From 87be1b91493b0b5f4a03f049dfa99f7ba3c6f35e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 21 Oct 2016 10:13:42 +0200 Subject: update ConfigTool to support more than one ELGA mandate-service --- .../config/ConfigurationProvider.java | 3 +- .../id/configuration/data/GeneralMOAIDConfig.java | 84 ++++++++++++++- .../data/oa/OAAuthenticationData.java | 113 +++++++++++++++++++++ .../struts/action/EditGeneralConfigAction.java | 54 +++++++++- .../validation/moaconfig/MOAConfigValidator.java | 38 +++++-- .../oa/OAAuthenticationDataValidation.java | 28 +++++ .../validation/oa/OAPVP2ConfigValidation.java | 6 +- 7 files changed, 306 insertions(+), 20 deletions(-) (limited to 'id/ConfigWebTool/src/main/java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 41a82fe1e..c0cd971cf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -579,7 +579,8 @@ public class ConfigurationProvider { ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, "pkix", - true); + true, + new String[]{"crl"}); httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index ebd2d6283..86ac6f779 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -68,7 +68,6 @@ public class GeneralMOAIDConfig { public static final String LINE_DELIMITER = ";"; - private String szrgwURL = null; private String alternativeSourceID = null; private String certStoreDirectory = null; private boolean trustmanagerrevocationcheck = true; @@ -87,6 +86,8 @@ public class GeneralMOAIDConfig { private String moaspssAuthTrustProfileTest = null; private String mandateURL = null; + private String szrgwURL = null; + private String elgaMandateServiceURL = null; private boolean protocolActiveSAML1 = false; private boolean protocolActivePVP21 = true; @@ -163,13 +164,47 @@ public class GeneralMOAIDConfig { if (config != null) { AuthComponentGeneral auth = config.getAuthComponentGeneral(); + //get ELGA mandate service URLs from configuration + if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) { + if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) + elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs()); + + else { + if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0, + config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + elgaMandateServiceURL = config.getElgaMandateServiceURLs(); + + } + } + + + if (auth != null) { ForeignIdentities foreign = auth.getForeignIdentities(); if (foreign != null) { ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); if (connect_foreign != null) { - szrgwURL = connect_foreign.getURL(); + if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { + if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) + szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); + + else { + if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + szrgwURL = connect_foreign.getURL().substring(0, + connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + szrgwURL = connect_foreign.getURL(); + + } + + } } STORK stork = foreign.getSTORK(); @@ -251,7 +286,23 @@ public class GeneralMOAIDConfig { if (mandates != null) { ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); if (con != null) { - mandateURL = con.getURL(); + if (MiscUtil.isNotEmpty(con.getURL())) { + if (KeyValueUtils.isCSVValueString(con.getURL())) + mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + + else { + if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + mandateURL = con.getURL().substring(0, + con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + mandateURL = con.getURL(); + + } + + } + } } @@ -392,7 +443,10 @@ public class GeneralMOAIDConfig { * @param szrgwURL the szrgwURL to set */ public void setSzrgwURL(String szrgwURL) { - this.szrgwURL = szrgwURL; + if (MiscUtil.isNotEmpty(szrgwURL)) + this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL); + else + this.szrgwURL = szrgwURL; } /** @@ -518,7 +572,10 @@ public class GeneralMOAIDConfig { * @param mandateURL the mandateURL to set */ public void setMandateURL(String mandateURL) { - this.mandateURL = mandateURL; + if (MiscUtil.isNotEmpty(mandateURL)) + this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL); + else + this.mandateURL = mandateURL; } /** @@ -1024,6 +1081,23 @@ public class GeneralMOAIDConfig { boolean virtualPublicURLPrefixEnabled) { this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; } + + /** + * @return the elgaMandateServiceURL + */ + public String getElgaMandateServiceURL() { + return elgaMandateServiceURL; + } + + /** + * @param elgaMandateServiceURL the elgaMandateServiceURL to set + */ + public void setElgaMandateServiceURL(String elgaMandateServiceURL) { + if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) + this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL); + else + this.elgaMandateServiceURL = elgaMandateServiceURL; + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index d0232e86a..225f85462 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -29,8 +29,11 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; @@ -38,7 +41,10 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; import at.gv.egovernment.moa.util.MiscUtil; @@ -48,6 +54,8 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class OAAuthenticationData implements IOnlineApplicationData { + private static final Logger log = Logger.getLogger(OAAuthenticationData.class); + private String bkuOnlineURL = null; private String bkuHandyURL = null; private String bkuLocalURL = null; @@ -55,6 +63,13 @@ public class OAAuthenticationData implements IOnlineApplicationData { private String mandateProfiles = null; private boolean useMandates = false; + private List misServicesList = null; + private List elgaServicesList = null; + private List szrgwServicesList = null; + private String misServiceSelected = null; + private String elgaServiceSelected = null; + private String szrgwServiceSelected = null; + private boolean calculateHPI = false; private String keyBoxIdentifier = null; @@ -82,6 +97,26 @@ public class OAAuthenticationData implements IOnlineApplicationData { keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); + + try { + MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); + + try { + misServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL()); + } catch (NullPointerException e) {} + + try { + szrgwServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL()); + } catch (NullPointerException e) {} + + } catch (ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + // bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; // bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; // @@ -111,6 +146,8 @@ public class OAAuthenticationData implements IOnlineApplicationData { public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); + szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + AuthComponentOA oaauth = dbOA.getAuthComponentOA(); if (oaauth != null) { BKUURLS bkuurls = oaauth.getBKUURLS(); @@ -177,6 +214,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { else useMandates = false; + misServiceSelected = mandates.getSelectedMISServiceURL(); + elgaServiceSelected = mandates.getSelecteELGAServiceURL(); + } TemplatesType templates = oaauth.getTemplates(); @@ -231,6 +271,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { dbOA.setCalculateHPI(isCalculateHPI()); + if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) + dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); + if (authUser.isAdmin()) { //store BKU-URLs @@ -301,9 +344,16 @@ public class OAAuthenticationData implements IOnlineApplicationData { mandates.setProfiles(null); + if (MiscUtil.isNotEmpty(getMisServiceSelected())) + mandates.setSelectedMISServiceURL(getMisServiceSelected()); + + if (MiscUtil.isNotEmpty(getElgaServiceSelected())) + mandates.setSelecteELGAServiceURL(getElgaServiceSelected()); + } else { mandates.setProfiles(null); mandates.getProfileName().clear(); + } authoa.setMandates(mandates); @@ -655,6 +705,69 @@ public class OAAuthenticationData implements IOnlineApplicationData { boolean useTestAuthblockValidationTrustStore) { this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore; } + + /** + * @return the misServiceSelected + */ + public String getMisServiceSelected() { + return misServiceSelected; + } + + /** + * @param misServiceSelected the misServiceSelected to set + */ + public void setMisServiceSelected(String misServiceSelected) { + this.misServiceSelected = misServiceSelected; + } + + /** + * @return the elgaServiceSelected + */ + public String getElgaServiceSelected() { + return elgaServiceSelected; + } + + /** + * @param elgaServiceSelected the elgaServiceSelected to set + */ + public void setElgaServiceSelected(String elgaServiceSelected) { + this.elgaServiceSelected = elgaServiceSelected; + } + + /** + * @return the szrgwServiceSelected + */ + public String getSzrgwServiceSelected() { + return szrgwServiceSelected; + } + + /** + * @param szrgwServiceSelected the szrgwServiceSelected to set + */ + public void setSzrgwServiceSelected(String szrgwServiceSelected) { + this.szrgwServiceSelected = szrgwServiceSelected; + } + + /** + * @return the misServicesList + */ + public List getMisServicesList() { + return misServicesList; + } + + /** + * @return the elgaServicesList + */ + public List getElgaServicesList() { + return elgaServicesList; + } + + /** + * @return the szrgwServicesList + */ + public List getSzrgwServicesList() { + return szrgwServicesList; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 5e348f91b..74a19dd0b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -539,7 +539,22 @@ public class EditGeneralConfigAction extends BasicAction { forcon = new ConnectionParameterClientAuthType(); dbforeign.setConnectionParameter(forcon); } - forcon.setURL(moaconfig.getSzrgwURL()); + + if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) + forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); + + else { + if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) + forcon.setURL( + moaconfig.getSzrgwURL().trim().substring(0, + moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + + else + forcon.setURL( + StringUtils.chomp(moaconfig.getSzrgwURL().trim())); + + } + } ForeignIdentities foreign = dbauth.getForeignIdentities(); @@ -608,6 +623,7 @@ public class EditGeneralConfigAction extends BasicAction { } } + //write MIS Mandate-Service URLs if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { OnlineMandates dbmandate = dbauth.getOnlineMandates(); if (dbmandate == null) { @@ -620,9 +636,43 @@ public class EditGeneralConfigAction extends BasicAction { dbmandateconnection = new ConnectionParameterClientAuthType(); dbmandate.setConnectionParameter(dbmandateconnection); } - dbmandateconnection.setURL(moaconfig.getMandateURL()); + + if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) + dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); + + else { + if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbmandateconnection.setURL( + moaconfig.getMandateURL().trim().substring(0, + moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + + else + dbmandateconnection.setURL( + StringUtils.chomp(moaconfig.getMandateURL().trim())); + + } + } + + //write ELGA Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) + dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); + + else { + if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbconfig.setElgaMandateServiceURLs( + moaconfig.getElgaMandateServiceURL().trim().substring(0, + moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + + else + dbconfig.setElgaMandateServiceURLs( + StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + + } } + + MOASP dbmoasp = dbauth.getMOASP(); if (dbmoasp == null) { dbmoasp = new MOASP(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 617e9cf51..cb546c5a8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -162,10 +162,26 @@ public class MOAConfigValidator { // } check = form.getMandateURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", request)); + if (MiscUtil.isNotEmpty(check)) { + String[] misURLs = check.split(","); + for (String el : misURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[]{el}, request)); + } + } + } + + check = form.getElgaMandateServiceURL(); + if (MiscUtil.isNotEmpty(check)) { + String[] elgaServiceURLs = check.split(","); + for (String el : elgaServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[]{el}, request)); + } } } @@ -392,13 +408,17 @@ public class MOAConfigValidator { } check = form.getSzrgwURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("SZRGW URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", request)); + if (MiscUtil.isNotEmpty(check)) { + String[] szrGWServiceURLs = check.split(","); + for (String el : szrGWServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[]{el}, request)); + } } } - + check = form.getTrustedCACerts(); if (MiscUtil.isEmpty(check)) { log.info("Empty TrustCACerts Directory"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index 47c8f23b4..7e6396b75 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -147,6 +147,34 @@ public class OAAuthenticationDataValidation { } } + check =form.getMisServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MIS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[]{check}, request)); + } + } + + check =form.getElgaServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid ELGA Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[]{check}, request)); + } + } + + check =form.getSzrgwServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid SZR-GW Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[]{check}, request)); + } + } + + if (form.isEnableTestCredentials() && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { for (String el : form.getTestCredialOIDList()) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 6476ea1f1..970785bdb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -22,8 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; -import iaik.x509.X509Certificate; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; @@ -58,6 +56,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValid import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; public class OAPVP2ConfigValidation { @@ -135,7 +134,8 @@ public class OAPVP2ConfigValidation { ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, "pkix", - true); + true, + new String[]{"crl"}); httpClient.setCustomSSLTrustStore( form.getMetaDataURL(), -- cgit v1.2.3