From bb1b12ac5b240629e16ea1c7a50891e99f4adc14 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 27 Aug 2015 11:32:05 +0200
Subject: Use test- and productive TrustStore configurations in one IDP
 instance   - every service configuration could select its preferred 
 TrustStore

---
 .../id/configuration/data/GeneralMOAIDConfig.java  | 33 ++++++++++++++
 .../data/oa/OAAuthenticationData.java              | 50 +++++++++++++++++++++-
 .../struts/action/EditGeneralConfigAction.java     |  3 ++
 .../validation/moaconfig/MOAConfigValidator.java   | 25 +++++++++++
 .../resources/applicationResources_de.properties   | 15 ++++++-
 .../resources/applicationResources_en.properties   | 10 +++++
 .../src/main/webapp/jsp/editMOAConfig.jsp          | 15 +++++++
 .../main/webapp/jsp/snippets/OA/authentication.jsp | 15 +++++++
 8 files changed, 162 insertions(+), 4 deletions(-)

(limited to 'id/ConfigWebTool')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index bcf99d246..83795567c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -81,6 +81,9 @@ public class GeneralMOAIDConfig {
 	private List<String> authTransformList = null;
 	private String moaspssIdlTrustProfile = null;
 	
+	private String moaspssIdlTrustProfileTest = null;
+	private String moaspssAuthTrustProfileTest = null;
+	
 	private String mandateURL = null;
 	
 	private boolean protocolActiveSAML1 = false;
@@ -184,6 +187,7 @@ public class GeneralMOAIDConfig {
 					VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock();
 					if (authblock != null) {
 						moaspssAuthTrustProfile = authblock.getTrustProfileID();
+						moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID();
 						
 						List<String> list = authblock.getVerifyTransformsInfoProfileID();
 						if (list.size() == 1) 
@@ -197,6 +201,7 @@ public class GeneralMOAIDConfig {
 					VerifyIdentityLink idl = moaspss.getVerifyIdentityLink();
 					if (idl != null) {
 						moaspssIdlTrustProfile = idl.getTrustProfileID();
+						moaspssIdlTrustProfileTest = idl.getTestTrustProfileID();
 					}
 				}
 				
@@ -928,6 +933,34 @@ public class GeneralMOAIDConfig {
 	public void setPublicURLPrefix(String publicURLPrefix) {
 		this.publicURLPrefix = publicURLPrefix;
 	}
+
+	/**
+	 * @return the moaspssIdlTrustProfileTest
+	 */
+	public String getMoaspssIdlTrustProfileTest() {
+		return moaspssIdlTrustProfileTest;
+	}
+
+	/**
+	 * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set
+	 */
+	public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) {
+		this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest;
+	}
+
+	/**
+	 * @return the moaspssAuthTrustProfileTest
+	 */
+	public String getMoaspssAuthTrustProfileTest() {
+		return moaspssAuthTrustProfileTest;
+	}
+
+	/**
+	 * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set
+	 */
+	public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) {
+		this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest;
+	}
 	
 	
 	
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index 0c633f312..9b0172a24 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -70,7 +70,9 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 	private Map<String, byte[]> transformations;
 	
 	private boolean enableTestCredentials = false;
-	private List<String> testCredentialOIDs = null;
+	private List<String> testCredentialOIDs = null;	
+	private boolean useTestIDLValidationTrustStore = false;
+	private boolean useTestAuthblockValidationTrustStore = false;
 	
 	/**
 	 * 
@@ -210,7 +212,9 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 			enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials();
 			testCredentialOIDs = new ArrayList<String>();
 			testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID());
-					
+			
+			useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore();
+			useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore();		
 		}
 		
 		return null;
@@ -332,6 +336,17 @@ public class OAAuthenticationData implements IOnlineApplicationData {
         	
         }
         
+        TestCredentials testing = authoa.getTestCredentials(); 
+        if (testing == null) {
+        	testing = new TestCredentials();
+        	authoa.setTestCredentials(testing);
+        	
+        }
+        testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore);
+        testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore);
+        
+        
+        
         return null;
 	}
 
@@ -614,5 +629,36 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 				this.testCredentialOIDs.add(oidList[i].trim());  
 		}
 	}
+
+	/**
+	 * @return the useTestIDLValidationTrustStore
+	 */
+	public boolean isUseTestIDLValidationTrustStore() {
+		return useTestIDLValidationTrustStore;
+	}
+
+	/**
+	 * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to set
+	 */
+	public void setUseTestIDLValidationTrustStore(
+			boolean useTestIDLValidationTrustStore) {
+		this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore;
+	}
+
+	/**
+	 * @return the useTestAuthblockValidationTrustStore
+	 */
+	public boolean isUseTestAuthblockValidationTrustStore() {
+		return useTestAuthblockValidationTrustStore;
+	}
+
+	/**
+	 * @param useTestAuthblockValidationTrustStore the useTestAuthblockValidationTrustStore to set
+	 */
+	public void setUseTestAuthblockValidationTrustStore(
+			boolean useTestAuthblockValidationTrustStore) {
+		this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore;
+	}
 		
+	
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 13256a6a0..725a2eded 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -586,12 +586,15 @@ public class EditGeneralConfigAction extends BasicAction {
 			dbmoasp.setVerifyIdentityLink(moaidl);
 		}
 		moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile());
+		moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest());
+		
 		VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock();
 		if (moaauth == null) {
 			moaauth = new VerifyAuthBlock();
 			dbmoasp.setVerifyAuthBlock(moaauth);
 		}
 		moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile());
+		moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest());
 		
 		if (moaauth.getVerifyTransformsInfoProfileID() != null && 
 				moaauth.getVerifyTransformsInfoProfileID().size() > 0)
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 73f5e098f..95502cedb 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -207,6 +207,31 @@ public class MOAConfigValidator {
 			}
 		}
 		
+		check = form.getMoaspssAuthTrustProfileTest();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
+			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
+		} else {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("Test-Authblock TrustProfile is not valid: " +check);
+				errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+			}
+		}
+		
+		check = form.getMoaspssIdlTrustProfileTest();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
+			errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
+		} else {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("Test-IdentityLink TrustProfile is not valid: " +check);
+				errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+			}
+		}
+		
+		
 		check = form.getMoaspssURL();
 		if (MiscUtil.isNotEmpty(check)) {
 			if (!ValidationHelper.validateURL(check)) {
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 9116d6ef8..5248690d6 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -138,8 +138,10 @@ webpages.moaconfig.timeout.assertion=Anmeldedaten [sec]
 webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec]
 webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec]
 webpages.moaconfig.moasp.header=MOA-SP Konfiguration
-webpages.moaconfig.moasp.idltrustprofile=Personenbindung Trustprofil 
+webpages.moaconfig.moasp.idltrustprofile=Personenbindung Trustprofil
+webpages.moaconfig.moasp.idltrustprofile.test=Test-Personenbindung Trustprofil  
 webpages.moaconfig.moasp.authtrustprofile=Authentfizierungsblock Trustprofil 
+webpages.moaconfig.moasp.authtrustprofile.test=Test-Authentfizierungsblock Trustprofil
 webpages.moaconfig.moasp.authblocktransform=Authentfizierungsblock Transformationen
 webpages.moaconfig.moasp.url=URL zum MOA-SP Service
 webpages.moaconfig.identitylinksigners=IdentityLinkSigners
@@ -281,6 +283,9 @@ webpages.oaconfig.general.BKUSelection.header.applet.width=Appletbreite
 webpages.oaconfig.general.testing.header=Test Identit\u00E4ten
 webpages.oaconfig.general.testing.usetesting=Test Identit\u00E4ten erlauben
 webpages.oaconfig.general.testing.oids=OIDs f\u00FCr Test Identit\u00E4ten einschr\u00E4nken.
+webpages.oaconfig.general.testing.idltruststore=Test-Persondenbindungs TrustStore verwenden
+webpages.oaconfig.general.testing.authblocktruststore=Test-AuthBlockValidation TrustStore verwenden
+
 
 webpages.oaconfig.sso.header=Single Sign-On
 webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL
@@ -378,7 +383,7 @@ validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folge
 
 validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer.
-validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00F6ltiges Format.
+validation.general.publicURLprefix.valid=Public URL Prefix {0} hat kein g\u00F6ltiges Format.
 validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer.
 validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt.
@@ -392,6 +397,12 @@ validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fu
 validation.general.moasp.auth.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.moasp.idl.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung der Personenbindung ist leer.
 validation.general.moasp.idl.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung der Personenbindung  enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+
+validation.general.moasp.auth.trustprofile.test.empty=Das Test-TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer.
+validation.general.moasp.auth.trustprofile.test.valid=Das Test-TrustProfile zur Pr\u00F6fung des Authentfizierungsblock enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.moasp.idl.trustprofile.test.empty=Das Test-TrustProfile zur Pr\u00F6fung der Personenbindung ist leer.
+validation.general.moasp.idl.trustprofile.test.valid=Das Test-TrustProfile zur Pr\u00F6fung der Personenbindung  enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+
 validation.general.moaspss.url.valid=Die URL zum MOA-SP/SS Service hat kein g\u00F6ltiges Format.
 validation.general.protocol.pvp2.issuername.valid=PVP2\: Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.protocol.pvp2.org.displayname.valid=PVP2 Organisation\: Vollst\u00E4ndiger Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 38cc6341b..22453ed2b 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -139,6 +139,8 @@ webpages.moaconfig.timeout.MOASessionUpdated=SSO Session last access[sec]
 webpages.moaconfig.moasp.header=MOA-SP configuration
 webpages.moaconfig.moasp.idltrustprofile=Trustprofile for IdentityLink
 webpages.moaconfig.moasp.authtrustprofile=Trustprofile for authentication block
+webpages.moaconfig.moasp.idltrustprofile.test=Test Trustprofile for IdentityLink
+webpages.moaconfig.moasp.authtrustprofile.test=Test Trustprofile for authentication block
 webpages.moaconfig.moasp.authblocktransform=Transformations for authentication block
 webpages.moaconfig.moasp.url=URL for MOA-SP Service
 webpages.moaconfig.identitylinksigners=IdentityLinkSigners
@@ -200,6 +202,8 @@ webpages.oaconfig.general.bku.sltemplate.third=SecurityLayer Template (WhiteList
 webpages.oaconfig.general.testing.header=Test Credentials
 webpages.oaconfig.general.testing.usetesting=Allow test credentials
 webpages.oaconfig.general.testing.oids=Use special test credential OIDs
+webpages.oaconfig.general.testing.idltruststore=Use Test-IdentityLink TrustStore
+webpages.oaconfig.general.testing.authblocktruststore=Use Test-AuthBlockValidation TrustStore
 
 webpages.oaconfig.revisionsLog.header=Revisions Logging
 webpages.oaconfig.revisionsLog.active=Activ
@@ -391,6 +395,12 @@ validation.general.moasp.auth.trustprofile.empty=TrustProfile for checking of au
 validation.general.moasp.auth.trustprofile.valid=TrustProfile for checking of authentication block contains forbidden characters. The following characters are not allowed\: {0}
 validation.general.moasp.idl.trustprofile.empty=TrustProfile for checking of IdentityLink is blank.
 validation.general.moasp.idl.trustprofile.valid=TrustProfile for checking of IdentityLink contain forbidden characters. The following characters are not allowed\: {0}
+
+validation.general.moasp.auth.trustprofile.test.empty=Test-TrustProfile for checking of authentication block is blank.
+validation.general.moasp.auth.trustprofile.test.valid=Test-TrustProfile for checking of authentication block contains forbidden characters. The following characters are not allowed\: {0}
+validation.general.moasp.idl.trustprofile.test.empty=Test-TrustProfile for checking of IdentityLink is blank.
+validation.general.moasp.idl.trustprofile.test.valid=Test-TrustProfile for checking of IdentityLink contain forbidden characters. The following characters are not allowed\: {0}
+
 validation.general.moaspss.url.valid=URL for MOA-SP/SS service has invalid format.
 validation.general.protocol.pvp2.issuername.valid=PVP2\: service name contains forbidden characters. The following characters are not allowed\: {0}
 validation.general.protocol.pvp2.org.displayname.valid=PVP2 organization\: complete name contains forbidden characters. The following characters are not allowed\: {0}
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 03f8a6b50..e6f07f847 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -152,6 +152,13 @@
 								cssClass="textfield_long">
 							</s:textfield>
 							
+							<s:textfield name="moaconfig.moaspssIdlTrustProfileTest" 
+								value="%{moaconfig.moaspssIdlTrustProfileTest}" 
+								labelposition="left"
+								key="webpages.moaconfig.moasp.idltrustprofile.test"
+								cssClass="textfield_long">
+							</s:textfield>
+							
 <%-- 							<s:textarea name="moaconfig.identityLinkSigners" 
 								value="%{moaconfig.identityLinkSigners}" 
 								labelposition="left"
@@ -166,6 +173,14 @@
 								cssClass="textfield_long">
 							</s:textfield>
 							
+							<s:textfield name="moaconfig.moaspssAuthTrustProfileTest" 
+								value="%{moaconfig.moaspssAuthTrustProfileTest}" 
+								labelposition="left"
+								key="webpages.moaconfig.moasp.authtrustprofile.test"
+								cssClass="textfield_long">
+							</s:textfield>
+							
+							
 <%-- 							<s:textarea name="moaconfig.moaspssAuthTransformations" 
 								value="%{moaconfig.moaspssAuthTransformations}" 
 								labelposition="left"
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
index 3dda0c0a4..f0b5c816a 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
@@ -84,6 +84,21 @@
 							key="webpages.oaconfig.general.testing.oids"
 							cssClass="textfield_long">				
 						</s:textfield>
+						
+						<s:checkbox key="webpages.oaconfig.general.testing.idltruststore"
+												labelposition="left"
+												cssClass="checkbox"
+												value="%{authOA.useTestIDLValidationTrustStore}"
+												name="authOA.useTestIDLValidationTrustStore">
+						</s:checkbox>
+						
+						<s:checkbox key="webpages.oaconfig.general.testing.authblocktruststore"
+												labelposition="left"
+												cssClass="checkbox"
+												value="%{authOA.useTestAuthblockValidationTrustStore}"
+												name="authOA.useTestAuthblockValidationTrustStore">
+						</s:checkbox>
+						
 					</div>
 
 
-- 
cgit v1.2.3