From 6e409edd540fb7e2bb6a66f14adeb72e550669c1 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Wed, 2 Jul 2014 16:02:45 +0200 Subject: added support for splitting authnrequest &signrequest --- id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 6f266f865..4589a3381 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -249,10 +249,11 @@ labelposition="left" />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

- + + -- cgit v1.2.3 From 79aeebd55d548326a3892465c441c77589e0e37d Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 4 Jul 2014 14:48:19 +0200 Subject: refactored logging statements --- .../moa/id/configuration/struts/action/EditGeneralConfigAction.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 0a308a354..ad465e0d8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -555,10 +555,10 @@ public class EditGeneralConfigAction extends BasicAction { } try{ - log.error("CPEPS LIST: " + storkconfig.getCpepslist().size() ); - log.error("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); + log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); + log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); } catch (Exception ex) { - ex.printStackTrace(); + log.info("CPEPS LIST is null"); } } } -- cgit v1.2.3 From 35993eab38db2aa67137d674baa31031266c2b2e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 4 Jul 2014 14:41:55 +0200 Subject: fix: overwrite single config instead of deleting old one --- .../struts/action/EditGeneralConfigAction.java | 73 ++++------------------ 1 file changed, 12 insertions(+), 61 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index ad465e0d8..ec261335d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -237,20 +237,8 @@ public class EditGeneralConfigAction extends BasicAction { } catch (Exception ex) { ex.printStackTrace(); } - - MOAIDConfiguration oldconfig = ConfigurationDBRead.getMOAIDConfiguration(); - AuthComponentGeneral oldauth = null; - if (oldconfig != null) { - oldauth = oldconfig.getAuthComponentGeneral(); - } - -// MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); -// if (dbconfig == null) { -// dbconfig = new MOAIDConfiguration(); -// isnewconfig = true; -// } - MOAIDConfiguration dbconfig = new MOAIDConfiguration(); + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); if (dbauth == null) { @@ -486,23 +474,6 @@ public class EditGeneralConfigAction extends BasicAction { dbchainingmodes.setSystemDefaultMode( ChainingModeType.fromValue(moaconfig.getDefaultchainigmode())); - if (oldconfig != null) { - ChainingModes oldchainigmodes = oldconfig.getChainingModes(); - if (oldchainigmodes != null) { - List oldtrustanchor = oldchainigmodes.getTrustAnchor(); - if (oldtrustanchor != null) { - List trustanchor = new ArrayList(); - for (TrustAnchor oldel : oldtrustanchor) { - TrustAnchor TAel = new TrustAnchor(); - TAel.setX509IssuerName(oldel.getX509IssuerName()); - TAel.setX509SerialNumber(oldel.getX509SerialNumber()); - TAel.setMode(oldel.getMode()); - trustanchor.add(TAel); - } - dbchainingmodes.setTrustAnchor(trustanchor); - } - } - } IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); if (idlsigners == null) { @@ -525,31 +496,28 @@ public class EditGeneralConfigAction extends BasicAction { forcon.setURL(moaconfig.getSzrgwURL()); } - //TODO: Set STORK Config!!! - if (oldauth != null) { - ForeignIdentities oldforeign = oldauth.getForeignIdentities(); - if (oldforeign != null) { - STORK oldstork = oldforeign.getSTORK(); - if (oldstork == null) - oldstork = new STORK(); + ForeignIdentities foreign = dbauth.getForeignIdentities(); + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork == null) + stork = new STORK(); try { log.error("QAAAA " + storkconfig.getDefaultQaa()); - oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); + stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); if (storkconfig.getAttributes() != null) - oldstork.setAttributes(storkconfig.getAttributes()); + stork.setAttributes(storkconfig.getAttributes()); else - oldstork.setAttributes((List) (new ArrayList())); + stork.setAttributes((List) (new ArrayList())); if (storkconfig.getCpepslist() != null) - oldstork.setCPEPS(storkconfig.getCpepslist()); + stork.setCPEPS(storkconfig.getCpepslist()); else - oldstork.setCPEPS((List) (new ArrayList())); + stork.setCPEPS((List) (new ArrayList())); - dbforeign.setSTORK(oldstork); } catch (Exception e) { e.printStackTrace(); } @@ -561,7 +529,6 @@ public class EditGeneralConfigAction extends BasicAction { log.info("CPEPS LIST is null"); } } - } if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { OnlineMandates dbmandate = dbauth.getOnlineMandates(); @@ -604,7 +571,7 @@ public class EditGeneralConfigAction extends BasicAction { } moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); - moaauth.setVerifyTransformsInfoProfileID(moaconfig.getAuthTransformList()); + moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); SecurityLayer seclayertrans = dbauth.getSecurityLayer(); if (seclayertrans == null) { @@ -621,19 +588,6 @@ public class EditGeneralConfigAction extends BasicAction { elem.setTransformation(moatrans.get(key)); trans.add(elem); } - } else { - if (oldauth != null) { - SecurityLayer oldsectrans = oldauth.getSecurityLayer(); - if (oldsectrans != null) { - List oldtranslist = oldsectrans.getTransformsInfo(); - for (TransformsInfoType oldel : oldtranslist) { - TransformsInfoType elem = new TransformsInfoType(); - elem.setFilename(oldel.getFilename()); - elem.setTransformation(oldel.getTransformation()); - trans.add(elem); - } - } - } } if (trans.size() > 0) seclayertrans.setTransformsInfo(trans); @@ -660,9 +614,6 @@ public class EditGeneralConfigAction extends BasicAction { ConfigurationDBUtils.save(dbconfig); - if (oldconfig != null) - ConfigurationDBUtils.delete(oldconfig); - } catch (MOADatabaseException e) { log.warn("MOAID Configuration can not be stored in Database", e); return LanguageHelper.getErrorString("error.db.oa.store", request); -- cgit v1.2.3 From 27c5460e2138fbb7de64214a7538b98effb5a7a6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 4 Jul 2014 14:44:26 +0200 Subject: fix: CPEPS list is now edited in place instead of clean and refill --- .../id/configuration/validation/moaconfig/StorkConfigValidator.java | 4 ++++ id/ConfigWebTool/src/main/webapp/js/common.js | 1 + id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 8bc916e5a..4a5676fd6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -28,6 +28,10 @@ public class StorkConfigValidator { if (form.getCpepslist() != null) { for(CPEPS current : form.getCpepslist()) { + // if an existing record got deleted + if(null == current) + continue; + // check country code String check = current.getCountryCode(); if (MiscUtil.isNotEmpty(check)) { diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 32e79bb66..a86b9fede 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -230,6 +230,7 @@ function newPeps() { var lastindex = 1; } var nextindex = lastindex + 1; + clone.innerHTML = clone.innerHTML.replace(//, ''); clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.cpepslist\[\d/g, 'name="storkconfig.cpepslist[' + nextindex); clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); target.parentNode.appendChild(clone); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 6f266f865..9b94bcef5 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -251,7 +251,8 @@
Country ShortcodePEPS URL
Country ShortcodePEPS URLSupports XMLSignatures
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- + -- cgit v1.2.3 From b2c1ca665aaaa3246671ef2ec933e29b8ff87b25 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 4 Jul 2014 16:09:36 +0200 Subject: made country code readonly --- .../struts/action/EditGeneralConfigAction.java | 15 ++++++++-- .../validation/moaconfig/StorkConfigValidator.java | 34 ++++++++++++---------- id/ConfigWebTool/src/main/webapp/js/common.js | 4 ++- .../src/main/webapp/jsp/editMOAConfig.jsp | 2 +- 4 files changed, 35 insertions(+), 20 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index ec261335d..ef0672e99 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -512,9 +512,20 @@ public class EditGeneralConfigAction extends BasicAction { else stork.setAttributes((List) (new ArrayList())); - if (storkconfig.getCpepslist() != null) + if (storkconfig.getCpepslist() != null) { + + // make CountryCode "readonly" + for(CPEPS newone : storkconfig.getCpepslist()) { + for(CPEPS current : stork.getCPEPS()) { + if(current.getHjid().equals(newone.getHjid())) { + newone.setCountryCode(current.getCountryCode()); + break; + } + } + } + stork.setCPEPS(storkconfig.getCpepslist()); - + } else stork.setCPEPS((List) (new ArrayList())); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 4a5676fd6..5ec3af519 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -32,27 +32,29 @@ public class StorkConfigValidator { if(null == current) continue; - // check country code - String check = current.getCountryCode(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - if(!check.toLowerCase().matches("^[a-z][a-z]$")) { - log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); + if(null == current.getHjid()) { + // check country code + String check = current.getCountryCode(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {check}, request )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + if(!check.toLowerCase().matches("^[a-z][a-z]$")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] {check}, request )); + } + } else { + log.warn("CPEPS config countrycode is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {check}, request )); } - } else { - log.warn("CPEPS config countrycode is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); } // check url - check = current.getURL(); + String check = current.getURL(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("CPEPS config URL is invalid : " + check); diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index a86b9fede..f7ef2c415 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -230,7 +230,9 @@ function newPeps() { var lastindex = 1; } var nextindex = lastindex + 1; - clone.innerHTML = clone.innerHTML.replace(//, ''); + + clone.innerHTML = clone.innerHTML.replace(/[A-Z]{2}/, '
'); clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.cpepslist\[\d/g, 'name="storkconfig.cpepslist[' + nextindex); clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); target.parentNode.appendChild(clone); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 9b94bcef5..21ba246c1 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -252,7 +252,7 @@
+ -- cgit v1.2.3 From bab51d46c3d57ac1fe32f184d5fd8acef53ad618 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 7 Jul 2014 09:11:42 +0200 Subject: check for peps country code uniqueness --- .../id/configuration/data/GeneralStorkConfig.java | 20 ++++++++++ .../struts/action/EditGeneralConfigAction.java | 13 +------ .../validation/moaconfig/StorkConfigValidator.java | 45 +++++++++++++--------- .../resources/applicationResources_de.properties | 1 + .../resources/applicationResources_en.properties | 1 + 5 files changed, 49 insertions(+), 31 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 9e5ba684c..b1e268fef 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -25,12 +25,14 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; + import org.apache.log4j.Logger; public class GeneralStorkConfig { @@ -88,6 +90,24 @@ public class GeneralStorkConfig { } public List getCpepslist() { + if (null == cpepslist) + return null; + + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + List cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); + + // make CountryCode "readonly" + for (CPEPS newone : cpepslist) { + for (CPEPS current : cpepss) { + if (null != newone) + if (current.getHjid().equals(newone.getHjid())) { + newone.setCountryCode(current.getCountryCode()); + break; + } + } + } + return cpepslist; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index ef0672e99..0f1673c3a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -512,20 +512,9 @@ public class EditGeneralConfigAction extends BasicAction { else stork.setAttributes((List) (new ArrayList())); - if (storkconfig.getCpepslist() != null) { - - // make CountryCode "readonly" - for(CPEPS newone : storkconfig.getCpepslist()) { - for(CPEPS current : stork.getCPEPS()) { - if(current.getHjid().equals(newone.getHjid())) { - newone.setCountryCode(current.getCountryCode()); - break; - } - } - } + if (storkconfig.getCpepslist() != null) stork.setCPEPS(storkconfig.getCpepslist()); - } else stork.setCPEPS((List) (new ArrayList())); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 5ec3af519..f7d61653d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -32,29 +32,27 @@ public class StorkConfigValidator { if(null == current) continue; - if(null == current.getHjid()) { - // check country code - String check = current.getCountryCode(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); + // check country code + String check = current.getCountryCode(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + if(!check.toLowerCase().matches("^[a-z][a-z]$")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - if(!check.toLowerCase().matches("^[a-z][a-z]$")) { - log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {check}, request )); - } - } else { - log.warn("CPEPS config countrycode is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); + new Object[] {check}, request )); } + } else { + log.warn("CPEPS config countrycode is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {check}, request )); } - + // check url - String check = current.getURL(); + check = current.getURL(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("CPEPS config URL is invalid : " + check); @@ -66,6 +64,15 @@ public class StorkConfigValidator { new Object[] {check}, request )); } } + + // ensure uniqueness of country code + for (CPEPS one : form.getCpepslist()) + for (CPEPS another : form.getCpepslist()) + if (null != one && null != another) + if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); + break; + } } // check qaa diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index e4e7a0b63..2c71d86a5 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -453,6 +453,7 @@ validation.general.testcredentials.oid.valid=Die Testdaten OID {0} ist ung\u00FC validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig +validation.stork.cpeps.duplicate=L\u00E4ndercodes sind nicht eindeutig validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4 validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index dcf36103b..a494ef089 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -450,6 +450,7 @@ validation.general.testcredentials.oid.valid=The OID {0} for test credentials is validation.stork.cpeps.cc=CPEPS country code is not based on 3166-2 validation.stork.cpeps.empty=CPEPS configuration is incomplete validation.stork.cpeps.url=CPEPS URL is invalid +validation.stork.cpeps.duplicate=Country codes are not unique validation.stork.requestedattributes=STORK attributes are incorrect. Example: attr1, attr2 validation.stork.qaa.outofrange=Valid QAA values are 1, 2, 3, and 4 validation.stork.attributes.empty=Only one attribute can be provided -- cgit v1.2.3 From 31e11e635b2dc72542ea2af1e302d83c6a8c7c13 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Jul 2014 12:26:21 +0200 Subject: set default TrustManagerRevocationCheck value --- .../gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 681641834..f29780f05 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -159,7 +159,8 @@ public class GeneralMOAIDConfig { if (authgen != null) { alternativeSourceID = authgen.getAlternativeSourceID(); certStoreDirectory = authgen.getCertStoreDirectory(); - trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + if (authgen.isTrustManagerRevocationChecking() != null) + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); publicURLPrefix = authgen.getPublicURLPreFix(); -- cgit v1.2.3 From 34ac95193f76a30f3bc96761c5bb02c5048f5a69 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Jul 2014 12:26:43 +0200 Subject: solve problem with empty configuration --- .../id/configuration/data/GeneralStorkConfig.java | 35 ++++++++++++++-------- .../src/main/webapp/jsp/editMOAConfig.jsp | 2 +- 2 files changed, 23 insertions(+), 14 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index b1e268fef..5e177655d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -80,7 +80,7 @@ public class GeneralStorkConfig { } if (cpepslist.isEmpty()) - cpepslist.add(new CPEPS()); + cpepslist = null; if(attributes.isEmpty()) attributes.add(new StorkAttribute()); @@ -94,21 +94,30 @@ public class GeneralStorkConfig { return null; MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - List cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); - - // make CountryCode "readonly" - for (CPEPS newone : cpepslist) { - for (CPEPS current : cpepss) { - if (null != newone) - if (current.getHjid().equals(newone.getHjid())) { - newone.setCountryCode(current.getCountryCode()); - break; + + try { + List cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); + + if (cpepss != null) { + // make CountryCode "readonly" + for (CPEPS newone : cpepslist) { + for (CPEPS current : cpepss) { + if (null != newone) + if (current.getHjid().equals(newone.getHjid())) { + newone.setCountryCode(current.getCountryCode()); + break; + } } + } } - } - return cpepslist; + return cpepslist; + + } catch (NullPointerException e) { + return null; + + } + } public void setCpepslist(List list) { diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 1e8e36d4e..bf5625419 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -257,7 +257,7 @@ - + -- cgit v1.2.3 From 62b8a5dd94c29c8bd551dfb86c390e1dd992c7bc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Jul 2014 12:56:17 +0200 Subject: set default TrustManagerRevocationCheck value --- .../gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index f29780f05..681641834 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -159,8 +159,7 @@ public class GeneralMOAIDConfig { if (authgen != null) { alternativeSourceID = authgen.getAlternativeSourceID(); certStoreDirectory = authgen.getCertStoreDirectory(); - if (authgen.isTrustManagerRevocationChecking() != null) - trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); publicURLPrefix = authgen.getPublicURLPreFix(); -- cgit v1.2.3 From 1e368ef5077cbc7ebacf2a0034de23c027e93eb3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 11 Jul 2014 09:03:40 +0200 Subject: update general configuration DB representation --- .../struts/action/EditGeneralConfigAction.java | 52 ++++++++++++++++------ 1 file changed, 38 insertions(+), 14 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 0f1673c3a..32ffd2ba3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -308,14 +308,36 @@ public class EditGeneralConfigAction extends BasicAction { legprot = new LegacyAllowed(); dbprotocols.setLegacyAllowed(legprot); } - - List el = new ArrayList(); - if (moaconfig.isLegacy_pvp2()) - el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); - if (moaconfig.isLegacy_saml1()) - el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); - legprot.setProtocolName(el); + List el = legprot.getProtocolName(); + if (el == null) { + el = new ArrayList(); + legprot.setProtocolName(el); + + } + + //Workaround for DB cleaning is only needed for one or the releases (insert in 2.1.1) + if (el.size() > 2) + el.clear(); + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { + if (!moaconfig.isLegacy_pvp2()) + el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2); + + } else { + if (moaconfig.isLegacy_pvp2()) + el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); + } + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { + if (!moaconfig.isLegacy_saml1()) + el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1); + + } else { + if (moaconfig.isLegacy_saml1()) + el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); + } + SAML1 saml1= dbprotocols.getSAML1(); if (saml1 == null) { saml1 = new SAML1(); @@ -385,15 +407,17 @@ public class EditGeneralConfigAction extends BasicAction { cont.setGivenName(StringHelper.getUTF8String( moaconfig.getPvp2Contact().getGivenname())); - //TODO: change to list if required - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getMail())) + if (cont.getMail() != null && cont.getMail().size() > 0) + cont.getMail().set(0, moaconfig.getPvp2Contact().getMail()); + else cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getPhone())) + + if (cont.getPhone() != null && cont.getPhone().size() > 0) + cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone()); + else cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); - - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getSurname())) - cont.setSurName(StringHelper.getUTF8String( - moaconfig.getPvp2Contact().getSurname())); + + cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname())); if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) cont.setType(moaconfig.getPvp2Contact().getType()); -- cgit v1.2.3 From ecbe783def54f0548c67290065dbd2047d1ea375 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Jul 2014 08:56:00 +0200 Subject: load default value if no configuration is found --- .../gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 681641834..f29780f05 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -159,7 +159,8 @@ public class GeneralMOAIDConfig { if (authgen != null) { alternativeSourceID = authgen.getAlternativeSourceID(); certStoreDirectory = authgen.getCertStoreDirectory(); - trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + if (authgen.isTrustManagerRevocationChecking() != null) + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); publicURLPrefix = authgen.getPublicURLPreFix(); -- cgit v1.2.3 From 0265338e3f2553d9f6926c930561d29a65035847 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 15 Jul 2014 11:05:19 +0200 Subject: solve problems with Target configuration --- .../data/oa/OATargetConfiguration.java | 26 ++++++++++++++++++---- .../webapp/jsp/snippets/OA/targetConfiguration.jsp | 4 ++-- 2 files changed, 24 insertions(+), 6 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index e988cc292..150cd959e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -82,9 +82,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { */ @Override public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector()); - + AuthenticatedUser authUser, HttpServletRequest request) { String target_full = dbOA.getTarget(); if (MiscUtil.isNotEmpty(target_full)) { if (TargetValidator.isValidTarget(target_full)) { @@ -95,8 +93,10 @@ public class OATargetConfiguration implements IOnlineApplicationData { if (TargetValidator.isValidTarget(target_split[0])) { target = target_split[0]; - if (target_split.length > 1) + if (target_split.length > 1) { target_subsector = target_split[1]; + subTargetSet = true; + } } else { target = ""; @@ -367,4 +367,22 @@ public class OATargetConfiguration implements IOnlineApplicationData { public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { this.deaktivededBusinessService = deaktivededBusinessService; } + + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index 261966a86..b8bd1dc02 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -46,8 +46,8 @@ - Date: Tue, 19 Aug 2014 15:05:01 +0200 Subject: add new OA specific configuration for bPK decryption --- .../moa/id/configuration/Constants.java | 1 + .../config/ConfigurationProvider.java | 5 + .../id/configuration/data/oa/OABPKEncryption.java | 370 +++++++++++++++++++++ .../configuration/struts/action/EditOAAction.java | 18 + .../utils/ConfigurationEncryptionUtils.java | 79 +++++ .../resources/applicationResources_de.properties | 18 + .../resources/applicationResources_en.properties | 23 +- .../src/main/webapp/jsp/editOAGeneral.jsp | 4 +- .../main/webapp/jsp/snippets/OA/bPKDecryption.jsp | 75 +++++ 9 files changed, 590 insertions(+), 3 deletions(-) create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java create mode 100644 id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index 567978cae..2f4d700a2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -60,6 +60,7 @@ public class Constants { public static final String SESSION_BKUSELECTIONTEMPLATE = "bkuSelectionTemplate"; public static final String SESSION_SENDASSERTIONTEMPLATE = "sendAssertionTemplate"; public static final String SESSION_SLTRANSFORMATION = "slTransformation"; + public static final String SESSION_BPKENCRYPTIONDECRYPTION = "bPKEncDec"; public static final String SESSION_SLOERROR = "sloerrormessage"; public static final String SESSION_SLOSUCCESS = "slosuccessmessage"; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index bea6220ff..957479b29 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -457,6 +457,11 @@ public class ConfigurationProvider { } + public String getConfigurationEncryptionKey() { + return props.getProperty("general.moaconfig.key"); + + } + private void initalPVP2Login() throws ConfigurationException { try { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java new file mode 100644 index 000000000..6782987e5 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java @@ -0,0 +1,370 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.io.File; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.SerializationUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BPKDecryption; +import at.gv.egovernment.moa.id.commons.db.dao.config.EncBPKInformation; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; +import at.gv.egovernment.moa.id.data.EncryptedData; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OABPKEncryption implements IOnlineApplicationData { + + private static final Logger log = Logger.getLogger(OABPKEncryption.class); + + private static final String MODULENAME = "bPKEncryptionDecryption"; + + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + private Map keyStoreForm = new HashMap(); + + private List keyStoreFileUpload = null; + private List keyStoreFileUploadContentType = null; + private List keyStoreFileUploadFileName = new ArrayList();; + private boolean deletekeyStore = false; + private boolean validationError = false; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + // TODO Auto-generated method stub + return MODULENAME; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth != null) { + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec != null) { + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec != null) { + keyAlias = bPKDec.getKeyAlias(); + if (bPKDec.getKeyStoreFileName() != null) + keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); + + } + } + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth == null) { + oaAuth = new AuthComponentOA(); + dbOA.setAuthComponentOA(oaAuth); + + } + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec == null) { + bPKEncDec = new EncBPKInformation(); + oaAuth.setEncBPKInformation(bPKEncDec); + + } + + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec == null) { + bPKDec = new BPKDecryption(); + bPKEncDec.setBPKDecryption(bPKDec); + } + + if (isDeletekeyStore()) { + bPKDec.setIv(null); + bPKDec.setKeyAlias(null); + bPKDec.setKeyInformation(null); + bPKDec.setKeyStoreFileName(null); + + } + + BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + if (keyStoreForm != null && keyStoreForm.size() > 0) { + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + + Iterator interator = keyStoreForm.keySet().iterator(); + bPKDec.setKeyStoreFileName(interator.next()); + bPKDec.setKeyAlias(keyAlias); + keyInfo.setKeyStore(keyStoreForm.get( + bPKDec.getKeyStoreFileName())); + + //encrypt key information + byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); + try { + EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); + bPKDec.setIv(encryptkeyInfo.getIv()); + bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); + + } catch (BuildException e) { + log.error("Configuration encryption FAILED.", e); + return LanguageHelper.getErrorString("error.general.text", request); + + } + } + + request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + HttpSession session = request.getSession(); + List errors = new ArrayList(); + + String check = null; + + OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + //validate BKU-selection template + List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName() + , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); + if (templateError != null && templateError.size() == 0) { + if (keyStoreForm != null && keyStoreForm.size() > 0) { + session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); + + } else + keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); + + } else { + errors.addAll(templateError); + + } + + if (keyStoreForm != null && keyStoreForm.size() > 0) { + check = getKeyStorePassword(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption keystore password is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + + } + } + + check = getKeyAlias(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption key alias is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("bPK decryption key alias contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + + } + } + + check = getKeyPassword(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("bPK decryption key password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + + } + } + + BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + Iterator interator = keyStoreForm.keySet().iterator(); + String fileName = interator.next(); + keyInfo.setKeyStore(keyStoreForm.get(fileName)); + if (keyInfo.getPrivateKey() == null) { + log.info("Open keyStore FAILED."); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); + + } + } + + if (errors.size() > 0) { + validationError = true; + + } + + return errors; + + } + + /** + * @return the keyStorePassword + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @return the keyAlias + */ + public String getKeyAlias() { + return keyAlias; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @return the keyPassword + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + /** + * @return the keyStoreFileUpload + */ + public List getKeyStoreFileUpload() { + return keyStoreFileUpload; + } + + /** + * @param keyStoreFileUpload the keyStoreFileUpload to set + */ + public void setKeyStoreFileUpload(List keyStoreFileUpload) { + this.keyStoreFileUpload = keyStoreFileUpload; + } + + /** + * @return the keyStoreFileUploadContentType + */ + public List getKeyStoreFileUploadContentType() { + return keyStoreFileUploadContentType; + } + + /** + * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set + */ + public void setKeyStoreFileUploadContentType( + List keyStoreFileUploadContentType) { + this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; + } + + /** + * @return the keyStoreFileUploadFileName + */ + public List getKeyStoreFileUploadFileName() { + return keyStoreFileUploadFileName; + } + + /** + * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set + */ + public void setKeyStoreFileUploadFileName( + List keyStoreFileUploadFileName) { + this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; + } + + /** + * @return the deletekeyStore + */ + public boolean isDeletekeyStore() { + return deletekeyStore; + } + + /** + * @param deletekeyStore the deletekeyStore to set + */ + public void setDeletekeyStore(boolean deletekeyStore) { + this.deletekeyStore = deletekeyStore; + } + + /** + * @return the validationError + */ + public boolean isValidationError() { + return validationError; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 9509f9712..3d96cc1e5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -57,6 +57,9 @@ public class EditOAAction extends BasicOAAction { OAAuthenticationData authOA = new OAAuthenticationData(); formList.put(authOA.getName(), authOA); + OABPKEncryption bPKEncDec = new OABPKEncryption(); + formList.put(bPKEncDec.getName(), bPKEncDec); + OASSOConfig ssoOA = new OASSOConfig(); formList.put(ssoOA.getName(), ssoOA); @@ -472,4 +475,19 @@ public class EditOAAction extends BasicOAAction { formList.put(formOA.getName(), formOA); } + /** + * @return the bPK encryption/decryption form + */ + public OABPKEncryption getBPKEncDecr() { + return (OABPKEncryption) formList.get(new OABPKEncryption().getName()); + } + + /** + * @param bPK encryption/decryption form + * the bPK encryption/decryption form to set + */ + public void setBPKEncDecr(OABPKEncryption formOA) { + formList.put(formOA.getName(), formOA); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java new file mode 100644 index 000000000..08cd7c59d --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java @@ -0,0 +1,79 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.utils; + +import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.util.AbstractEncrytionUtil; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class ConfigurationEncryptionUtils extends AbstractEncrytionUtil { + + private static ConfigurationEncryptionUtils instance = null; + private static String key = null; + + public static ConfigurationEncryptionUtils getInstance() { + if (instance == null) { + try { + key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey(); + instance = new ConfigurationEncryptionUtils(); + + } catch (Exception e) { + Logger.warn("MOAConfiguration encryption initialization FAILED.", e); + + } + } + return instance; + } + + /** + * @throws DatabaseEncryptionException + */ + public ConfigurationEncryptionUtils() throws DatabaseEncryptionException { + super(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() + */ + @Override + protected String getSalt() { + return "Configuration-Salt"; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() + */ + @Override + protected String getKey() { + return key; + + } + +} diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 2c71d86a5..35ae19f90 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -200,6 +200,15 @@ webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template webpages.oaconfig.general.bku.sendassertion.filename=Dateiname webpages.oaconfig.general.bku.sendassertion.upload=Neues Template hochladen +webpages.oaconfig.bPKEncDec.header=Fremd-bPK Konfiguration +webpages.oaconfig.bPKEncDec.keystore.header=KeyStore Konfiguration +webpages.oaconfig.bPKEncDec.filename=Dateiname +webpages.oaconfig.bPKEncDec.delete=L\u00F6schen +webpages.oaconfig.bPKEncDec.upload=KeyStore hochladen +webpages.oaconfig.bPKEncDec.keyStorePassword=KeyStore Password +webpages.oaconfig.bPKEncDec.keyAlias=Schl\u00FCsselname +webpages.oaconfig.bPKEncDec.keyPassword=Schl\u00FCsselpassword + webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix) webpages.oaconfig.general.mandate.header=Vollmachten webpages.oaconfig.general.mandate.profiles=Profile @@ -449,6 +458,15 @@ validation.general.sendassertion.file.valid=Das Send-Assertion Templates konnte validation.general.sendassertion.file.selected=Es kann nur EIN Send-Assertion Template angegeben werden. validation.general.testcredentials.oid.valid=Die Testdaten OID {0} ist ung\u00FCltig. +validation.bPKDec.keyStorePassword.empty=Das Password f\u00FCr den KeyStore ist leer. +validation.bPKDec.keyStorePassword.valid=Das Password f\u00FCr den KeyStore enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyAlias.empty=Der Schl\u00FCsselname ist leer. +validation.bPKDec.keyAlias.valid=Der Schl\u00FCsselname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyPassword.empty=Das Password f\u00FCr den privaten Schl\u00FCssel ist leer. +validation.bPKDec.keyPassword.valid=Das Password f\u00FCr den privaten Schl\u00FCssel enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyStore.filename.valid=Der Dateiname des KeyStores enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyStore.file.valid=Der KeyStore konnte nicht geladen oder ge\u00F6ffnet werden. Eventuell sind das Passwort oder der Schl\u00FCsselname nicht korrekt. +validation.bPKDec.keyStore.file.selected=Es kann nur EIN KeyStore angegeben werden. validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index a494ef089..22b063099 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -196,12 +196,21 @@ webpages.oaconfig.general.testing.oids=Use special test credential OIDs webpages.oaconfig.general.bku.delete=Remove webpages.oaconfig.general.bku.bkuselection.header=CCE-Selection Template -webpages.oaconfig.general.bku.bkuselection.filename=File name +webpages.oaconfig.general.bku.bkuselection.filename=Filename webpages.oaconfig.general.bku.bkuselection.upload=Upload new template webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template -webpages.oaconfig.general.bku.sendassertion.filename=File name +webpages.oaconfig.general.bku.sendassertion.filename=Filename webpages.oaconfig.general.bku.sendassertion.upload=Upload new template +webpages.oaconfig.bPKEncDec.header=Foreign-bPK Configuration +webpages.oaconfig.bPKEncDec.keystore.header=Keystore configuration +webpages.oaconfig.bPKEncDec.filename=Filename +webpages.oaconfig.bPKEncDec.delete=Remove +webpages.oaconfig.bPKEncDec.upload=Upload new keystore +webpages.oaconfig.bPKEncDec.keyStorePassword=Keystore password +webpages.oaconfig.bPKEncDec.keyAlias=Key alias +webpages.oaconfig.bPKEncDec.keyPassword=Key password + webpages.oaconfig.general.identification=Unique identifier (PublicURLPrefix) webpages.oaconfig.general.mandate.header=Mandates webpages.oaconfig.general.mandate.profiles=Profile @@ -447,6 +456,16 @@ validation.general.sendassertion.file.valid=Send-Assertion Templates could not b validation.general.sendassertion.file.selected=Only one Send-Assertion Template can be provided. validation.general.testcredentials.oid.valid=The OID {0} for test credentials is not a valid. +validation.bPKDec.keyStorePassword.empty=KeyStore password is blank. +validation.bPKDec.keyStorePassword.valid=The keyStore password contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyAlias.empty=Key alias is blank. +validation.bPKDec.keyAlias.valid=The key alias contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyPassword.empty=Key password is blank. +validation.bPKDec.keyPassword.valid=The key password contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyStore.filename.valid=The keyStore filename contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyStore.file.valid=KeyStore can not loaded. Maybe keyStore password or key alias are wrong. +validation.bPKDec.keyStore.file.selected=Only one keyStore can be provided. + validation.stork.cpeps.cc=CPEPS country code is not based on 3166-2 validation.stork.cpeps.empty=CPEPS configuration is incomplete validation.stork.cpeps.url=CPEPS URL is invalid diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index a3541c9a7..c56ad4847 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -39,6 +39,8 @@ + + @@ -82,7 +84,7 @@ - + diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp new file mode 100644 index 000000000..9f506e7da --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp @@ -0,0 +1,75 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + + +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.bPKEncDec.header", request) %>

+ + + <%--

<%=LanguageHelper.getGUIString("webpages.oaconfig.bPKEncDec.keystore.header", request) %>

--%> + +
+ + + +
+ +
+ + + + + + + + + +
+
+
+ +
+ + + + + + + + + + +
+
+ + +
+ \ No newline at end of file -- cgit v1.2.3 From 23047d5e2c28ce74eb7e76e3a13977f5ab31ec34 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 21 Aug 2014 10:50:11 +0200 Subject: fix typo --- .../src/main/resources/applicationResources_de.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 35ae19f90..39bfcd36b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -8,8 +8,8 @@ config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file not defined error.title=Fehler: -error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. -error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. +error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. +error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden. errors.listIDPs.noIDP=Es wurden kein IdentityProvider f\u00FCr Interfederation in der Datenbank gefunden. errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben. -- cgit v1.2.3 From 537e9f394e0eb0ac1c395fcd6d6d8e202a0ad5dc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 21 Aug 2014 10:51:19 +0200 Subject: add active user-session cleanup process --- .../moa/id/configuration/Constants.java | 2 ++ .../id/configuration/auth/AuthenticatedUser.java | 23 ++++++++++++++-------- .../configuration/auth/AuthenticationManager.java | 15 ++++++++++++++ .../id/configuration/auth/IActiveUserStorage.java | 4 ++++ .../auth/MemoryActiveUserStorageImpl.java | 19 ++++++++++++++++++ .../auth/pvp2/servlets/SLOBasicServlet.java | 1 - .../configuration/filter/AuthenticationFilter.java | 8 ++++++-- .../id/configuration/helper/FormDataHelper.java | 4 +++- .../configuration/struts/action/IndexAction.java | 20 +++++++++++++++---- .../id/configuration/utils/UserRequestCleaner.java | 7 ++++++- 10 files changed, 86 insertions(+), 17 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index 2f4d700a2..f549db9f3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -116,4 +116,6 @@ public class Constants { BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); } + + public static final long ONE_MINUTE_IN_MILLIS=60000;//millisecs } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java index 036acf1f6..3bfe409c0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java @@ -42,6 +42,7 @@ public class AuthenticatedUser { private String institute; private String userName; private Date lastLogin; + private Date sessionExpired; private boolean onlyBusinessService = false; private String businessServiceType; @@ -54,7 +55,7 @@ public class AuthenticatedUser { } - public static AuthenticatedUser generateDefaultUser() { + public static AuthenticatedUser generateDefaultUser(Date sessionExpired) { AuthenticatedUser user = new AuthenticatedUser(); user.familyName = "TestUser"; @@ -67,12 +68,13 @@ public class AuthenticatedUser { user.isMandateUser = false; user.isPVP2Login = false; user.lastLogin = new Date(); + user.sessionExpired = sessionExpired; return user; } public static AuthenticatedUser generateUserRequestUser(UserDatabaseFrom form, - String nameID, String nameIDFormat) { + String nameID, String nameIDFormat, Date sessionExpired) { AuthenticatedUser user = new AuthenticatedUser(); user.familyName = form.getFamilyName(); @@ -85,6 +87,7 @@ public class AuthenticatedUser { user.isMandateUser = form.isIsmandateuser(); user.isPVP2Login = form.isPVPGenerated(); user.lastLogin = new Date(); + user.sessionExpired = sessionExpired; user.nameID = nameID; user.nameIDFormat = nameIDFormat; @@ -93,7 +96,7 @@ public class AuthenticatedUser { } public AuthenticatedUser(UserDatabase userdb, boolean isAuthenticated, boolean isMandateUser, - boolean isPVP2Login, String nameID, String nameIDFormat) { + boolean isPVP2Login, String nameID, String nameIDFormat, Date sessionExpired) { this.familyName = userdb.getFamilyname(); this.givenName = userdb.getGivenname(); @@ -105,6 +108,7 @@ public class AuthenticatedUser { this.isMandateUser = isMandateUser; this.isPVP2Login = isPVP2Login; this.lastLogin = new Date(); + this.sessionExpired = sessionExpired; this.nameID = nameID; this.nameIDFormat = nameIDFormat; @@ -250,10 +254,13 @@ public class AuthenticatedUser { public String getNameIDFormat() { return nameIDFormat; } - - - - - + + /** + * @return the sessionExpired + */ + public Date getSessionExpired() { + return sessionExpired; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java index 6d3afffc9..58142b398 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java @@ -22,6 +22,9 @@ */ package at.gv.egovernment.moa.id.configuration.auth; +import java.util.Date; +import java.util.Iterator; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -81,4 +84,16 @@ public class AuthenticationManager { activeUsers.removeUser(authUser.getNameID()); } + + public void removeAllUsersAfterTimeOut() { + Iterator expiredUsers = activeUsers.getUserWithSessionTimeOut(new Date()); + while (expiredUsers.hasNext()) { + AuthenticatedUser user = expiredUsers.next(); + activeUsers.removeUser(user.getNameID()); + log.info("LogOut user with ID" + user.getNameID() + " after SessionTimeOut."); + + } + + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java index c52fee140..80730c6e0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java @@ -22,6 +22,9 @@ */ package at.gv.egovernment.moa.id.configuration.auth; +import java.util.Date; +import java.util.Iterator; + /** * @author tlenz * @@ -31,5 +34,6 @@ public interface IActiveUserStorage { public AuthenticatedUser getUser(String nameID); public void setUser(String nameID, AuthenticatedUser authUser); public void removeUser(String nameID); + public Iterator getUserWithSessionTimeOut(Date date); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java index 145da2c35..186a2b931 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java @@ -22,7 +22,12 @@ */ package at.gv.egovernment.moa.id.configuration.auth; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Date; import java.util.HashMap; +import java.util.Iterator; +import java.util.List; import java.util.Map; /** @@ -68,4 +73,18 @@ public class MemoryActiveUserStorageImpl implements IActiveUserStorage { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.auth.IActiveUserStorage#getUserWithSessionTimeOut(java.util.Date) + */ + @Override + public Iterator getUserWithSessionTimeOut(Date date) { + List expiredUsers = new ArrayList(); + for (AuthenticatedUser user : store.values()) { + if (date.after(user.getSessionExpired())) + expiredUsers.add(user); + + } + return expiredUsers.iterator(); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index 38c858918..00d6850d3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -127,7 +127,6 @@ public class SLOBasicServlet extends HttpServlet { HttpSession session = request.getSession(false); if (session != null) session.invalidate(); - return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); } else { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index 1f631afea..d13696d51 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.configuration.filter; import java.io.IOException; import java.util.ArrayList; +import java.util.Date; import java.util.StringTokenizer; import java.util.regex.Pattern; @@ -153,8 +154,11 @@ public class AuthenticationFilter implements Filter{ log.warn("Authentication is deaktivated. Dummy authentication-information are used!"); if (authuser == null) { - - authuser = AuthenticatedUser.generateDefaultUser(); + int sessionTimeOut = session.getMaxInactiveInterval(); + Date sessionExpired = new Date(new Date().getTime() + + (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); + + authuser = AuthenticatedUser.generateDefaultUser(sessionExpired); authManager.setActiveUser(authuser); //authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index cd6c699b9..dc97dd2c8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.configuration.helper; import java.util.ArrayList; +import java.util.Date; import java.util.List; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; @@ -88,7 +89,8 @@ public class FormDataHelper { userlist.add(new AuthenticatedUser(dbuser, dbuser.isIsActive(), ismandate, - false, null, null)); + false, null, null, new Date()) + ); } return userlist; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 4762f1518..f4a3d0c75 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -215,12 +215,17 @@ public class IndexAction extends BasicAction { if (dbuser.isIsMandateUser() != null) ismandateuser = dbuser.isIsMandateUser(); + int sessionTimeOut = session.getMaxInactiveInterval(); + Date sessionExpired = new Date(new Date().getTime() + + (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); + AuthenticatedUser authuser = new AuthenticatedUser(dbuser, true, ismandateuser, false, dbuser.getHjid()+"dbID", - "username/password"); + "username/password", + sessionExpired); //store user as authenticated user AuthenticationManager authManager = AuthenticationManager.getInstance(); @@ -390,6 +395,10 @@ public class IndexAction extends BasicAction { String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); + int sessionTimeOut = session.getMaxInactiveInterval(); + Date sessionExpired = new Date(new Date().getTime() + + (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); + //search user UserDatabase dbuser = ConfigurationDBRead.getUserWithUserBPKWBPK(bpkwbpk); if (dbuser == null) { @@ -434,7 +443,8 @@ public class IndexAction extends BasicAction { //create AuthUser data element authUser = AuthenticatedUser.generateUserRequestUser(user, nameID.getValue(), - nameID.getFormat()); + nameID.getFormat(), + sessionExpired); //store user as authenticated user AuthenticationManager authManager = AuthenticationManager.getInstance(); @@ -464,7 +474,8 @@ public class IndexAction extends BasicAction { dbuser.isIsMandateUser(), true, nameID.getValue(), - nameID.getFormat()); + nameID.getFormat(), + sessionExpired); //store user as authenticated user AuthenticationManager authManager = AuthenticationManager.getInstance(); @@ -491,7 +502,8 @@ public class IndexAction extends BasicAction { ismandateuser, true, nameID.getValue(), - nameID.getFormat()); + nameID.getFormat(), + sessionExpired); //store user as authenticated user AuthenticationManager authManager = AuthenticationManager.getInstance(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java index 9ec8db858..a75f8307d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java @@ -31,6 +31,7 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; @@ -40,13 +41,14 @@ public class UserRequestCleaner implements Runnable { private static final Logger log = Logger.getLogger(UserRequestCleaner.class); - private static final long SESSION_CLEANUP_INTERVAL = 60 * 60; // 60 min + private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min public void run() { while (true) { try { ConfigurationProvider config = ConfigurationProvider.getInstance(); + //clean up user request storage List userrequests = ConfigurationDBRead.getAllOpenUsersRequests(); if (userrequests != null) { Calendar cal = Calendar.getInstance(); @@ -63,6 +65,9 @@ public class UserRequestCleaner implements Runnable { } } + + //clean up active user storage + AuthenticationManager.getInstance().removeAllUsersAfterTimeOut(); Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); -- cgit v1.2.3 From 99d482d088850f5641d98b12de04cd1eefc030c0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 21 Aug 2014 10:51:38 +0200 Subject: change sessiontimeout to 45 minutes --- id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml index a6fe50269..d247faa1e 100644 --- a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml +++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml @@ -120,6 +120,10 @@ /* + + 45 + + /index.action -- cgit v1.2.3 From 5df1984c62b3f214ce9ed368beb9473bce0183e5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 21 Aug 2014 12:09:00 +0200 Subject: fix some problems with Single LogOut --- .../auth/pvp2/servlets/SLOBasicServlet.java | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index 00d6850d3..dfcde4624 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -197,11 +197,20 @@ public class SLOBasicServlet extends HttpServlet { } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - log.info("Single LogOut process complete."); - request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, - LanguageHelper.getErrorString("webpages.slo.success", request)); - + if (sloResp.getStatus().getStatusCode().getStatusCode() != null && + !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) { + log.info("Single LogOut process complete."); + request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, + LanguageHelper.getErrorString("webpages.slo.success", request)); + + } else { + log.warn("Single LogOut process is not completed."); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } + } else { log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue()); request.getSession().setAttribute(Constants.SESSION_SLOERROR, -- cgit v1.2.3 From 8c69606529427f9b3684d67ff2c7b309a0c586b4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 11 Sep 2014 12:10:14 +0200 Subject: remove AttributQuery URL available check --- .../id/configuration/data/oa/OAMOAIDPInterfederationConfig.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java index 5db9029bd..9431cc1fd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -117,10 +117,10 @@ public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { } } - if (inboundSSO && MiscUtil.isEmpty(queryURL)) { - log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); - } +// if (inboundSSO && MiscUtil.isEmpty(queryURL)) { +// log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); +// errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); +// } return errors; } -- cgit v1.2.3 From 42c33cec8e79c293965acdf3032e3d393e37a776 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 12 Sep 2014 12:20:23 +0200 Subject: Update eMail address verification --- .../java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java | 2 -- .../moa/id/configuration/struts/action/UserManagementAction.java | 2 +- id/ConfigWebTool/src/main/resources/applicationResources_en.properties | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index caed3e469..3c1c2f141 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -22,8 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; -import java.io.File; -import java.io.FileInputStream; import java.io.InputStream; import java.io.StringWriter; import java.io.UnsupportedEncodingException; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 5799c88b2..8e0f0b7f8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -449,7 +449,7 @@ public class UserManagementAction extends BasicAction { } - String message = new String(); + String message = LanguageHelper.getErrorString("error.mail.send", request); if (authUser != null) { UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 22b063099..07c8d708d 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -344,7 +344,7 @@ webpages.openadminrequests.users.header=User accounts webpages.openadminrequests.oas.header=Online-Applications -validation.newuser.mailaddress=Validation of eMail address could not be completed. +validation.newuser.mailaddress=Validation of eMail address completed. validation.edituser.familyname.empty=The surname is blank. validation.edituser.familyname.valid=The surname contains forbidden characters. The following characters are not allowed\: {0} -- cgit v1.2.3
Country ShortcodePEPS URL
+ " onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
Country ShortcodePEPS URL
- " onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>