConfigurationException e) { log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); - } catch (CertificateException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); - - } + } httpProvider = new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); -- cgit v1.2.3 From 85984d9432521ea4e14039d37d434f863c492cf1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Dec 2014 10:31:04 +0100 Subject: fix TestOID configuration problem --- .../data/oa/OAAuthenticationData.java | 48 ++++++++++++++-------- .../oa/OAAuthenticationDataValidation.java | 6 ++- 2 files changed, 35 insertions(+), 19 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index 0e65b7dca..a9c914f74 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -30,6 +30,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; @@ -40,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials; +import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentialsCredentialOIDItem; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; @@ -207,8 +209,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { } if (oaauth.getTestCredentials() != null) { - enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); - testCredentialOIDs = oaauth.getTestCredentials().getCredentialOID(); + enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); + testCredentialOIDs = new ArrayList(); + testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); } @@ -315,12 +318,20 @@ public class OAAuthenticationData implements IOnlineApplicationData { if (enableTestCredentials) { TestCredentials testing = authoa.getTestCredentials(); - if (testing == null) - testing = new TestCredentials(); - - testing.setEnableTestCredentials(enableTestCredentials); + if (testing != null) + ConfigurationDBUtils.delete(testing); + + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + testing.setEnableTestCredentials(enableTestCredentials); testing.setCredentialOID(testCredentialOIDs); + } else { + TestCredentials testing = authoa.getTestCredentials(); + if (testing != null) { + testing.setEnableTestCredentials(false); + } + } return null; @@ -576,12 +587,14 @@ public class OAAuthenticationData implements IOnlineApplicationData { */ public String getTestCredentialOIDs() { String value = null; - for (String el : testCredentialOIDs) { - if (value == null) - value = el; - else - value += "," + el; + if (testCredentialOIDs != null) { + for (String el : testCredentialOIDs) { + if (value == null) + value = el; + else + value += "," + el; + } } return value; @@ -595,12 +608,13 @@ public class OAAuthenticationData implements IOnlineApplicationData { * @param testCredentialOIDs the testCredentialOIDs to set */ public void setTestCredentialOIDs(String testCredentialOIDs) { - String[] oidList = testCredentialOIDs.split(","); + if (MiscUtil.isNotEmpty(testCredentialOIDs)) { + String[] oidList = testCredentialOIDs.split(","); - this.testCredentialOIDs = new ArrayList(); - for (int i=0; i(); + for (int i=0; i Date: Fri, 19 Dec 2014 10:31:45 +0100 Subject: fix problem with empty database --- .../moa/id/configuration/struts/action/EditGeneralConfigAction.java | 3 +++ 1 file changed, 3 insertions(+) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 31c29aef0..4236c0d13 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -241,6 +241,9 @@ public class EditGeneralConfigAction extends BasicAction { } MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (dbconfig == null) + dbconfig = new MOAIDConfiguration(); + AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); if (dbauth == null) { -- cgit v1.2.3 From 7a829a509f470bddc73ac55584db9c29a9312784 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Dec 2014 10:32:09 +0100 Subject: fix errormessage --- .../egovernment/moa/id/configuration/struts/action/ListOAsAction.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index 7f7f083c9..335dbc91e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -133,7 +133,7 @@ public class ListOAsAction extends BasicAction { } else { if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) { log.warn("SearchOA textfield contains potential XSS characters"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname", + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request)); return Constants.STRUTS_SUCCESS; } -- cgit v1.2.3 From 9e3e7423eb938082ce60af97ecb359b166715bd3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Dec 2014 10:32:34 +0100 Subject: fix OA PublicPrefix validation --- .../configuration/struts/action/BasicOAAction.java | 25 +++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 5a9787069..26d97484b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -291,8 +291,17 @@ public class BasicOAAction extends BasicAction { } else { - if (oaid == -1) { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + if (oaid == -1) { + List oaList = ConfigurationDBRead.getAllOnlineApplications(); + for (OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier) ) + onlineapplication = el; + + } + if (onlineapplication == null) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + } setNewOA(true); if (onlineapplication != null) { log.info("The OAIdentifier is not unique"); @@ -306,7 +315,17 @@ public class BasicOAAction extends BasicAction { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + OnlineApplication dbOA = null; + List oaList = ConfigurationDBRead.getAllOnlineApplications(); + for (OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier) ) + dbOA = el; + + } + if (dbOA == null) + dbOA = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) { log.info("The OAIdentifier is not unique"); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), -- cgit v1.2.3 From 33a37cce841e6c48ab044cd153aa7ed7cfffc6cc Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 14 Jan 2015 12:41:54 +0100 Subject: Apply some minor fixes. - Add some FIXMEs. - Fix moa-id-auth web.xml and switch to Servlet 3.0. - Fix moa-id-auth logging (replace commons-logging with commons-logging-slf4j bridge, use log4j native binding). - Adjust logging of periodical tasks (no more logging at info level). --- .../moa/id/configuration/auth/pvp2/servlets/Authenticate.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java index 390b8c476..f7406c42e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java @@ -84,6 +84,7 @@ public class Authenticate extends HttpServlet { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { + // FIXME[tlenz]: Neither DocumentBuilderFactory nor DocumentBuilder is guaranteed to be thread-safe! builder = factory.newDocumentBuilder(); } catch (ParserConfigurationException e) { log.warn("PVP2 AuthenticationServlet can not be initialized.", e); -- cgit v1.2.3 From 1679466b77e29ff8181b1b01a320c3548e28a349 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Feb 2015 14:46:06 +0100 Subject: fix some possible problems --- .../auth/pvp2/servlets/Authenticate.java | 52 +++++++++++++--------- 1 file changed, 30 insertions(+), 22 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java index f7406c42e..a511a3c88 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java @@ -75,34 +75,42 @@ public class Authenticate extends HttpServlet { private static final long serialVersionUID = 1L; private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - /** - * @see HttpServlet#HttpServlet() - */ - public Authenticate() { - super(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + .getLogger(Authenticate.class); + + private static DocumentBuilderFactory factory = null; + + static { + initialDocumentBuilderFactory(); + } + + synchronized private static void initialDocumentBuilderFactory() { + factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); + + } + + public Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException, ParserConfigurationException { try { - // FIXME[tlenz]: Neither DocumentBuilderFactory nor DocumentBuilder is guaranteed to be thread-safe! - builder = factory.newDocumentBuilder(); + DocumentBuilder builder = null; + synchronized (factory) { + builder = factory.newDocumentBuilder(); + + } + + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } catch (ParserConfigurationException e) { log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - + throw e; } + } - - DocumentBuilder builder; - - public Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException { - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - } - + protected void process(HttpServletRequest request, HttpServletResponse response, Map legacyParameter) throws ServletException, IOException { try { -- cgit v1.2.3 From e1c2c42aabf3b1207547dd40b91dc93921303c4a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 7 Apr 2015 10:19:21 +0200 Subject: add configuration property to deactivate PVP metadata schema validation --- .../moa/id/configuration/config/ConfigurationProvider.java | 5 +++++ .../configuration/validation/oa/OAPVP2ConfigValidation.java | 11 ++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index e6000319e..8ac7b40d4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -462,6 +462,11 @@ public class ConfigurationProvider { } + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + private void initalPVP2Login() throws ConfigurationException { try { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 8e1dd6e64..ba77b601b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -133,7 +133,16 @@ public class OAPVP2ConfigValidation { List filterList = new ArrayList(); filterList.add(new MetaDataVerificationFilter(credential)); - filterList.add(new SchemaValidationFilter()); + + try { + filterList.add(new SchemaValidationFilter( + ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + MetadataFilterChain filter = new MetadataFilterChain(); filter.setFilters(filterList); -- cgit v1.2.3 From 70aa50b21c2e9ef9318ed72ae90a67d984db33a7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Apr 2015 16:57:02 +0200 Subject: fix possible NullPointerException if no OA is found --- .../moa/id/configuration/struts/action/BasicOAAction.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 26d97484b..82390c49c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -291,13 +291,17 @@ public class BasicOAAction extends BasicAction { } else { - if (oaid == -1) { + if (oaid == -1) { List oaList = ConfigurationDBRead.getAllOnlineApplications(); - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - onlineapplication = el; + + if (oaList != null) { + for (OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier) ) + onlineapplication = el; + } } + if (onlineapplication == null) { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); -- cgit v1.2.3 From 1b019f2d114b158676b8fa4acc0e2f1c06beeac2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Apr 2015 16:57:59 +0200 Subject: fix problem with Authenticated sessions --- .../configuration/filter/AuthenticationFilter.java | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index d13696d51..8ddeb9ebc 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -134,21 +134,20 @@ public class AuthenticationFilter implements Filter{ log.trace("Request URL: " + requestURL); - AuthenticationManager authManager = AuthenticationManager.getInstance(); - if (!authManager.isActiveUser(authuser)) { - //user is not active anymore. Invalidate session and reauthenticate user - String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); - session.invalidate(); - authuser = null; + AuthenticationManager authManager = AuthenticationManager.getInstance(); + if (!authManager.isActiveUser(authuser) && !this.isExcluded(requestURL)) { + if (!this.isExcluded(requestURL)) { + //user is not active anymore. Invalidate session and reauthenticate user + String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); + session.invalidate(); + authuser = null; - //TODO: set infotext - - session = httpServletRequest.getSession(true); - session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID); - } - - if (authuser == null && !this.isExcluded(requestURL)) { + //TODO: set infotext + session = httpServletRequest.getSession(true); + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID); + } + if (config.isLoginDeaktivated()) { //add dummy Daten log.warn("Authentication is deaktivated. Dummy authentication-information are used!"); @@ -178,6 +177,7 @@ public class AuthenticationFilter implements Filter{ } } else { + if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\"."); -- cgit v1.2.3 From a6189a32a78d2b3ed096356f6b7e0049c8870b21 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Apr 2015 16:59:25 +0200 Subject: update error handling in PVP metadata verification filter implemetations --- .../auth/pvp2/MetaDataVerificationFilter.java | 12 +++++---- .../validation/oa/OAPVP2ConfigValidation.java | 31 ++++++++++++++++------ 2 files changed, 30 insertions(+), 13 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index 7bf2cf93f..104ea51f5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -32,6 +32,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; public class MetaDataVerificationFilter implements MetadataFilter { @@ -43,17 +44,18 @@ public class MetaDataVerificationFilter implements MetadataFilter { } - public void doFilter(XMLObject metadata) throws FilterException { + public void doFilter(XMLObject metadata) throws SignatureValidationException { + if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; if(entitiesDescriptor.getSignature() == null) { - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed"); } try { processEntitiesDescriptor(entitiesDescriptor); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); } } if (metadata instanceof EntityDescriptor) { @@ -63,10 +65,10 @@ public class MetaDataVerificationFilter implements MetadataFilter { EntityVerifier.verify(entity, this.credential); else - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed", null); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index ba77b601b..37a170267 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.MiscUtil; @@ -181,15 +183,28 @@ public class OAPVP2ConfigValidation { } catch (MetadataProviderException e) { - - //TODO: check exception handling - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - log.info("SSL Server certificate not trusted.", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - } else { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); } } finally { -- cgit v1.2.3 From 387169d0d5f022dea6ad5cd5ecc5a31ce9bf21d9 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 11 May 2015 14:29:43 +0200 Subject: velocity engine init exception handling --- .../at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java index 3d66a4b19..3b2e0bd08 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java @@ -125,7 +125,10 @@ public class PVP2Utils { log.warn("Encode PVP 2.1 message FAILED.", e); throw new PVP2Exception("Encode PVP 2.1 message FAILED.", e); - } + } catch (Exception ex) { + log.warn("Initialization exception", ex); + throw new PVP2Exception("Initializing Velocity engine FAILED.", ex); + } } -- cgit v1.2.3