From 66859cd53d4181350525e91c4d35071932675ca7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 May 2019 14:04:44 +0200 Subject: refactoring from MOA-ID 3.4.x to MOA E-ID Proxy 4.0.x --- .../config/ConfigurationProvider.java | 5 + .../id/configuration/data/GeneralMOAIDConfig.java | 320 ++++++----- .../data/oa/OAAuthenticationData.java | 63 ++- .../configuration/struts/action/BasicAction.java | 17 + .../configuration/struts/action/BasicOAAction.java | 6 +- .../struts/action/EditGeneralConfigAction.java | 598 +++++++++++---------- .../configuration/struts/action/EditOAAction.java | 42 +- .../struts/action/InterfederationIDPAction.java | 7 +- .../validation/moaconfig/MOAConfigValidator.java | 421 ++++++++------- .../oa/OAAuthenticationDataValidation.java | 8 + .../resources/applicationResources_de.properties | 9 +- .../resources/applicationResources_en.properties | 9 +- .../src/main/webapp/jsp/editMOAConfig.jsp | 524 +++++++++--------- .../src/main/webapp/jsp/editOAGeneral.jsp | 55 +- .../main/webapp/jsp/snippets/OA/authentication.jsp | 24 +- .../webapp/jsp/snippets/OA/targetConfiguration.jsp | 40 +- .../src/main/webapp/jsp/snippets/main_menu.jsp | 12 +- 17 files changed, 1210 insertions(+), 950 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 39cd0980b..656c9cc83 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -326,6 +326,11 @@ public class ConfigurationProvider { return configRootDir; } + public boolean isMOAIDMode() { + String result = props.getProperty("general.moaidmode.active", "false"); + return Boolean.parseBoolean(result); + } + public String getMOAIDInstanceURL() { return props.getProperty("general.moaid.instance.url"); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index dc6e840d7..11fbccc0a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -55,6 +55,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; @@ -88,6 +89,7 @@ public class GeneralMOAIDConfig { private String mandateURL = null; private String szrgwURL = null; private String elgaMandateServiceURL = null; + private String eidSystemServiceURL = null; private boolean protocolActiveSAML1 = false; private boolean protocolActivePVP21 = true; @@ -131,7 +133,16 @@ public class GeneralMOAIDConfig { private String publicURLPrefix = null; private boolean virtualPublicURLPrefixEnabled = false; + private boolean moaidMode = false; + public GeneralMOAIDConfig() { + try { + this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + e.printStackTrace(); + + } + chainigmodelist = new HashMap(); ChainingModeType[] values = ChainingModeType.values(); for (int i=0; i list = authblock.getVerifyTransformsInfoProfileID(); - if (list.size() == 1) - moaspssAuthTransformations += list.get(0); - else { - for (String el : list) - moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; + + //deactive STORK + if (isMoaidMode()) { + ForeignIdentities foreign = auth.getForeignIdentities(); + if (foreign != null) { + ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); + if (connect_foreign != null) { + if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { + if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) + szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); + + else { + if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + szrgwURL = connect_foreign.getURL().substring(0, + connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + szrgwURL = connect_foreign.getURL(); + + } + + } + } + + STORK stork = foreign.getSTORK(); + if (stork != null) { + //TODO: add Stork config + + } } } - VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); - if (idl != null) { - moaspssIdlTrustProfile = idl.getTrustProfileID(); - moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); - } } - - OnlineMandates mandates = auth.getOnlineMandates(); - if (mandates != null) { - ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); - if (con != null) { - if (MiscUtil.isNotEmpty(con.getURL())) { - if (KeyValueUtils.isCSVValueString(con.getURL())) - mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + + if (isMoaidMode()) { + MOASP moaspss = auth.getMOASP(); + if (moaspss != null) { + ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); + if (con != null) + moaspssURL = con.getURL(); + + VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); + if (authblock != null) { + moaspssAuthTrustProfile = authblock.getTrustProfileID(); + moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); + List list = authblock.getVerifyTransformsInfoProfileID(); + if (list.size() == 1) + moaspssAuthTransformations += list.get(0); else { - if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - mandateURL = con.getURL().substring(0, - con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - mandateURL = con.getURL(); - + for (String el : list) + moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; } + } + VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); + if (idl != null) { + moaspssIdlTrustProfile = idl.getTrustProfileID(); + moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); + } + } + + OnlineMandates mandates = auth.getOnlineMandates(); + if (mandates != null) { + ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); + if (con != null) { + if (MiscUtil.isNotEmpty(con.getURL())) { + if (KeyValueUtils.isCSVValueString(con.getURL())) + mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + + else { + if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + mandateURL = con.getURL().substring(0, + con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + mandateURL = con.getURL(); + + } + + } + } - } } @@ -330,9 +364,12 @@ public class GeneralMOAIDConfig { } - OAuth oauth = protocols.getOAuth(); - if (oauth != null) { - protocolActiveOAuth = oauth.isIsActive(); + if (isMoaidMode()) { + OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = oauth.isIsActive(); + + } } @@ -361,73 +398,79 @@ public class GeneralMOAIDConfig { pvp2OrgName = org.getName(); pvp2OrgURL = org.getURL(); } - } + } + } - SecurityLayer seclayer = auth.getSecurityLayer(); - if (seclayer != null) { - List list = seclayer.getTransformsInfo(); + if (isMoaidMode()) { + SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer != null) { + List list = seclayer.getTransformsInfo(); + + for (TransformsInfoType el : list) { + fileUploadFileName.add(el.getFilename()); + } + } - for (TransformsInfoType el : list) { - fileUploadFileName.add(el.getFilename()); + SSO sso = auth.getSSO(); + if (sso != null) { + ssoFriendlyName = sso.getFriendlyName(); + + // IdentificationNumber idl = sso.getIdentificationNumber(); + // if (idl != null) + // ssoIdentificationNumber = idl.getValue(); + + //INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) + publicURLPrefix = sso.getPublicURL(); + + ssoSpecialText = sso.getSpecialText(); + + if (MiscUtil.isNotEmpty(sso.getTarget()) && + sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { + ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). + replace("+", ""); + + } else + ssoTarget = sso.getTarget(); + } } - SSO sso = auth.getSSO(); - if (sso != null) { - ssoFriendlyName = sso.getFriendlyName(); - -// IdentificationNumber idl = sso.getIdentificationNumber(); -// if (idl != null) -// ssoIdentificationNumber = idl.getValue(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = sso.getPublicURL(); - - ssoSpecialText = sso.getSpecialText(); - - if (MiscUtil.isNotEmpty(sso.getTarget()) && - sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { - ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). - replace("+", ""); + ChainingModes modes = config.getChainingModes(); + if (modes != null) { + ChainingModeType defaultmode = modes.getSystemDefaultMode(); + if (defaultmode != null) { + + defaultchainigmode = defaultmode.value(); - } else - ssoTarget = sso.getTarget(); + } + List trustanchor = modes.getTrustAnchor(); + if (trustanchor != null) { + //TODO: set addional trust anchors!!!! + } } - } - - ChainingModes modes = config.getChainingModes(); - if (modes != null) { - ChainingModeType defaultmode = modes.getSystemDefaultMode(); - if (defaultmode != null) { - - defaultchainigmode = defaultmode.value(); - + + DefaultBKUs defaultbkus = config.getDefaultBKUs(); + if (defaultbkus != null) { + defaultBKUHandy = defaultbkus.getHandyBKU(); + defaultBKULocal = defaultbkus.getLocalBKU(); + defaultBKUOnline = defaultbkus.getOnlineBKU(); } - List trustanchor = modes.getTrustAnchor(); - if (trustanchor != null) { - //TODO: set addional trust anchors!!!! + SLRequestTemplates slreq = config.getSLRequestTemplates(); + if (slreq != null) { + SLRequestTemplateHandy = slreq.getHandyBKU(); + SLRequestTemplateLocal = slreq.getLocalBKU(); + SLRequestTemplateOnline = slreq.getOnlineBKU(); } + } trustedCACerts = config.getTrustedCACertificates(); - DefaultBKUs defaultbkus = config.getDefaultBKUs(); - if (defaultbkus != null) { - defaultBKUHandy = defaultbkus.getHandyBKU(); - defaultBKULocal = defaultbkus.getLocalBKU(); - defaultBKUOnline = defaultbkus.getOnlineBKU(); - } - - SLRequestTemplates slreq = config.getSLRequestTemplates(); - if (slreq != null) { - SLRequestTemplateHandy = slreq.getHandyBKU(); - SLRequestTemplateLocal = slreq.getLocalBKU(); - SLRequestTemplateOnline = slreq.getOnlineBKU(); - } + } } @@ -1099,10 +1142,25 @@ public class GeneralMOAIDConfig { this.elgaMandateServiceURL = elgaMandateServiceURL; } - - - - - + /** + * @return the eidSystemServiceURL + */ + public String getEidSystemServiceURL() { + return eidSystemServiceURL; + } + + /** + * @param eidSystemServiceURL the elgaMandateServiceURL to set + */ + public void setEidSystemeServiceURL(String eidSystemServiceURL) { + if (MiscUtil.isNotEmpty(eidSystemServiceURL)) + this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); + else + this.eidSystemServiceURL = eidSystemServiceURL; + } + + public boolean isMoaidMode() { + return moaidMode; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index e896bb80b..b3db074a2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -66,9 +66,11 @@ public class OAAuthenticationData implements IOnlineApplicationData { private List misServicesList = new ArrayList(); private List elgaServicesList = new ArrayList(); private List szrgwServicesList = new ArrayList(); + private List eidServicesList = new ArrayList(); private String misServiceSelected = null; private String elgaServiceSelected = null; private String szrgwServiceSelected = null; + private String eidServiceSelected = null; private boolean calculateHPI = false; @@ -90,10 +92,20 @@ public class OAAuthenticationData implements IOnlineApplicationData { private boolean sl20Active = false; private String sl20EndPoints = null; + private boolean isMoaidMode = false; + /** + * @param isMoaidMode * */ public OAAuthenticationData() { + try { + this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + e.printStackTrace(); + + } + keyBoxIdentifierList = new HashMap(); MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); for (int i=0; i parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); - szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + eidServiceSelected = dbOA.getSelectedEIDServiceURL(); AuthComponentOA oaauth = dbOA.getAuthComponentOA(); if (oaauth != null) { @@ -302,6 +324,10 @@ public class OAAuthenticationData implements IOnlineApplicationData { if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); + + if (MiscUtil.isNotEmpty(getEidServiceSelected())) + dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); + if (authUser.isAdmin()) { //store BKU-URLs @@ -800,7 +826,18 @@ public class OAAuthenticationData implements IOnlineApplicationData { return szrgwServicesList; } + public List getEidServicesList() { + return eidServicesList; + } + + public String getEidServiceSelected() { + return eidServiceSelected; + } + public void setEidServiceSelected(String eidServiceSelected) { + this.eidServiceSelected = eidServiceSelected; + } + public boolean isSl20Active() { return sl20Active; } @@ -820,7 +857,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { else this.sl20EndPoints = sl20EndPoints; } + + public boolean isMoaidMode() { + return isMoaidMode; + } - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java index 0d0cda246..9bbbe3df0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java @@ -56,6 +56,17 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, protected HttpSession session = null; protected String formID; + protected static boolean isMoaidMode = false; + + public BasicAction() { + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); + } + } + + protected void populateBasicInformations() throws BasicActionException { try { configuration = ConfigurationProvider.getInstance(); @@ -115,6 +126,12 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, public void setFormID(String formID) { this.formID = formID; } + + + public static boolean isMoaidMode() { + return isMoaidMode; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 9e0b8b1cd..20db561d6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -88,10 +88,14 @@ public class BasicOAAction extends BasicAction { private InputStream stream = null; + + /** * */ - public BasicOAAction() { + public BasicOAAction() { + super(); + formList = new LinkedHashMap(); OAGeneralConfig generalOA = new OAGeneralConfig(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index c3e8c459e..7c3daf928 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -65,7 +65,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; @@ -100,19 +102,22 @@ public class EditGeneralConfigAction extends BasicAction { MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - + moaconfig = new GeneralMOAIDConfig(); - moaconfig.parse(dbconfig); - storkconfig = new GeneralStorkConfig(); - storkconfig.parse(dbconfig); - + moaconfig.parse(dbconfig); if (moaconfig == null) { log.error("MOA configuration is null"); } - if (storkconfig == null) { - log.error("Stork configuration is null"); + if (moaconfig.isMoaidMode()) { + storkconfig = new GeneralStorkConfig(); + storkconfig.parse(dbconfig); + if (storkconfig == null) { + log.error("Stork configuration is null"); + } } + + formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -149,13 +154,21 @@ public class EditGeneralConfigAction extends BasicAction { } session.setAttribute(Constants.SESSION_FORMID, null); + boolean isMoaidMode = false; + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); + } + if (authUser.isAdmin()) { MOAConfigValidator validator = new MOAConfigValidator(); - List errors = validator.validate(moaconfig, request); + List errors = validator.validate(moaconfig, request, isMoaidMode); - errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); + if (isMoaidMode) + errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); if (errors.size() > 0) { log.info("General MOA-ID configuration has some errors."); @@ -181,7 +194,7 @@ public class EditGeneralConfigAction extends BasicAction { } } - String error = saveFormToDatabase(); + String error = saveFormToDatabase(isMoaidMode); if (error != null) { log.warn("General MOA-ID config can not be stored in Database"); @@ -218,7 +231,7 @@ public class EditGeneralConfigAction extends BasicAction { return Constants.STRUTS_SUCCESS; } - private String saveFormToDatabase() { + private String saveFormToDatabase(boolean isMoaidMode) { log.debug("Saving form to database"); // log.error("Saving form to db"); @@ -370,20 +383,24 @@ public class EditGeneralConfigAction extends BasicAction { } + OAuth oauth= dbprotocols.getOAuth(); if (oauth == null) { oauth = new OAuth(); dbprotocols.setOAuth(oauth); } - oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); - + PVP2 pvp2 = dbprotocols.getPVP2(); if (pvp2 == null) { pvp2 = new PVP2(); dbprotocols.setPVP2(pvp2); } - pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + if (isMoaidMode) { + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + + } if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); @@ -437,80 +454,6 @@ public class EditGeneralConfigAction extends BasicAction { if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) cont.setType(moaconfig.getPvp2Contact().getType()); - SSO dbsso = dbauth.getSSO(); - if (dbsso == null) { - dbsso = new SSO(); - dbauth.setSSO(dbsso); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) - dbsso.setFriendlyName(StringHelper.getUTF8String( - moaconfig.getSsoFriendlyName())); - if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) - dbsso.setSpecialText(StringHelper.getUTF8String( - moaconfig.getSsoSpecialText())); -// if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) -// dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); - - if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { - - if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { - String num = moaconfig.getSsoTarget().replaceAll(" ", ""); - String pre = null; - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - pre = Constants.IDENIFICATIONTYPE_FN; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - pre = Constants.IDENIFICATIONTYPE_ZVR; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - pre = Constants.IDENIFICATIONTYPE_ERSB; - } - - dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); - - } else { - dbsso.setTarget(moaconfig.getSsoTarget()); - - } - } -// if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { -// IdentificationNumber ssoid = dbsso.getIdentificationNumber(); -// if (ssoid == null) { -// ssoid = new IdentificationNumber(); -// dbsso.setIdentificationNumber(ssoid); -// } -// ssoid.setValue(moaconfig.getSsoIdentificationNumber()); -// } - - DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); - - if (dbbkus == null) { - dbbkus = new DefaultBKUs(); - dbconfig.setDefaultBKUs(dbbkus); - } - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) - dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); - else - dbbkus.setHandyBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) - dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); - else - dbbkus.setOnlineBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) - dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); - else - dbbkus.setLocalBKU(new String()); ChainingModes dbchainingmodes = dbconfig.getChainingModes(); if (dbchainingmodes == null) { @@ -521,230 +464,331 @@ public class EditGeneralConfigAction extends BasicAction { dbchainingmodes.setSystemDefaultMode( ChainingModeType.fromValue("pkix")); - IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); - if (idlsigners == null) { - idlsigners = new IdentityLinkSigners(); - dbauth.setIdentityLinkSigners(idlsigners); - } - - ForeignIdentities dbforeign = dbauth.getForeignIdentities(); - if (dbforeign == null) { - dbforeign = new ForeignIdentities(); - dbauth.setForeignIdentities(dbforeign); - } - if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { - ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); - if (forcon == null) { - forcon = new ConnectionParameterClientAuthType(); - dbforeign.setConnectionParameter(forcon); + if (isMoaidMode) { + SSO dbsso = dbauth.getSSO(); + if (dbsso == null) { + dbsso = new SSO(); + dbauth.setSSO(dbsso); } - if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) - forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); + if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) + dbsso.setFriendlyName(StringHelper.getUTF8String( + moaconfig.getSsoFriendlyName())); + if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) + dbsso.setSpecialText(StringHelper.getUTF8String( + moaconfig.getSsoSpecialText())); + // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) + // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); + + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { - else { - if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) - forcon.setURL( - moaconfig.getSzrgwURL().trim().substring(0, - moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { + String num = moaconfig.getSsoTarget().replaceAll(" ", ""); + String pre = null; + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = Constants.IDENIFICATIONTYPE_FN; + } - else - forcon.setURL( - StringUtils.chomp(moaconfig.getSzrgwURL().trim())); - + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + pre = Constants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + pre = Constants.IDENIFICATIONTYPE_ERSB; + } + + dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); + + } else { + dbsso.setTarget(moaconfig.getSsoTarget()); + + } } + // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { + // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); + // if (ssoid == null) { + // ssoid = new IdentificationNumber(); + // dbsso.setIdentificationNumber(ssoid); + // } + // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); + // } + + DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); + + if (dbbkus == null) { + dbbkus = new DefaultBKUs(); + dbconfig.setDefaultBKUs(dbbkus); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) + dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); + else + dbbkus.setHandyBKU(new String()); + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) + dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); + else + dbbkus.setOnlineBKU(new String()); + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) + dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); + else + dbbkus.setLocalBKU(new String()); - } + - ForeignIdentities foreign = dbauth.getForeignIdentities(); - if (foreign != null) { - STORK stork = foreign.getSTORK(); - if (stork == null) { - stork = new STORK(); - foreign.setSTORK(stork); - + IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); + if (idlsigners == null) { + idlsigners = new IdentityLinkSigners(); + dbauth.setIdentityLinkSigners(idlsigners); + } + + ForeignIdentities dbforeign = dbauth.getForeignIdentities(); + if (dbforeign == null) { + dbforeign = new ForeignIdentities(); + dbauth.setForeignIdentities(dbforeign); } - - try { - log.error("QAAAA " + storkconfig.getDefaultQaa()); - stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); - if (storkconfig.getAttributes() != null) { - List dbStorkAttr = new ArrayList(); - stork.setAttributes(dbStorkAttr); - + if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { + ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); + if (forcon == null) { + forcon = new ConnectionParameterClientAuthType(); + dbforeign.setConnectionParameter(forcon); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) + forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); - for (StorkAttribute attr : storkconfig.getAttributes()) { - if (attr != null && MiscUtil.isNotEmpty(attr.getName())) - dbStorkAttr.add(attr); + else { + if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) + forcon.setURL( + moaconfig.getSzrgwURL().trim().substring(0, + moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - else - log.info("Remove null or empty STORK attribute"); - } - - } else - stork.setAttributes((List) (new ArrayList())); - - if (storkconfig.getCpepslist() != null) { - List dbStorkCPEPS = new ArrayList(); - stork.setCPEPS(dbStorkCPEPS); + else + forcon.setURL( + StringUtils.chomp(moaconfig.getSzrgwURL().trim())); + + } + + } + + ForeignIdentities foreign = dbauth.getForeignIdentities(); + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork == null) { + stork = new STORK(); + foreign.setSTORK(stork); - for (CPEPS cpeps : storkconfig.getCpepslist()) { - if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && - MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + } + + try { + log.error("QAAAA " + storkconfig.getDefaultQaa()); + stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); + + if (storkconfig.getAttributes() != null) { + List dbStorkAttr = new ArrayList(); + stork.setAttributes(dbStorkAttr); - if (cpeps.getCountryCode().equals("CC") && - cpeps.getURL().equals("http://")) - log.info("Remove dummy STORK CPEPS entry."); - - else - dbStorkCPEPS.add(cpeps); + + for (StorkAttribute attr : storkconfig.getAttributes()) { + if (attr != null && MiscUtil.isNotEmpty(attr.getName())) + dbStorkAttr.add(attr); - } else - log.info("Remove null or emtpy STORK CPEPS configuration"); - } + else + log.info("Remove null or empty STORK attribute"); + } + + } else + stork.setAttributes((List) (new ArrayList())); + + if (storkconfig.getCpepslist() != null) { + List dbStorkCPEPS = new ArrayList(); + stork.setCPEPS(dbStorkCPEPS); + + for (CPEPS cpeps : storkconfig.getCpepslist()) { + if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && + MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + + if (cpeps.getCountryCode().equals("CC") && + cpeps.getURL().equals("http://")) + log.info("Remove dummy STORK CPEPS entry."); + + else + dbStorkCPEPS.add(cpeps); + + } else + log.info("Remove null or emtpy STORK CPEPS configuration"); + } + + } else + stork.setCPEPS((List) (new ArrayList())); - } else - stork.setCPEPS((List) (new ArrayList())); - - } catch (Exception e) { - e.printStackTrace(); - - } - - try{ - log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); - log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); - - } catch (Exception ex) { - log.info("CPEPS LIST is null"); - - } - } - - //write MIS Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { - OnlineMandates dbmandate = dbauth.getOnlineMandates(); - if (dbmandate == null) { - dbmandate = new OnlineMandates(); - dbauth.setOnlineMandates(dbmandate); + } catch (Exception e) { + e.printStackTrace(); + + } + + try{ + log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); + log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); + + } catch (Exception ex) { + log.info("CPEPS LIST is null"); + + } } - ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); - - if (dbmandateconnection == null) { - dbmandateconnection = new ConnectionParameterClientAuthType(); - dbmandate.setConnectionParameter(dbmandateconnection); + + //write MIS Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { + OnlineMandates dbmandate = dbauth.getOnlineMandates(); + if (dbmandate == null) { + dbmandate = new OnlineMandates(); + dbauth.setOnlineMandates(dbmandate); + } + ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); + + if (dbmandateconnection == null) { + dbmandateconnection = new ConnectionParameterClientAuthType(); + dbmandate.setConnectionParameter(dbmandateconnection); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) + dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); + + else { + if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbmandateconnection.setURL( + moaconfig.getMandateURL().trim().substring(0, + moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + + else + dbmandateconnection.setURL( + StringUtils.chomp(moaconfig.getMandateURL().trim())); + + } } - if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) - dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); - - else { - if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbmandateconnection.setURL( - moaconfig.getMandateURL().trim().substring(0, - moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + //write ELGA Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) + dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); - else - dbmandateconnection.setURL( - StringUtils.chomp(moaconfig.getMandateURL().trim())); - - } + else { + if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbconfig.setElgaMandateServiceURLs( + moaconfig.getElgaMandateServiceURL().trim().substring(0, + moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + + else + dbconfig.setElgaMandateServiceURLs( + StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + + } + } } - //write ELGA Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) - dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); + + //write E-ID System URLs + if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) + dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getEidSystemServiceURL())); else { - if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setElgaMandateServiceURLs( - moaconfig.getElgaMandateServiceURL().trim().substring(0, - moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbconfig.setEidSystemServiceURLs( + moaconfig.getEidSystemServiceURL().trim().substring(0, + moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); else - dbconfig.setElgaMandateServiceURLs( - StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + dbconfig.setEidSystemServiceURLs( + StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); } } - - MOASP dbmoasp = dbauth.getMOASP(); - if (dbmoasp == null) { - dbmoasp = new MOASP(); - dbauth.setMOASP(dbmoasp); - } - if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { - ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); - if (moaspcon == null) { - moaspcon = new ConnectionParameterClientAuthType(); - dbmoasp.setConnectionParameter(moaspcon); + if (isMoaidMode) { + MOASP dbmoasp = dbauth.getMOASP(); + if (dbmoasp == null) { + dbmoasp = new MOASP(); + dbauth.setMOASP(dbmoasp); } - moaspcon.setURL(moaconfig.getMoaspssURL()); - } - VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); - if (moaidl == null) { - moaidl = new VerifyIdentityLink(); - dbmoasp.setVerifyIdentityLink(moaidl); - } - moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); - moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); - - VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); - if (moaauth == null) { - moaauth = new VerifyAuthBlock(); - dbmoasp.setVerifyAuthBlock(moaauth); - } - moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); - moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); - - if (moaauth.getVerifyTransformsInfoProfileID() != null && - moaauth.getVerifyTransformsInfoProfileID().size() > 0) - moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); - - else { - if (moaauth.getVerifyTransformsInfoProfileID() == null) { - moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); - + if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { + ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); + if (moaspcon == null) { + moaspcon = new ConnectionParameterClientAuthType(); + dbmoasp.setConnectionParameter(moaspcon); + } + moaspcon.setURL(moaconfig.getMoaspssURL()); } - moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); - } - - SecurityLayer seclayertrans = dbauth.getSecurityLayer(); - if (seclayertrans == null) { - seclayertrans = new SecurityLayer(); - dbauth.setSecurityLayer(seclayertrans); - } - List trans = new ArrayList(); - Map moatrans = moaconfig.getSecLayerTransformation(); - if (moatrans != null) { - Set keys = moatrans.keySet(); - for (String key : keys) { - TransformsInfoType elem = new TransformsInfoType(); - elem.setFilename(key); - elem.setTransformation(moatrans.get(key)); - trans.add(elem); + VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); + if (moaidl == null) { + moaidl = new VerifyIdentityLink(); + dbmoasp.setVerifyIdentityLink(moaidl); } + moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); + moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); + + VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); + if (moaauth == null) { + moaauth = new VerifyAuthBlock(); + dbmoasp.setVerifyAuthBlock(moaauth); + } + moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); + moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); + + if (moaauth.getVerifyTransformsInfoProfileID() != null && + moaauth.getVerifyTransformsInfoProfileID().size() > 0) + moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); + + else { + if (moaauth.getVerifyTransformsInfoProfileID() == null) { + moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); + + } + moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); + } + + SecurityLayer seclayertrans = dbauth.getSecurityLayer(); + if (seclayertrans == null) { + seclayertrans = new SecurityLayer(); + dbauth.setSecurityLayer(seclayertrans); + } + List trans = new ArrayList(); + Map moatrans = moaconfig.getSecLayerTransformation(); + if (moatrans != null) { + Set keys = moatrans.keySet(); + for (String key : keys) { + TransformsInfoType elem = new TransformsInfoType(); + elem.setFilename(key); + elem.setTransformation(moatrans.get(key)); + trans.add(elem); + } + } + if (trans.size() > 0) + seclayertrans.setTransformsInfo(trans); + + + SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); + if (slrequesttempl == null) { + slrequesttempl = new SLRequestTemplates(); + dbconfig.setSLRequestTemplates(slrequesttempl); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) + slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) + slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) + slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); + } - if (trans.size() > 0) - seclayertrans.setTransformsInfo(trans); - - - SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); - if (slrequesttempl == null) { - slrequesttempl = new SLRequestTemplates(); - dbconfig.setSLRequestTemplates(slrequesttempl); - } - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) - slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) - slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) - slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index cfb74ebd2..6902a668f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -70,31 +70,33 @@ public class EditOAAction extends BasicOAAction { OAAuthenticationData authOA = new OAAuthenticationData(); formList.put(authOA.getName(), authOA); - OABPKEncryption bPKEncDec = new OABPKEncryption(); - formList.put(bPKEncDec.getName(), bPKEncDec); - - OASSOConfig ssoOA = new OASSOConfig(); - formList.put(ssoOA.getName(), ssoOA); - OASAML1Config saml1OA = new OASAML1Config(); formList.put(saml1OA.getName(), saml1OA); + + if (isMoaidMode) { + OABPKEncryption bPKEncDec = new OABPKEncryption(); + formList.put(bPKEncDec.getName(), bPKEncDec); + + OASSOConfig ssoOA = new OASSOConfig(); + formList.put(ssoOA.getName(), ssoOA); - OAPVP2Config pvp2OA = new OAPVP2Config(); - formList.put(pvp2OA.getName(), pvp2OA); + OAPVP2Config pvp2OA = new OAPVP2Config(); + formList.put(pvp2OA.getName(), pvp2OA); - OAOAuth20Config oauth20OA = new OAOAuth20Config(); - formList.put(oauth20OA.getName(), oauth20OA); + OAOAuth20Config oauth20OA = new OAOAuth20Config(); + formList.put(oauth20OA.getName(), oauth20OA); - OASTORKConfig storkOA = new OASTORKConfig(); - formList.put(storkOA.getName(), storkOA); + OASTORKConfig storkOA = new OASTORKConfig(); + formList.put(storkOA.getName(), storkOA); - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - formList.put(formOA.getName(), formOA); + Map map = new HashMap(); + map.putAll(FormBuildUtils.getDefaultMap()); + FormularCustomization formOA = new FormularCustomization(map); + formList.put(formOA.getName(), formOA); - OARevisionsLogData revisOA = new OARevisionsLogData(); - formList.put(revisOA.getName(), revisOA); + OARevisionsLogData revisOA = new OARevisionsLogData(); + formList.put(revisOA.getName(), revisOA); + } } @@ -210,8 +212,8 @@ public class EditOAAction extends BasicOAAction { errors.addAll(form.validate(getGeneralOA(), authUser, request)); // Do not allow SSO in combination with special BKUSelection features - if (getSsoOA().isUseSSO() - && (getFormOA().isOnlyMandateAllowed() || !getFormOA() + if (getSsoOA() != null && getSsoOA().isUseSSO() + && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() .isShowMandateLoginButton())) { log.warn("Special BKUSelection features can not be used in combination with SSO"); errors.add(LanguageHelper.getErrorString( diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 7fae5d40c..180f32235 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -23,17 +23,14 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; -import java.util.Date; import java.util.List; import org.apache.log4j.Logger; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; -import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; @@ -42,7 +39,6 @@ import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationConfig; @@ -50,7 +46,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 717a0c827..247004b75 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -46,7 +46,7 @@ public class MOAConfigValidator { private static final Logger log = Logger.getLogger(MOAConfigValidator.class); - public List validate(GeneralMOAIDConfig form, HttpServletRequest request) { + public List validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { List errors = new ArrayList(); @@ -126,7 +126,7 @@ public class MOAConfigValidator { // } check = form.getDefaultBKUHandy(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Handy-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); @@ -134,7 +134,7 @@ public class MOAConfigValidator { } check = form.getDefaultBKULocal(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); @@ -142,7 +142,7 @@ public class MOAConfigValidator { } check = form.getDefaultBKUOnline(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); @@ -162,7 +162,7 @@ public class MOAConfigValidator { // } check = form.getMandateURL(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { String[] misURLs = check.split(","); for (String el : misURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { @@ -174,7 +174,7 @@ public class MOAConfigValidator { } check = form.getElgaMandateServiceURL(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { String[] elgaServiceURLs = check.split(","); for (String el : elgaServiceURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { @@ -185,87 +185,103 @@ public class MOAConfigValidator { } } + check = form.getEidSystemServiceURL(); + if (MiscUtil.isNotEmpty(check)) { + String[] eidServiceURLs = check.split(","); + for (String el : eidServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid E-ID System Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[]{el}, request)); + } + } + } + check = form.getMoaspssAuthTransformations(); List authtranslist = new ArrayList(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MoaspssAuthTransformation"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); - } else { - - //is only required if more then one transformation is in use -// check = StringHelper.formatText(check); -// String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); -// int i=1; -// for(String el : list) { -// if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { -// log.info("IdentityLinkSigners is not valid: " + el); -// errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", -// new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); -// -// } else { -// if (MiscUtil.isNotEmpty(el.trim())) -// authtranslist.add(el.trim()); -// } -// i++; -// } - authtranslist.add(check.trim()); + if (isMOAIDMode) { + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); + } else { + + //is only required if more then one transformation is in use + // check = StringHelper.formatText(check); + // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + // int i=1; + // for(String el : list) { + // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + // log.info("IdentityLinkSigners is not valid: " + el); + // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + // + // } else { + // if (MiscUtil.isNotEmpty(el.trim())) + // authtranslist.add(el.trim()); + // } + // i++; + // } + authtranslist.add(check.trim()); + } } form.setAuthTransformList(authtranslist); - check = form.getMoaspssAuthTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + if (isMOAIDMode) { + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - check = form.getMoaspssIdlTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - check = form.getMoaspssAuthTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getMoaspssAuthTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-Authblock TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - check = form.getMoaspssIdlTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getMoaspssIdlTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-IdentityLink TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - - check = form.getMoaspssURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MOA-SP/SS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + } } } @@ -312,109 +328,111 @@ public class MOAConfigValidator { // } // } - check = form.getSLRequestTemplateHandy(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Handy-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); - } - } - - check = form.getSLRequestTemplateLocal(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate local BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate local BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); - } - } - - check = form.getSLRequestTemplateOnline(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Online-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); + if (isMOAIDMode) { + check = form.getSLRequestTemplateHandy(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Handy-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Handy-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); + } } - } - - check = form.getSsoFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("SSO friendlyname is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getSLRequestTemplateLocal(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate local BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate local BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); + } } - } - -// check = form.getSsoIdentificationNumber(); -// if (MiscUtil.isNotEmpty(check)) { -// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -// log.info("SSO IdentificationNumber is not valid: " + check); -// errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", -// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); -// } -// } - -// check = form.getSsoPublicUrl(); -// if (MiscUtil.isNotEmpty(check)) { -// if (!ValidationHelper.validateURL(check)) { -// log.info("SSO Public URL is not valid"); -// errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); -// } -// } - - check = form.getSsoSpecialText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.info("SSO SpecialText is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", - new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); + + check = form.getSLRequestTemplateOnline(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Online-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Online-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); + } } - } - - check = form.getSsoTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SSO Target"); - //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - } else { - if (!ValidationHelper.isValidAdminTarget(check)) { - + check = form.getSsoFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + log.info("SSO friendlyname is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } + } + + // check = form.getSsoIdentificationNumber(); + // if (MiscUtil.isNotEmpty(check)) { + // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + // log.info("SSO IdentificationNumber is not valid: " + check); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", + // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + // } + // } + + // check = form.getSsoPublicUrl(); + // if (MiscUtil.isNotEmpty(check)) { + // if (!ValidationHelper.validateURL(check)) { + // log.info("SSO Public URL is not valid"); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); + // } + // } + + check = form.getSsoSpecialText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.info("SSO SpecialText is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", + new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); + } + } + + check = form.getSsoTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SSO Target"); + //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - String num = check.replaceAll(" ", ""); - - if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || - num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || - num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { + } else { + if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } + + String num = check.replaceAll(" ", ""); + + if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || + num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || + num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { + + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); + } + } - } - } - - check = form.getSzrgwURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] szrGWServiceURLs = check.split(","); - for (String el : szrGWServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{el}, request)); + + check = form.getSzrgwURL(); + if (MiscUtil.isNotEmpty(check)) { + String[] szrGWServiceURLs = check.split(","); + for (String el : szrGWServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[]{el}, request)); + } } } } @@ -433,41 +451,42 @@ public class MOAConfigValidator { } - - if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { - HashMap map = new HashMap(); - for (int i=0; i map = new HashMap(); + for (int i=0; i - -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %>

- - - - - - - - - -
- -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.slrequesttemplates.header", request) %>

+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %>

- - - - - - - - + + + + + + + + +
-
- +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.slrequesttemplates.header", request) %>

+ + + + + + + + + + +
+ + +

<%=LanguageHelper.getGUIString("webpages.moaconfig.certificates.header", request) %>

@@ -156,177 +158,204 @@ key="webpages.moaconfig.timeout.assertion" cssClass="textfield_long"> - - - - - -
- -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.moasp.header", request) %>

- - - - - - -<%-- - --%> - - - - - - - - -<%-- - --%> - - + + + + + + + + + + + + -<%-- - --%>
-
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.services.header", request) %>

- - - - - - -
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.moasp.header", request) %>

+ + + + + + + + <%-- + --%> + + + + + + + + + <%-- + --%> + + + + <%-- + --%> + +
+ -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.sso.header", request) %>

-<%-- - --%> - - - - - - -
-

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

- -

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

- - - - - - - - - - - - - - - - - - - - - - -
Country ShortcodePEPS URLSupports XMLEncryption
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- " onclick='newPeps();' /> -

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

- - - - - - - -
<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- " onclick='newStorkAttribute();' /> +

<%=LanguageHelper.getGUIString("webpages.moaconfig.services.header", request) %>

+ + + + + + + + + + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.sso.header", request) %>

+ <%-- + --%> + + + + + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+ +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

+ + + + + + + + + + + + + + + + + + + + + + +
Country ShortcodePEPS URLSupports XMLEncryption
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ " onclick='newPeps();' /> +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

+ + + + + + + +
<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ " onclick='newStorkAttribute();' /> +
+ +

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %>

@@ -338,18 +367,21 @@ key="webpages.moaconfig.protocols.legacy.saml1" cssClass="checkbox"> - - - - + + + + + + +

@@ -362,12 +394,15 @@ key="webpages.moaconfig.protocols.legacy.saml1" cssClass="checkbox"> - - + + + + +
@@ -461,24 +496,25 @@ -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.sl.transormations.header", request) %>

- - - - -
- -
- + +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.sl.transormations.header", request) %>

+ + + -
-
- - -
+
+ + + +
+ +
+ + +

diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index cc4220d0e..feab86593 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -46,12 +46,14 @@ - + + - + - - + + +

<%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %>

@@ -64,35 +66,40 @@ - - - - - - + + + + + + + - - hidden - + + + hidden + - + +
- + + - + + diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp index d2668e264..7a54df554 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp @@ -3,8 +3,8 @@ <%@ taglib prefix="s" uri="/struts-tags" %> - - + +

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %>

@@ -167,16 +167,26 @@
-

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %>

- +

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %>

- - -
+ + + + +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.eid.header", request) %>

+ + +
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index 367dc445d..2436b1051 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -123,25 +123,27 @@ cssClass="checkbox"> - - - - - + + + + + + + diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp index 95d6de912..f4c377d9c 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp @@ -18,10 +18,14 @@ -
- - "><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %> -
+ + +
+ + "><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %> +
+ +
"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %> -- cgit v1.2.3 From cbd8e754af9c4898f7834e0c147c3e86b87d6f5f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2019 10:43:43 +0200 Subject: fix problems in configuration tool --- .../id/configuration/data/GeneralMOAIDConfig.java | 13 +++---- .../struts/action/EditGeneralConfigAction.java | 9 +++-- .../configuration/struts/action/EditOAAction.java | 16 ++++++--- .../task/impl/GeneralMOAIDConfigurationTask.java | 41 +++++++++++++++++++++- .../task/impl/GeneralSTORKConfigurationTask.java | 2 +- 5 files changed, 65 insertions(+), 16 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 11fbccc0a..3929238f6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -1149,18 +1149,19 @@ public class GeneralMOAIDConfig { return eidSystemServiceURL; } + public boolean isMoaidMode() { + return moaidMode; + } + /** - * @param eidSystemServiceURL the elgaMandateServiceURL to set + * @param eidSystemServiceURL the E-ID Service URL to set */ - public void setEidSystemeServiceURL(String eidSystemServiceURL) { + public void setEidSystemServiceURL(String eidSystemServiceURL) { if (MiscUtil.isNotEmpty(eidSystemServiceURL)) this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); else this.eidSystemServiceURL = eidSystemServiceURL; } - - public boolean isMoaidMode() { - return moaidMode; - } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 7c3daf928..8e057db0f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -691,7 +691,8 @@ public class EditGeneralConfigAction extends BasicAction { StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); } - } + } else + dbconfig.setElgaMandateServiceURLs(null); } @@ -710,8 +711,10 @@ public class EditGeneralConfigAction extends BasicAction { dbconfig.setEidSystemServiceURLs( StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); - } - } + } + + } else + dbconfig.setEidSystemServiceURLs(null); if (isMoaidMode) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 6902a668f..31126d14f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -167,7 +167,8 @@ public class EditOAAction extends BasicOAAction { } - getStorkOA().setHelperAttributes(attributes); + if (getStorkOA() != null) + getStorkOA().setHelperAttributes(attributes); UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser .getUserID()); @@ -180,11 +181,16 @@ public class EditOAAction extends BasicOAAction { return Constants.STRUTS_SUCCESS; } - session.setAttribute( - Constants.SESSION_OAUTH20SECRET, - ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) + if (formList.get(new OAOAuth20Config().getName()) != null) + session.setAttribute( + Constants.SESSION_OAUTH20SECRET, + ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) .getClientSecret()); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + + if (getFormOA() != null) + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); return Constants.STRUTS_OA_EDIT; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index ca2df5b66..06e53bf53 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -726,7 +726,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme //normalize CSV of SZR-GW service URLs String szrgwServiceURLs = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, getKeyPrefix())); - List currentSzrgwServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); + List currentSzrgwServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL)); if (MiscUtil.isNotEmpty(szrgwServiceURLs)) { String normalizedSzrgwServiceURLs = KeyValueUtils.normalizeCSVValueString(szrgwServiceURLs); if (!normalizedSzrgwServiceURLs .equals(szrgwServiceURLs)) { @@ -755,6 +755,45 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme keysToDelete.add(service); } } + + + //normalize CSV of SZR-GW service URLs + String eidServiceURLs = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, getKeyPrefix())); + List currenteidServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL)); + if (MiscUtil.isNotEmpty(eidServiceURLs)) { + String normalizedeidServiceURLs = KeyValueUtils.normalizeCSVValueString(eidServiceURLs); + if (!normalizedeidServiceURLs.equals(eidServiceURLs)) { + newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, normalizedeidServiceURLs); + log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL + + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL) + + " to value: " + normalizedeidServiceURLs); + } + + //check if service URLs are removed + for (String el : KeyValueUtils.getListOfCSVValues(eidServiceURLs)) { + if (currenteidServiceURLs.contains(el)) + currenteidServiceURLs.remove(el); + } + + } else if (!currenteidServiceURLs.isEmpty() && MiscUtil.isEmpty(eidServiceURLs)) { + keysToDelete.add(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL); + + } + + //update OA configuration + if (!currenteidServiceURLs.isEmpty()) { + String[] servicesOAs = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + + ".%." + + MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL); + for (String service : servicesOAs) { + String spElgaService = dbconfig.getStringValue(service); + if (MiscUtil.isNotEmpty(spElgaService) && + currentSzrgwServiceURLs.contains(spElgaService)) + keysToDelete.add(service); + } + } + } catch (ConfigurationException e) { log.error("Configuration is not accessable!", e); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index 4567afcba..8556348ba 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -187,7 +187,7 @@ public static final List KEYWHITELIST; // check qaa try { String eIDAS_LOA = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); - if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) { + if (eIDAS_LOA != null && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) { log.warn("eIDAS LoA is not allowed : " + eIDAS_LOA); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, -- cgit v1.2.3 From 6bcda4bc120c743bab2296c72b22d1db0ba4ccfc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Dec 2019 09:04:58 +0100 Subject: update configuration examples activate MOA-ID mode in configuration module as default --- .../config/ConfigurationProvider.java | 2 +- .../webapp/jsp/snippets/OA/targetConfiguration.jsp | 4 +- .../data/deploy/conf/moa-id/moa-id.properties | 137 ++++++++++++++++++++- id/server/doc/handbook/config/config.html | 99 +++++++++++---- 4 files changed, 216 insertions(+), 26 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 656c9cc83..ef6c951c2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -327,7 +327,7 @@ public class ConfigurationProvider { } public boolean isMOAIDMode() { - String result = props.getProperty("general.moaidmode.active", "false"); + String result = props.getProperty("general.moaidmode.active", "true"); return Boolean.parseBoolean(result); } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index 2436b1051..db79cb7d7 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -123,7 +123,7 @@ cssClass="checkbox"> - +
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 414293350..926f6153b 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -18,7 +18,7 @@ configuration.moasession.key=SessionEncryptionKey configuration.moaconfig.key=ConfigurationEncryptionKey configuration.ssl.validation.revocation.method.order=ocsp,crl #configuration.ssl.validation.hostname=false -#configuration.validate.authblock.targetfriendlyname=true +#configuration.validate.authblock.targetfriendlyname=true< #MOA-ID 3.x Monitoring Servlet @@ -31,6 +31,25 @@ configuration.advancedlogging.active=false ######################## Externe Services ############################################ +######## Online mandates webservice (MIS) ######## +service.onlinemandates.acceptedServerCertificates= +service.onlinemandates.clientKeyStore=keys/.... +service.onlinemandates.clientKeyStorePassword= + +######## central eIDAS-node connector module ########## +modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +modules.eidascentralauth.keystore.password=password +modules.eidascentralauth.metadata.sign.alias=pvp_metadata +modules.eidascentralauth.metadata.sign.password=password +modules.eidascentralauth.request.sign.alias=pvp_assertion +modules.eidascentralauth.request.sign.password=password +modules.eidascentralauth.response.encryption.alias=pvp_assertion +modules.eidascentralauth.response.encryption.password=password +modules.eidascentralauth.node.trustprofileID=centralnode_metadata + +#modules.eidascentralauth.semper.mandates.active=false +#modules.eidascentralauth.semper.msproxy.list= + ######## central E-ID System connector module ########## modules.eidproxyauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 modules.eidproxyauth.keystore.password=password @@ -45,6 +64,26 @@ modules.eidproxyauth.EID.trustprofileID=eid_metadata #modules.eidproxyauth.EID.entityId=https://eid.egiz.gv.at/idp/shibboleth #modules.eidproxyauth.EID.metadataUrl= +######################## Protokolle am IDP ############################################ + +##Protocol configuration## +#PVP2 +protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +protocols.pvp2.idp.ks.kspassword=password +protocols.pvp2.idp.ks.metadata.alias=pvp_metadata +protocols.pvp2.idp.ks.metadata.keypassword=password +protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion +protocols.pvp2.idp.ks.assertion.sign.keypassword=password +protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion +protocols.pvp2.idp.ks.assertion.encryption.keypassword=password +protocols.pvp2.metadata.entitycategories.active=false + +#OpenID connect (OAuth) +protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +protocols.oauth20.jwt.ks.password=password +protocols.oauth20.jwt.ks.key.name=oauth +protocols.oauth20.jwt.ks.key.password=password + ######################## Datenbankkonfiguration ############################################ configuration.database.byteBasedValues=false @@ -134,6 +173,63 @@ advancedlogging.dbcp.validationQuery=select 1 ## The configuration of this modules is only needed if this modules are in use. # ################################################################################### +######## SL2.0 authentication module ######## +modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2 +modules.sl20.security.keystore.path=keys/sl20.jks +modules.sl20.security.keystore.password=password +modules.sl20.security.sign.alias=signing +modules.sl20.security.sign.password=password +modules.sl20.security.encryption.alias=encryption +modules.sl20.security.encryption.password=password +modules.sl20.vda.authblock.id=default +modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC +modules.sl20.security.eID.validation.disable=false +modules.sl20.security.eID.signed.result.required=true +modules.sl20.security.eID.encryption.enabled=true +modules.sl20.security.eID.encryption.required=true + +######## user-restriction ########## +configuration.restrictions.sp.entityIds= +configuration.restrictions.sp.users.url= +configuration.restrictions.sp.users.sector= + +####### Direkte Fremd-bPK Berechnung ######## +configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx + +######## eIDAS protocol configuration ######## +######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ######## +moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml +moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml +moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml +moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata +moa.id.protocols.eIDAS.node.country=Austria +moa.id.protocols.eIDAS.node.countrycode=AT +moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high + +######## HBV Mandate-Service client module ######## +modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH +modules.elga_mandate.service.metadata.trustprofileID= +modules.elga_mandate.service.mandateprofiles= +modules.elga_mandate.keystore.path=keys/moa_idp[password].p12 +modules.elga_mandate.keystore.password=password +modules.elga_mandate.metadata.sign.alias=pvp_metadata +modules.elga_mandate.metadata.sign.password=password +modules.elga_mandate.request.sign.alias=pvp_assertion +modules.elga_mandate.request.sign.password=password +modules.elga_mandate.response.encryption.alias=pvp_assertion +modules.elga_mandate.response.encryption.password=password + +######## SSO Interfederation client module ######## +modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 +modules.federatedAuth.keystore.password=password +modules.federatedAuth.metadata.sign.alias=pvp_metadata +modules.federatedAuth.metadata.sign.password=password +modules.federatedAuth.request.sign.alias=pvp_assertion +modules.federatedAuth.request.sign.password=password +modules.federatedAuth.response.encryption.alias=pvp_assertion +modules.federatedAuth.response.encryption.password=password ######## Redis Settings, if Redis is used as a backend for session data. # has to be enabled with the following parameter @@ -141,3 +237,42 @@ advancedlogging.dbcp.validationQuery=select 1 redis.use-pool=true redis.host-name=localhost redis.port=6379 + +################SZR Client configuration#################################### +## The SZR client is only required if MOA-ID-Auth should be +## use as STORK <-> PVP Gateway. +######## +service.egovutil.szr.test=true +service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR +service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR +service.egovutil.szr.token.version=1.8 +service.egovutil.szr.token.participantid= +service.egovutil.szr.token.gvoudomain= +service.egovutil.szr.token.userid= +service.egovutil.szr.token.cn= +service.egovutil.szr.token.gvouid= +service.egovutil.szr.token.ou= +service.egovutil.szr.token.gvsecclass= +service.egovutil.szr.token.gvfunction= +service.egovutil.szr.token.gvgid= +service.egovutil.szr.roles= +service.egovutil.szr.ssl.keystore.file= +service.egovutil.szr.ssl.keystore.password= +service.egovutil.szr.ssl.keystore.type= +service.egovutil.szr.ssl.truststore.file= +service.egovutil.szr.ssl.truststore.password= +service.egovutil.szr.ssl.truststore.type= +service.egovutil.szr.ssl.trustall=false +service.egovutil.szr.ssl.laxhostnameverification=false + + +################ Encrypted foreign bPK generation #################################### +## This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. +## If you like to use this feature, the public key for encryption has to be added +## as X509 certificate in Base64 encoded from. The selection will be done on sector +## identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in +## PVP Attribute Profie 2.1.2) +## Additonal encryption keys can be added by add a ney configuration line, like +## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1') +######## +#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... \ No newline at end of file diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 4fb57cb3a..0b9f7e614 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -60,6 +60,7 @@
  • MOA-SP
  • Online-Vollmachen
  • Zentraler eIDAS Knoten
    • +
  • E-ID Anbindung
  • Protokolle @@ -119,7 +120,7 @@
  • Privatwirtschaftlicher Bereich
    • -
  • Demo-Modus für E-ID
    • +
  • Aktivierung der E-ID Anbindung
  • BKU Konfiguration
  • Security Layer für mobile Authententifizierung
  • Test Credentials
    • @@ -563,6 +564,77 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet

     

    +
    2.2.2.2.4 Anbindung an das E-ID System
    +

    Die Anbindung und Weiterleitung an das zentrale E-ID System erfolgt via PVP2 S-Profil (SAML2). Für das in MOA-ID 4.x integrierte E-ID Proxy Authentifizierungsmodul sind folgende Konfigurationsparameter erforderlich.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NameBeispielwertBeschreibung
    modules.eidproxyauth.keystore.pathkeys/szrgw.p12Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.x spezifischen Inhalten. (PVP 2.x Metadaten, PVP 2.1 Assertion)
    modules.eidproxyauth.keystore.passwordpass1234Passwort zum Keystore
    modules.eidproxyauth.metadata.sign.alias Name des Schlüssels der zur Signierung der PVP 2.x Metadaten des E-ID Proxy Authentifizierungsmoduls
    modules.eidproxyauth.metadata.sign.password Passwort des Schlüssels der zur Signierung der PVP 2.x Metadaten des E-ID Proxy Authentifizierungsmoduls
    modules.eidproxyauth.request.sign.alias Name des Schlüssels mit dem der PVP 2.x Authn. Request durch MOA-ID unterschieben wird
    modules.eidproxyauth.request.sign.password Passwort des Schlüssels mit dem der PVP 2.x Authn. Request durch MOA-ID unterschieben wird
    modules.eidproxyauth.response.encryption.alias Name des Schlüssels mit dem die PVP 2.x Assertion für MOA-ID verschlüsselt werden soll
    modules.eidproxyauth.response.encryption.password Passwort des Schlüssels mit dem PVP 2.x Assertion für MOA-ID verschlüsselt werden soll
    modules.eidproxyauth.EID.trustprofileIDeid_metadataMOA-SP TrustProfil welches die vertrauenswürdigen Zertifikate zur Validierung der Metadaten des zentralen E-ID Systemas beinhaltet
    modules.eidproxyauth.EID.entityId Optional: EntityID des IDPs im zentralen E-ID System
    modules.eidproxyauth.EID.metadataUrl Optional: URL auf die SAML2 Metadaten des zentralen E-ID System, sofern diese nicht über die EntityID geladen werden können
    modules.eidproxyauth.required.additional.attributes.x 

    Optional: zusätzliche Attribute welche vom zentralen E-ID System angefordert werden

    +

    Attribute werden entspechend PVP2 Attribute-Profil angegeben. Beispiele für die Konfiguration finden Sie in der Beispielkonfiguration

    +

     

    2.2.2.3 Protokolle

    MOA-ID-Auth unterstützt mehrere Authentifizierungsprotokolle. Manche dieser Protokolle benötigen Schlüssel zur Signierung von Authentifizierungsdaten oder Metadaten. In diesem Abschnitt erfolgt die Konfiguration des zu verwendeten Schlüsselmaterials.

    2.2.2.3.1 PVP 2.1
    @@ -1569,8 +1641,8 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der

     

    -

    3.2.2 Demo-Modus für E-ID

    -

    Dieser Abschnitt behandelt den Demo-Modus für die kommende E-ID welcher mit der MOA-ID Version 3.4.2 eingeführt wurde. Ist der Demo-Modus aktiviert ändert sich das mögliche Attribut-Set welches Online Applikation zur Verfügung gestellt wird. Als Attributbezeichner in der nachfolgenden Liste werden die Attributebezeichnungen aus dem PVP Attribute-Profil verwendet. Ein Mapping auf OpenID-Connect Scopes oder SAML1 Attribute finden Sie in Kapitel Protokolle. Als weitere Anpassung wird mit hoher Wahrscheinlichkeit die iFrame Integration der Handy-Signatur nicht mehr zur Verfügung stehen und es erfolgt eine vollformat Weiterleitung an den E-ID. Diese Anpassung ist in der MOA-ID Version 3.4.2 noch nicht berücksichtig.

    +

    3.2.2 Aktivierung der E-ID Anbindung

    +

    Dieser Abschnitt behandelt den E-ID Proxy Mode von MOA-ID welcher mit der Version 4.0 eingeführt wurde. Ist der E-ID Proxy Mode aktiviert ändert sich das mögliche Attribut-Set welches Online Applikation zur Verfügung gestellt wird, da der Benutzer an das E-ID System zur Authentifizierung weitergeleitet wird. Als Attributbezeichner in der nachfolgenden Liste werden die Attributebezeichnungen aus dem PVP Attribute-Profil verwendet. Ein Mapping auf OpenID-Connect Scopes oder SAML1 Attribute finden Sie in Kapitel Protokolle.

    Folgende Attribute stehen nicht mehr zur Verfügung:

    • EID-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.36)
      • @@ -1598,28 +1670,11 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der Beschreibung - Demo-Modus aktivieren + E-ID aktivieren

       

        X - Aktiviert den Demo-Modus für die E-ID in dieser Online Applikation. - - - Sektoren für Fremd-bPKs - wbpk+FN+468924i,BMI+T1 -   - X -

      Eine CSV Liste von Bereichen für welche die Online Applikation verschlüsselte Fremd-bPKs benötigt.

      -

      Hinweis: Da es sich hierbei nur um eine Demo handelt muss das Schlüsselmaterial für die Verschlüsselung in MOA-ID hinterlegt werden.

      - - - Sektoren für weitere bPKs -

      urn:publicid:gv.at:cdid+T1,

      -

      urn:publicid:gv.at:wbpk+FN+468924i

      -   - X -

      Eine CSV Liste von Bereichen für welche die Online Applikation bPKs aus anderen Bereichen benötogt.

      -

      Hinweis: Die Angabe der Bereiche erfolgt mit dem vollständigen Bereichsidentifier inkl. Prefix.

      + Aktiviert die Weiterleitung an den E-ID für diese Online Applikation.

       

      -- cgit v1.2.3 From ada57605a8127ee25cbb6c2999addf721ab17db1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Dec 2019 09:33:04 +0100 Subject: fix problem with old Redis library fix configuration GUI --- .../src/main/resources/applicationResources_de.properties | 4 ++-- .../src/main/resources/applicationResources_en.properties | 4 ++-- .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp | 6 ++++-- id/server/idserverlib/pom.xml | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 9155d7684..a52efa28d 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -264,8 +264,8 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden -webpages.oaconfig.general.neweid.header=E-ID Attribute -webpages.oaconfig.general.neweid.activate=Neue E-ID Attribute \u00FCbertragen +webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode +webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 7d242de01..0109c3b02 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -270,8 +270,8 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock -webpages.oaconfig.general.neweid.header=Austrian E-ID Attributes -webpages.oaconfig.general.neweid.activate=Add additional E-ID Attributes +webpages.oaconfig.general.neweid.header=E-ID Proxy Mode +webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV) diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index db79cb7d7..dc093fc36 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -123,7 +123,8 @@ cssClass="checkbox"> - + --> + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 39f6068e4..02069517c 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -509,7 +509,7 @@ redis.clients jedis - 2.10.2 + 3.1.0 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index d26f7b396..085874e77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -538,7 +538,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(oaParam, authData); - + + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); if (Boolean.parseBoolean( oaParam.getConfigurationValue( @@ -546,10 +548,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); - //build additional bPKs - Logger.debug("Search for additional bPKs"); - generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); - + //build additional bPKs Logger.debug("Clearing identitylink ... "); authData.setIdentityLink(null); -- cgit v1.2.3 From 117054bfda66d9537cd8dcaf4851e950cde75765 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Jan 2020 14:20:30 +0100 Subject: fix wrong header in configuration tool --- .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index ef62ef0e6..6bccd7d48 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -125,7 +125,7 @@
      -

      <%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %>

      +

      <%=LanguageHelper.getGUIString("webpages.oaconfig.general.foreign.header", request) %>

      Date: Wed, 19 Feb 2020 13:46:10 +0100 Subject: separate between E-ID Proxy-Mode and Demo-Mode --- .../moa/id/configuration/data/oa/OATargetConfiguration.java | 13 +++++++++++-- .../src/main/resources/applicationResources_de.properties | 5 +++-- .../src/main/resources/applicationResources_en.properties | 5 +++-- .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp | 11 +++++++++-- .../moa/id/auth/builder/AuthenticationDataBuilder.java | 12 ++++++++++-- .../moa/id/config/auth/OAAuthParameterDecorator.java | 6 +++++- .../moa/id/commons/config/ConfigurationMigrationUtils.java | 10 ++++++++++ .../moa/id/commons/config/MOAIDConfigurationConstants.java | 1 + .../commons/db/dao/config/deprecated/OnlineApplication.java | 13 ++++++++++++- .../auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java | 2 +- .../moa/id/protocols/saml1/SAML1AuthenticationServer.java | 6 +++++- 11 files changed, 70 insertions(+), 14 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index b2671302c..84516c73f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -61,6 +61,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { private String foreignbPKTargets = null; private String additionalbPKTargets = null; private boolean eidDemoActive = false; + private boolean eidProxyActive = false; public OATargetConfiguration() { targetList = TargetValidator.getListOfTargets(); @@ -187,7 +188,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { //parse 'Austrian eID mode' flag eidDemoActive = dbOA.getIseIDDemoModeActive(); - + eidProxyActive = dbOA.getIseIDProxyModeActive(); return null; } @@ -301,6 +302,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { dbOA.setForeignbPKTargetList(getForeignbPKTargets()); dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); dbOA.setIseIDDemoModeActive(isEidDemoActive()); + dbOA.setIseIDProxyModeActive(isEidProxyActive()); return null; } @@ -490,7 +492,14 @@ public class OATargetConfiguration implements IOnlineApplicationData { this.eidDemoActive = eidDemoActive; } - + public boolean isEidProxyActive() { + return eidProxyActive; + } + + + public void setEidProxyActive(boolean eidProxyActive) { + this.eidProxyActive = eidProxyActive; + } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 3b053d665..2ef63a529 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -264,8 +264,9 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden -webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode -webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren +webpages.oaconfig.general.neweid.header=E-ID Mode +webpages.oaconfig.general.neweid.proxy.activate=E-ID Proxy-Mode aktivieren +webpages.oaconfig.general.neweid.demo.activate=E-ID Demo-Mode aktivieren webpages.oaconfig.general.foreign.header=Weitere bPKs/fremd-bPKs im MOA-ID Mode webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 550a9df78..6d0a89a64 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -270,8 +270,9 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock -webpages.oaconfig.general.neweid.header=E-ID Proxy Mode -webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode +webpages.oaconfig.general.neweid.header=E-ID Mode +webpages.oaconfig.general.neweid.proxy.activate=Activate E-ID Proxy Mode +webpages.oaconfig.general.neweid.demo.activate=Activate E-ID Demo Mode webpages.oaconfig.general.foreign.header=Additional bPKs/foreign-bPKs in case of MOA-ID mode webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index 6bccd7d48..1f7adea01 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -116,12 +116,19 @@

      <%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %>

      + + + - +
      diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cdb0dae98..3a826ed13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -222,7 +222,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setIseIDNewDemoMode(Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))); + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))); if (authData.isIseIDNewDemoMode()) { Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); @@ -545,7 +549,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); //build additional bPKs diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index ab2a07f7c..e76acfad5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -266,7 +266,11 @@ public String getKeyBoxIdentifier() { if (Boolean.parseBoolean( spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); returnValue.setProvideBaseId(false); returnValue.setProvideAuthBlock(false); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 62a19b399..8de41eee7 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -183,6 +183,11 @@ public class ConfigurationMigrationUtils { else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString()); + if (oa.getIseIDProxyModeActive() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, oa.getIseIDProxyModeActive().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, Boolean.FALSE.toString()); + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); else @@ -884,6 +889,11 @@ public class ConfigurationMigrationUtils { else dbOA.setIseIDDemoModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE))) + dbOA.setIseIDProxyModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE))); + else + dbOA.setIseIDProxyModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 91d738989..87f6c6416 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -67,6 +67,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs"; public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode"; + public static final String SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE = AUTH + ".austrianeIDproxymode"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 74a79912e..53be4d980 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -126,6 +126,9 @@ public class OnlineApplication @XmlTransient protected Boolean iseIDDemoModeActive = false; + + @XmlTransient + protected Boolean iseIDProxyModeActive = false; public String getForeignbPKTargetList() { @@ -155,6 +158,15 @@ public class OnlineApplication this.iseIDDemoModeActive = iseIDDemoModeActive; } + public Boolean getIseIDProxyModeActive() { + return iseIDProxyModeActive ; + } + + public void setIseIDProxyModeActive(Boolean valueOf) { + this.iseIDProxyModeActive = valueOf; + + } + /** * @return the saml2PostBindingTemplateURL */ @@ -639,5 +651,4 @@ public class OnlineApplication final HashCodeStrategy strategy = JAXBHashCodeStrategy.INSTANCE; return this.hashCode(null, strategy); } - } diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java index 85d9d0f76..094da19c6 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java @@ -72,7 +72,7 @@ public class EIDProxyAuthModuleImpl implements AuthModule { if (Boolean.parseBoolean( pendingReq.getServiceProviderConfiguration().getConfigurationValue( - MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, String.valueOf(false)))) { Logger.debug("SP: " + pendingReq.getSPEntityId() + " activates E-ID mode."); return AUTH_PROCESS_NAME; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index af8211dee..73d3d369f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -354,7 +354,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer { if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); if (oaAttributes == null) -- cgit v1.2.3