From f306cf7529f44d09a12a87f177368353fe1d3bc5 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Thu, 19 Dec 2013 12:04:10 +0100
Subject: OA qaa and attributes validated and persisted

---
 .../id/configuration/data/GeneralStorkConfig.java  |  3 +-
 .../id/configuration/data/oa/OASTORKConfig.java    | 49 +++++++++++++++++++++-
 .../configuration/struts/action/EditOAAction.java  |  2 +
 .../validation/oa/OASTORKConfigValidation.java     | 37 ++++++++++++++--
 4 files changed, 84 insertions(+), 7 deletions(-)

(limited to 'id/ConfigWebTool')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index f270ab624..8b527aa8f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -1,10 +1,9 @@
 package at.gv.egovernment.moa.id.configuration.data;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
-import edu.emory.mathcs.backport.java.util.Arrays;
-
 import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
 import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
 import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index 1884fb808..f6fc4416f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -1,12 +1,20 @@
 package at.gv.egovernment.moa.id.configuration.data.oa;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributesType;
 
 public class OASTORKConfig {
 
 	private boolean isStorkLogonEnabled = false;
+	private int qaa;
+	private List<String> attributes;
 
 	public OASTORKConfig() {
 
@@ -14,7 +22,7 @@ public class OASTORKConfig {
 
 	/**
 	 * Parses the OA config for stork entities.
-	 * 
+	 *
 	 * @param dbOAConfig
 	 *            the db oa config
 	 */
@@ -24,6 +32,21 @@ public class OASTORKConfig {
 			OASTORK config = authdata.getOASTORK();
 			if(config != null) {
 				setStorkLogonEnabled(config.isStorkLogonEnabled());
+
+				try {
+					setQaa(config.getQaa());
+				} catch(NullPointerException e) {
+					// if there is no configuration available for the OA, get the default qaa level
+					setQaa(ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getQualityAuthenticationAssuranceLevel());
+				}
+
+				RequestedAttributesType tmp = config.getAttributes();
+				if(null == tmp)
+					// if there is no configuration available for the OA, get the default attributes
+					tmp = ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getRequestedAttributes();
+				attributes = new ArrayList<String>();
+				for(String current : tmp.getAttributeValue())
+					attributes.add(current);
 			}
 		}
 	}
@@ -35,4 +58,28 @@ public class OASTORKConfig {
 	public void setStorkLogonEnabled(boolean enabled) {
 		this.isStorkLogonEnabled = enabled;
 	}
+
+	public int getQaa() {
+		return qaa;
+	}
+
+	public void setQaa(int qaa) {
+		this.qaa = qaa;
+	}
+
+	public RequestedAttributesType getRequestedAttributesType() {
+		RequestedAttributesType tmp = new RequestedAttributesType();
+		tmp.setAttributeValue(attributes);
+		return tmp;
+	}
+
+	public String getAttributes() {
+		return Arrays.toString(attributes.toArray()).replace("[", "").replace("]", "");
+	}
+
+	public void setAttributes(String attributes) {
+		this.attributes = new ArrayList<String>();
+		for(String current : attributes.split(","))
+			this.attributes.add(current.trim());
+	}
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 5e473d85c..466feba23 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -967,6 +967,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
 		}
 		// transfer the incoming data to the database model
 		stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled());
+		stork.setQaa(storkOA.getQaa());
+		stork.setAttributes(storkOA.getRequestedAttributesType());
 
 		try {
 			if (newentry) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
index d12d918bd..31cf7bcee 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
@@ -3,15 +3,44 @@ package at.gv.egovernment.moa.id.configuration.validation.oa;
 import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.log4j.Logger;
+
 import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class OASTORKConfigValidation {
+
+	private static final Logger log = Logger.getLogger(OASTORKConfigValidation.class);
+
 	public List<String> validate(OASTORKConfig oageneral) {
-		
+
 		List<String> errors = new ArrayList<String>();
-		
-		// we only have a checkbox for now, so no need to validate anything here
-		
+
+		// check qaa
+		int qaa = oageneral.getQaa();
+		if(1 > qaa && 4 < qaa) {
+			log.warn("QAA is out of range : " + qaa);
+			errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
+					new Object[] {qaa} ));
+		}
+
+		// check attributes
+		String check = oageneral.getAttributes();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+				log.warn("attributes contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
+			}
+			if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) {
+					log.warn("attributes do not match the requested format : " + check);
+					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+							new Object[] {check} ));
+			}
+		}
+
 		return errors;
 	}
 }
-- 
cgit v1.2.3