From 98dbb23fa5dcd9518beb56fd2410667b385b5524 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 17 Jul 2015 09:18:28 +0200 Subject: first beta version of new MOA-ID WebGUI module for configuration --- id/moa-id-webgui/pom.xml | 31 +- .../id/config/webgui/MOAIDConfigurationModul.java | 48 +- .../config/webgui/MOAIDSpringResourceProvider.java | 29 +- .../id/config/webgui/MOAIDWebGUIConfiguration.java | 160 ++++++ .../webgui/exception/ConfigurationException.java | 48 ++ .../exception/SchemaValidationException.java | 43 ++ .../exception/SignatureValidationException.java | 58 +++ .../validation/MOAIDConfigurationValidator.java | 17 +- .../validation/modul/impl/GatewayValidator.java | 19 +- .../modul/impl/InterfederationIDPValidator.java | 7 + .../modul/impl/OnlineApplicationValidator.java | 30 +- .../validation/modul/impl/VIDPValidator.java | 20 +- .../validation/task/AbstractTaskValidator.java | 4 +- .../task/impl/GeneralMOAIDConfigurationTask.java | 5 +- .../task/impl/GeneralOpenIDConfigurationTask.java | 2 +- .../task/impl/GeneralPVP2XConfigurationTask.java | 2 +- .../task/impl/GeneralSTORKConfigurationTask.java | 2 +- .../ServicesAuthenticationInformationTask.java | 229 +++++++++ .../task/impl/ServicesAuthenticationSTORKTask.java | 301 +++++++++++ .../task/impl/ServicesBKUSelectionTask.java | 403 +++++++++++++++ .../task/impl/ServicesGeneralInformationTask.java | 150 +++++- .../task/impl/ServicesInterfederationIDPTask.java | 116 +++++ .../task/impl/ServicesPVPGatewayTask.java | 121 +++++ .../task/impl/ServicesProtocolOpenIDTask.java | 152 ++++++ .../task/impl/ServicesProtocolPVP2XTask.java | 336 +++++++++++++ .../task/impl/ServicesProtocolSAML1Task.java | 114 +++++ .../task/impl/ServicesProtocolSTORKTask.java | 273 ++++++++++ .../task/impl/ServicesSSOAuthenticationTask.java | 101 ++++ .../validation/task/impl/ServicesTargetTask.java | 221 ++++++++ .../task/impl/ServicesbPKDecryptionTask.java | 137 +++++ .../utils/MetaDataVerificationFilter.java | 122 +++++ .../validation/utils/SchemaValidationFilter.java | 98 ++++ ...i.validation.task.IDynamicLoadableTaskValidator | 4 + .../resources/applicationResources_de.properties | 4 +- .../resources/applicationResources_en.properties | 2 + .../src/main/resources/gui/meta.properties | 92 +++- .../src/main/resources/gui/types/gateway.json | 50 ++ .../src/main/resources/gui/types/general.json | 7 + .../src/main/resources/gui/types/iidp.json | 124 +++++ .../src/main/resources/gui/types/oa.json | 557 ++++++++++++++++++++- .../src/main/resources/gui/types/vidp.json | 371 ++++++++++++++ .../src/main/resources/moaid.webgui.beans.xml | 12 +- 42 files changed, 4482 insertions(+), 140 deletions(-) create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java create mode 100644 id/moa-id-webgui/src/main/resources/gui/types/gateway.json create mode 100644 id/moa-id-webgui/src/main/resources/gui/types/iidp.json create mode 100644 id/moa-id-webgui/src/main/resources/gui/types/vidp.json (limited to 'id/moa-id-webgui') diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 76660eac2..35436db4b 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -16,8 +16,16 @@ ${basedir}/../../repository + + + shibboleth.internet2.edu + Internet2 + https://build.shibboleth.net/nexus/content/groups/public/ + + + - src/main/jave + src/main/java maven-compiler-plugin @@ -47,6 +55,27 @@ moa-id-commons + + org.opensaml + opensaml + + + org.slf4j + log4j-over-slf4j + + + + + org.opensaml + xmltooling + + + org.slf4j + log4j-over-slf4j + + + + diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java index 72e2321e9..0ec230324 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java @@ -45,6 +45,9 @@ import at.gv.egiz.components.configuration.meta.api.MetadataConfiguration; import at.gv.egiz.components.configuration.meta.api.SchemaEntry; import at.gv.egiz.components.configuration.meta.api.impl.BaseMetadataConfiguration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.MOAIDConfigurationValidator; @@ -57,7 +60,7 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ private static final String MODULE_NAME = "MOAIDConfigurationModul"; - private static Configuration config; + private static MOAIDConfiguration config; private static Configuration meta; private static MetadataConfiguration metadata = null; @@ -76,23 +79,29 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ } @Autowired - public void setDatabaseConfiguration(Configuration dbconfig) { + public void setDatabaseConfiguration(MOAIDConfiguration dbconfig) { config = dbconfig; } /** + * @throws Exception * */ - public MOAIDConfigurationModul() { - loadType("general", "/gui/types/general.json"); - -// loadType("oa", "/gui/types/oa.json"); - - //TODO: load correct types -// loadType("vidp", "/gui/types/oa.json"); -// loadType("iidp", "/gui/types/oa.json"); -// loadType("gateway", "/gui/types/oa.json"); + public MOAIDConfigurationModul() throws Exception { + loadType("general", "/gui/types/general.json"); + loadType("moaidoa", "/gui/types/oa.json"); + loadType("moaidvidp", "/gui/types/vidp.json"); + loadType("moaidiidp", "/gui/types/iidp.json"); + loadType("moaidgateway", "/gui/types/gateway.json"); + try { + MOAIDWebGUIConfiguration.getInstance(); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + logger.error("MOA-ID WebGUI initialization FAILED! (Reason: {})", e.getMessage()); + throw new Exception(e); + + } } @@ -146,8 +155,19 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ @Override public String buildArrayIdentifier(String arrayId, int refCounter, Map properties) throws ConfigurationException { - // TODO Auto-generated method stub - return null; + logger.trace("Search next free list index for key: " + arrayId); + + if (arrayId.startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { + String[] allListKeys = config.findConfigurationId(arrayId + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + int freeIndex = KeyValueUtils.findNextFreeListCounter(allListKeys, arrayId) + refCounter; + logger.debug("Found free listIndex: " + freeIndex + " for serviceKey: " + arrayId); + return String.valueOf(freeIndex); + + } else { + logger.warn("Actually, only services are from type array and need an index."); + throw new ConfigurationException("Actually, only services are from type array and need an index."); + + } } /* (non-Javadoc) @@ -203,7 +223,7 @@ public class MOAIDConfigurationModul implements ConfigurationModul{ Iterator deleteInterator = deleted.iterator(); while (deleteInterator.hasNext()) { String el = deleteInterator.next(); - try { + try { config.deleteIds(el); logger.trace("Delete key {}", el); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java index 61e1a1192..f9f8d1d2d 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java @@ -22,10 +22,14 @@ */ package at.gv.egovernment.moa.id.config.webgui; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; import at.gv.egiz.components.spring.api.SpringResourceProvider; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolPVP2XTask; /** * @author tlenz @@ -33,16 +37,33 @@ import at.gv.egiz.components.spring.api.SpringResourceProvider; */ public class MOAIDSpringResourceProvider implements SpringResourceProvider { - private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + private static final Logger log = LoggerFactory.getLogger(MOAIDSpringResourceProvider.class); /* (non-Javadoc) * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() */ @Override - public Resource[] getResourcesToLoad() { - ClassPathResource webguicontextconfig = new ClassPathResource("/moaid.webgui.beans.xml", MOAIDSpringResourceProvider.class); + public Resource[] getResourcesToLoad() { +// try { + //TODO: is not a nice solution -> fix in futher version + //MOAIDWebGUIConfiguration moaIdWebguiConfig = MOAIDWebGUIConfiguration.getInstance(); + //JPAPropertiesWithJavaConfig.setLocalProperties(moaIdWebguiConfig.getDatabaseProperties()); + ClassPathResource databasecontextconfig = new ClassPathResource("/configuration.beans.xml", MOAIDSpringResourceProvider.class); - return new Resource[] {webguicontextconfig, databasecontextconfig}; + ClassPathResource webguicontextconfig = new ClassPathResource("/moaid.webgui.beans.xml", MOAIDSpringResourceProvider.class); + ClassPathResource webguidatabasecontextconfig = new ClassPathResource("/moaid.migration.beans.xml", MOAIDSpringResourceProvider.class); + + + + return new Resource[] {databasecontextconfig, webguidatabasecontextconfig, webguicontextconfig}; + +// } catch (ConfigurationException e) { +// log.error("Can not load MOA-ID WebGUI configuration.", e); +// return null; +// +// } + + } diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java new file mode 100644 index 000000000..0a3a9eef8 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java @@ -0,0 +1,160 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Properties; + +import org.opensaml.DefaultBootstrap; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Service +public class MOAIDWebGUIConfiguration { + + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + + private static final Logger log = LoggerFactory.getLogger(MOAIDWebGUIConfiguration.class); + + + + private Properties props; + private String configFileName; + private String configRootDir; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.commons.config.persistence.LocalConfigurationBean#getLocalDatabaseProperties() + */ + + private static MOAIDWebGUIConfiguration instance = null; + + public static MOAIDWebGUIConfiguration getInstance() throws ConfigurationException { + if (instance == null) { + instance = new MOAIDWebGUIConfiguration(); + + } + return instance; + } + + + MOAIDWebGUIConfiguration() throws ConfigurationException { + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + + if (configFileName == null) { + throw new ConfigurationException("config.05"); + } + try { + URI fileURI = new URI(configFileName); + + // determine the directory of the root config file + configRootDir = new File(fileURI).getParent(); + + log.info("Loading MOA-ID WebGUI configuration from file " + fileURI); + + //Load MOAID-2.0 properties file + + File propertiesFile = new File(fileURI); + FileInputStream fis; + props = new Properties(); + + fis = new FileInputStream(propertiesFile); + props.load(fis); + + fis.close(); + + log.debug("OpenSAML initialization started ..."); + DefaultBootstrap.bootstrap(); + log.info("OpenSAML initialization complete."); + + log.info("Pre-Initialization step of MOA-ID WebGUI module finished ... "); + + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.01", new Object[]{configFileName}, e); + + } catch (IOException e) { + throw new ConfigurationException("config.02", new Object[]{configFileName}, e); + + } catch (org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); + + } catch (URISyntaxException e) { + throw new ConfigurationException("config.06", new Object[]{MOAIDConfigurationConstants.FILE_URI_PREFIX, configFileName}, e); + + } + } + +// @Override +// protected Properties getLocalDatabaseProperties() { +// return this.props; +// } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + + public String getCertStoreDirectory() throws ConfigurationException { + String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); + + } + + public String getTrustStoreDirectory() throws ConfigurationException { + String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); + + } + + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java new file mode 100644 index 000000000..2f2decab9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java @@ -0,0 +1,48 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; + + +public class ConfigurationException extends Exception { + + private static final long serialVersionUID = 1L; + + public ConfigurationException(String errorname) { + super(LanguageHelper.getErrorString(errorname, null)); + } + + public ConfigurationException(String errorname, Throwable e) { + super(LanguageHelper.getErrorString(errorname, null), e); + } + + public ConfigurationException(String errorname, Object[] params, Throwable e) { + super(LanguageHelper.getErrorString(errorname, params), e); + } + + public ConfigurationException(Throwable e) { + super(e); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java new file mode 100644 index 000000000..3c0827a62 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java @@ -0,0 +1,43 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SchemaValidationException extends FilterException { + + /** + * @param string + */ + public SchemaValidationException(String string) { + super(string); + + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java new file mode 100644 index 000000000..7c4c48e6b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java @@ -0,0 +1,58 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SignatureValidationException extends FilterException { + + /** + * @param string + */ + public SignatureValidationException(String string) { + super(string); + + } + + /** + * @param e + */ + public SignatureValidationException(Exception e) { + super(e); + } + + /** + * @param string + * @param object + */ + public SignatureValidationException(String string, Exception e) { + super(string, e); + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java index a1cafe702..5fc5b86d2 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java @@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; @@ -48,7 +49,7 @@ import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTa */ public class MOAIDConfigurationValidator { private static final Logger logger = LoggerFactory.getLogger(MOAIDConfigurationValidator.class); - private static Configuration dbconfig; + private static MOAIDConfiguration dbconfig; private static ServiceLoader moduleLoader = ServiceLoader.load(IModuleValidator.class); @@ -61,7 +62,7 @@ public class MOAIDConfigurationValidator { private boolean isDataValidated = false; @Autowired - public void setDatabaseConfiguration(Configuration config) { + public void setDatabaseConfiguration(MOAIDConfiguration config) { dbconfig = config; } @@ -81,7 +82,7 @@ public class MOAIDConfigurationValidator { } - //load tasks + //load dynamic tasks Iterator taskLoaderInterator = taskLoader.iterator(); while (taskLoaderInterator.hasNext()) { IDynamicLoadableTaskValidator task = taskLoaderInterator.next(); @@ -151,8 +152,13 @@ public class MOAIDConfigurationValidator { if (moduleValidator.containsKey(moduleID)) { logger.trace("Starting validation process of keyGroup: " + groupEl.getKey() + " with module: " + moduleValidator.get(moduleID).getName()); + Map servicekeys = KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey()); + + //put service prefix to validation Map to check if service already stored + servicekeys.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, groupEl.getKey()); + moduleValidator.get(moduleID) - .validate(KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey())); + .validate(servicekeys); } else logger.info("No ModulValidator for keygroup {} found.", moduleID); @@ -268,6 +274,7 @@ public class MOAIDConfigurationValidator { for (String key : validationModuleKeys) { if (el.getKey().startsWith(key)) { selectedModul = moduleValidator.get(key); + break; } } @@ -276,7 +283,7 @@ public class MOAIDConfigurationValidator { String groupkey = null; if (selectedModul.getKeyPrefix().startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { String oaIndex = KeyValueUtils.getFirstChildAfterPrefix(el.getKey(), selectedModul.getKeyPrefix()); - groupkey = selectedModul + "." + oaIndex; + groupkey = selectedModul.getKeyPrefix() + "." + oaIndex; } else groupkey = selectedModul.getKeyPrefix(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java index 22281c973..e7775beba 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java @@ -22,12 +22,10 @@ */ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; -import java.util.Map; - import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; -import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesPVPGatewayTask; /** * @author tlenz @@ -35,17 +33,12 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; */ public class GatewayValidator extends AbstractModuleValidator { - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map) - */ - @Override - public void validate(Map input) - throws ConfigurationModulValidationException { - // TODO Auto-generated method stub - + public GatewayValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesPVPGatewayTask()); } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() */ diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java index 2e9288415..5b9312e8e 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesInterfederationIDPTask; /** * @author tlenz @@ -31,6 +33,11 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleVal */ public class InterfederationIDPValidator extends AbstractModuleValidator { + public InterfederationIDPValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesInterfederationIDPTask()); + + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java index a71d425f2..dbce8ec3a 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java @@ -22,13 +22,15 @@ */ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; -import java.util.Map; - import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; -import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesAuthenticationInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolSAML1Task; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesSSOAuthenticationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesbPKDecryptionTask; /** * @author tlenz @@ -36,14 +38,18 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; */ public class OnlineApplicationValidator extends AbstractModuleValidator { - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map) + /** + * */ - @Override - public void validate(Map input) - throws ConfigurationModulValidationException { - // TODO Auto-generated method stub - + public OnlineApplicationValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesTargetTask()); + addTaskValidator(new ServicesAuthenticationInformationTask()); + addTaskValidator(new ServicesSSOAuthenticationTask()); + addTaskValidator(new ServicesbPKDecryptionTask()); + addTaskValidator(new ServicesProtocolSAML1Task()); + addTaskValidator(new ServicesBKUSelectionTask()); + } /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java index 17dc66550..ad3c15b16 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java @@ -22,13 +22,11 @@ */ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; -import java.util.Map; - import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; -import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; -import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask; /** * @author tlenz @@ -36,14 +34,12 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; */ public class VIDPValidator extends AbstractModuleValidator { - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map) - */ - @Override - public void validate(Map input) - throws ConfigurationModulValidationException { - // TODO Auto-generated method stub + public VIDPValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesTargetTask()); + addTaskValidator(new ServicesBKUSelectionTask()); + } /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java index 394bc4da7..a124949f1 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java @@ -49,7 +49,7 @@ public abstract class AbstractTaskValidator implements ITaskValidator { throws ConfigurationTaskValidationException { //start task specific validation - tastValidate(input); + taskValidate(input); } @@ -59,7 +59,7 @@ public abstract class AbstractTaskValidator implements ITaskValidator { * @param input Key/Value pairs of a module for validation * @throws ConfigurationModulValidationException */ - abstract protected void tastValidate(Map input) + abstract protected void taskValidate(Map input) throws ConfigurationTaskValidationException; /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index e4646bc04..b8836b90c 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -94,7 +94,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - protected void tastValidate(Map input) + protected void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); @@ -451,7 +451,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); - if (MiscUtil.isEmpty(check)) { + if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { log.info("AuthBlock Transformation file is empty"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, @@ -537,6 +537,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme //TODO: add AuthBlock transformation filename String authBlockTransformation = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); + String[] splittet = authBlockTransformation.split(","); if (splittet.length > 1) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java index 95f6c8349..35fed19a3 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java @@ -54,7 +54,7 @@ public class GeneralOpenIDConfigurationTask extends AbstractTaskValidator { * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override - protected void tastValidate(Map input) + protected void taskValidate(Map input) throws ConfigurationTaskValidationException { } diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java index 46dce77a0..a593b5461 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java @@ -82,7 +82,7 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - protected void tastValidate(Map input) + protected void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index a12c8f0cd..c6086583a 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -90,7 +90,7 @@ public static final List KEYWHITELIST; * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - public void tastValidate(Map input) + public void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); Map validatedCPeps = new HashedMap(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java new file mode 100644 index 000000000..c39e857e4 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java @@ -0,0 +1,229 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationInformationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationInformationTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + //Check BKU URLs + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY, + "BKU - Handy", + LanguageHelper.getErrorString("validation.general.bku.handy.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL, + "BKU - Local", + LanguageHelper.getErrorString("validation.general.bku.local.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - Online", + LanguageHelper.getErrorString("validation.general.bku.online.valid"))); + } + + //check KeyBoxIdentifier + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"))); + } + } + + //check LegacyMode SLTemplates + String isLegacyModeActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY); + if (MiscUtil.isNotEmpty(isLegacyModeActive) && Boolean.parseBoolean(isLegacyModeActive)) { + if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, + "BKU - SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplates.empty"))); + + } else { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE, + "BKU - 1. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate1.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE, + "BKU - 2. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate2.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE, + "BKU - 3. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate3.valid"))); + } + } + } + + //check Mandate Profiles + String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_USE); + if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES); + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES, + "Mandates - Profiles", + LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + + } + + String isTestCredentialsActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); + if (MiscUtil.isNotEmpty(isTestCredentialsActive) && + Boolean.parseBoolean(isTestCredentialsActive) && + MiscUtil.isNotEmpty(check)) { + String[] oids = check.split(","); + for (String el : oids) { + if (!el.startsWith(MOAIDConfigurationConstants.TESTCREDENTIALROOTOID)) { + log.warn("Test credential OID does not start with test credential root OID"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs, + "Test-Identities - allowed OIDs", + LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", + new Object[] {el}) )); + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java new file mode 100644 index 000000000..087334c4b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java @@ -0,0 +1,301 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationSTORKTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + //C-PEPS + try { + //search all actually configured C-PEPS + String[] cPepsKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); + List cPepsCountries = new ArrayList(); + for (String el : cPepsKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + cPepsCountries.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map GUICountries = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); + Iterator> GUICountriesInterator = GUICountries.entrySet().iterator(); + while (GUICountriesInterator.hasNext()) { + Entry entry = GUICountriesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)) { + + if (cPepsCountries.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains C-PEPS with countryCode: " + entry.getValue()); + cPepsCountries.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No C-PEPS with service countryCode: " + entry.getValue() + + " Remove countryCode from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove countryCode from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUICountries.keySet(), new String()); + for (String el : cPepsCountries) { + log.debug("Add new C-PEPS: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE, + el); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED, + String.valueOf(true)); + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + //STORK attributes + try { + //search all actually configured C-PEPS + String[] attributeKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + List attributeNames = new ArrayList(); + for (String el : attributeKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + attributeNames.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map GUIAttributes = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); + Iterator> GUIAttributesInterator = GUIAttributes.entrySet().iterator(); + while (GUIAttributesInterator.hasNext()) { + Entry entry = GUIAttributesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { + + if (attributeNames.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains STORK attribute with name: " + entry.getValue()); + attributeNames.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No STORK attribute with service attributeName: " + entry.getValue() + + " Remove STORK attribte from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove STORK attribute from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUIAttributes.keySet(), new String()); + for (String el : attributeNames) { + log.debug("Add new STORK attribute: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME, + el); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED, + String.valueOf(false)); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + String.valueOf(false)); + + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + // check qaa + String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); + if (MiscUtil.isNotEmpty(qaaString)) { + try { + int qaa = Integer.parseInt(qaaString); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa}))); + } + + } catch (NumberFormatException e) { + log.warn("QAA level is not a number: " + qaaString); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaaString}))); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java new file mode 100644 index 000000000..7ed9751cb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java @@ -0,0 +1,403 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.apache.commons.codec.binary.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesBKUSelectionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesBKUSelectionTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.templates"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - BKU-Selection Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + + Map newConfigValues = new HashMap(); + + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplateUploadedFileName); + + } + + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, sendAssertionTemplateUploadedFileName); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + + //validate aditionalAuthBlockText + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT, + "AuthBlock - Addition AuthBlocktext", + LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + //validate BKU selection template + String bkuSelectTemplate = null; + String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); + if (MiscUtil.isNotEmpty(bkuSelectionFileUpload) && + !bkuSelectionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) ) { + String bkuSelectTemplateFileName = "unknown"; + try { + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(bkuSelectTemplateUploadedFileName, false)) { + log.info("BKU Selection Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, + "Templates - BKU Selection Filename", + LanguageHelper.getErrorString("validation.general.bkuselection.filename.valid"))); + + } else + bkuSelectTemplateFileName = bkuSelectTemplateUploadedFileName; + + } else { + String bkuSelectTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW); + if (MiscUtil.isNotEmpty(bkuSelectTemplatePreView)) + bkuSelectTemplateFileName = bkuSelectTemplatePreView; + + } + + String[] bkuSelectTemplateSplitted = bkuSelectionFileUpload.split(","); + if (bkuSelectTemplateSplitted.length > 1) + bkuSelectTemplate = bkuSelectTemplateSplitted[1]; + else + bkuSelectTemplate = bkuSelectionFileUpload; + + if (!Base64.isBase64(bkuSelectTemplate)) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } + + //validate send-assertion template + String sendAssertionTemplate = null; + String sendAssertionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); + if (MiscUtil.isNotEmpty(sendAssertionFileUpload) && + !sendAssertionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String sendAssertionTemplateFileName = "unknown"; + try { + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(sendAssertionTemplateUploadedFileName, false)) { + log.info("Send Assertion Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, + "Templates - Send Assertion Filename", + LanguageHelper.getErrorString("validation.general.sendassertion.filename.valid"))); + + } else + sendAssertionTemplateFileName = sendAssertionTemplateUploadedFileName; + + } else { + String sendAssertionTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW); + if (MiscUtil.isNotEmpty(sendAssertionTemplatePreView)) + sendAssertionTemplateFileName = sendAssertionTemplatePreView; + + } + + String[] sendAssertionTemplateSplitted = sendAssertionFileUpload.split(","); + if (sendAssertionTemplateSplitted.length > 1) + sendAssertionTemplate = sendAssertionTemplateSplitted[1]; + else + sendAssertionTemplate = sendAssertionFileUpload; + + if (!Base64.isBase64(sendAssertionTemplate)) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR, + "Templates - Background Color", + LanguageHelper.getErrorString("validation.general.form.color.background"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR, + "Templates - Front Color", + LanguageHelper.getErrorString("validation.general.form.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR, + "Templates - Header Background-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR, + "Templates - Header Front-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT, + "Templates - Header Text", + LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR, + "Templates - Button Background-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS, + "Templates - Button Background-Color on Focus", + LanguageHelper.getErrorString("validation.general.form.button.color.back.focus"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR, + "Templates - Button Front-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!MOAIDConfigurationConstants.ALLOWED_REDIRECTTARGETNAMES.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET, + "Templates - Applet Redirect-Target", + LanguageHelper.getErrorString("validation.general.form.appletredirecttarget"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE, + "Templates - Font Type", + LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT, + "Templates - Applet Height", + LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH, + "Templates - Applet Width", + LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java index f27cb9ce7..86d047c74 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java @@ -28,47 +28,50 @@ import java.util.List; import java.util.Map; import java.util.regex.Pattern; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class ServicesGeneralInformationTask extends AbstractTaskValidator implements ITaskValidator { - + private static final Logger log = LoggerFactory.getLogger(ServicesGeneralInformationTask.class); private static final List KEYWHITELIST; + private static MOAIDConfiguration dbconfig; + static { - ArrayList temp = new ArrayList(); - temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, MOAIDConfigurationConstants.PREFIX_GENERAL)); - temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_LEGACY, MOAIDConfigurationConstants.PREFIX_GENERAL)); - + ArrayList temp = new ArrayList(); KEYWHITELIST = Collections.unmodifiableList(temp); } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) - */ - @Override - public void validate(Map input) - throws ConfigurationTaskValidationException { - // TODO Auto-generated method stub + @Autowired + public void setDatabaseConfiguration(MOAIDConfiguration config) { + dbconfig = config; + } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() */ @Override public String getKeyPrefix() { - // TODO Auto-generated method stub - return null; + return ""; } /* (non-Javadoc) @@ -76,8 +79,7 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem */ @Override public String getName() { - // TODO Auto-generated method stub - return null; + return "Service - General Configuration Task"; } /* (non-Javadoc) @@ -86,7 +88,6 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem @Override public Map postProcessing(Map input, List keysToDelete, Configuration dbconfig) { - // TODO Auto-generated method stub return null; } @@ -94,10 +95,113 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override - protected void tastValidate(Map input) - throws ConfigurationTaskValidationException { - // TODO Auto-generated method stub + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + if (dbconfig == null) { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!")); + + } + + List errors = new ArrayList(); + + String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } else { + log.info("OA friendlyName is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); + } + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (MiscUtil.isEmpty(isBusinessService)) { + log.info("OA businessservice flag is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + LanguageHelper.getErrorString("validation.general.businessservice.empty"))); + + } + + String servicePrefixId = input.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + if (MiscUtil.isNotEmpty(servicePrefixId)) { + String uniqueServiceID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (MiscUtil.isEmpty(uniqueServiceID)) { + log.info("Empty unique service identifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.empty"))); + + } else { + if (!ValidationHelper.validateURL(uniqueServiceID)) { + log.warn("Unique serice identifier is not a valid URL: " + uniqueServiceID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.valid"))); + + } else { + //check uniqueness of service identifier + try { + String[] allServiceKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + +".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (allServiceKeys != null) { + List foundKeys = new ArrayList(); + for (String elKey : allServiceKeys) { + String elValue = dbconfig.getStringValue(elKey); + if (uniqueServiceID.startsWith(elValue) || + (elValue != null && elValue.startsWith(uniqueServiceID))) { + log.debug("Found service with key: " + elKey + + " and uniqueID: " + elValue + + " which maches to edited service with uniqueID:" + + uniqueServiceID); + foundKeys.add(elKey); + + } + + } + if ((foundKeys.size() > 1) || + ((foundKeys.size() == 1) && !foundKeys.get(0).startsWith(servicePrefixId) )) { + log.info("The service identifier is not unique"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"))); + + } + } + + } catch (ConfigurationException e) { + log.error("Configuration not readable!", e); + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!"); + + } + } + } + + } else { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "No MOA-ID service prefix! Can not check uniqueness of service configuration.")); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + } /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java new file mode 100644 index 000000000..8c3475d8b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java @@ -0,0 +1,116 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesInterfederationIDPTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesInterfederationIDPTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Interfederation IDP"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String queryURL = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL, + "Attribute Querry URL", + LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid"))); + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java new file mode 100644 index 000000000..2e9dd1c30 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java @@ -0,0 +1,121 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesPVPGatewayTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesPVPGatewayTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - PVP Gateway Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String entityID = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); + if (MiscUtil.isNotEmpty(entityID)) { + if (!ValidationHelper.validateURL(entityID)) { + log.info("PVP gateway EntityID is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid"))); + + } + + } else + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty"))); + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java new file mode 100644 index 000000000..e8cdbba90 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java @@ -0,0 +1,152 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolOpenIDTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolOpenIDTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + //TODO: check secret + String guiClientID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID); + String guiClientSecret = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET); + + if (MiscUtil.isEmpty(guiClientSecret)) { + log.info("OpenID Connect client-secret is empty --> generate a new secrete."); + guiClientSecret = UUID.randomUUID().toString(); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET, + guiClientSecret); + + } + + if (MiscUtil.isEmpty(guiClientID)) { + log.info("OpenID Connect ClientID is empty --> Set ClientID to unique identifier."); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID, + input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER)); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String redirectURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL); + // validate redirectUri + if (StringUtils.isNotEmpty(redirectURL) && !ValidationHelper.validateURL(redirectURL)) { + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL, + "OpenID - Redirect URL", + LanguageHelper.getErrorString("error.oa.oauth.redirecturi"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java new file mode 100644 index 000000000..6da1bc389 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java @@ -0,0 +1,336 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Timer; +import java.util.regex.Pattern; + +import javax.net.ssl.SSLHandshakeException; + +import org.apache.commons.httpclient.MOAHttpClient; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataFilterChain; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.MOAIDWebGUIConfiguration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.MetaDataVerificationFilter; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolPVP2XTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + + Map newConfigValues = new HashMap(); + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + String[] splittet = certBase64.split(","); + if (splittet.length > 1) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + splittet[1]); + log.debug("Extract PVP2X metadata validation certificate from GUI upload and add it to key: {}", MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(certBase64)) { + certSerialized = Base64Utils.decode(certBase64, true); + X509Certificate cert = new X509Certificate(certSerialized); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE_SUBJECT, + cert.getSubjectDN().getName()); + + } + + } catch (IOException | CertificateException e) { + log.error("PVP2X metadata signing certificate is not parseable.", e); + + } + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; + + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(certBase64) && + !certBase64.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String[] splittet = certBase64.split(","); + if (splittet.length > 1) + certSerialized = Base64Utils.decode(splittet[1], true); + else + certSerialized = Base64Utils.decode(certBase64, true); + } + + + String metadataURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + if (MiscUtil.isNotEmpty(metadataURL)) { + + if (!ValidationHelper.validateURL(metadataURL)) { + log.info("MetaDataURL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata URL", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"))); + + } else { + + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + "PVP2x - Metadata Certificate", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } else { + + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (metadataURL.startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + MOAIDWebGUIConfiguration.getInstance().getCertStoreDirectory(), + MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true); + + httpClient.setCustomSSLTrustStore( + metadataURL, + protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + + } + + List filterList = new ArrayList(); + filterList.add(new MetaDataVerificationFilter(credential)); + + try { + filterList.add(new SchemaValidationFilter( + MOAIDWebGUIConfiguration.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, metadataURL); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.validation"))); + } + } + } + } + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } catch (IOException e) { + log.info("Metadata can not be loaded from URL", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"))); + + } catch (MetadataProviderException e) { + + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.ssl"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema"))); + + } else { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + + } + + } finally { + if (httpProvider != null) + httpProvider.destroy(); + + if (timer != null) + timer.cancel(); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_IIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java new file mode 100644 index 000000000..fe3a791e7 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java @@ -0,0 +1,114 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSAML1Task extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSAML1Task.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "protocols.saml1"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SAML1 Protocol Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String isProvideBaseID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID); + + if (Boolean.parseBoolean(isBusinessService) && + MiscUtil.isNotEmpty(isProvideBaseID) && Boolean.parseBoolean(isProvideBaseID)) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID, + "Protocols - SAML1 BaseID", + LanguageHelper.getErrorString("validation.saml1.providestammzahl"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java new file mode 100644 index 000000000..d4e80bed9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java @@ -0,0 +1,273 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSTORKTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + try { + //search actually stored service configurations + List storedServices = new ArrayList(); + for (String prefix : getModulValidatorPrefix()) { + String[] storedService = dbconfig.findConfigurationId(prefix + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (storedService != null && storedService.length > 0) + storedServices.addAll(Arrays.asList(storedService)); + } + + String GUIServiceUniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + String selectedServiceKey = null; + for (String serviceKey : storedServices) { + String storedUniqueId = dbconfig.getStringValue(serviceKey); + if (storedUniqueId.equals(GUIServiceUniqueID)) { + selectedServiceKey = KeyValueUtils.getPrefixFromKey(serviceKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + log.debug("Find service with key: " + selectedServiceKey + " --> Start STORK attribute provider postProcessing."); + break; + } + + } + + //load actually stored attribute provider names for service + Map storedAttributeProviders = new HashMap(); + if (MiscUtil.isNotEmpty(selectedServiceKey)) { + String[] storedAttribteProviderNames = dbconfig.findConfigurationId( + selectedServiceKey + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + ".%." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + if (storedAttribteProviderNames != null) { + for (String el : storedAttribteProviderNames) { + String attrProviderName = dbconfig.getStringValue(el); + storedAttributeProviders.put(attrProviderName, el); + + } + } + } + + Map storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + String guiAttrProviderName = current.getValue(); + if (storedAttributeProviders.containsKey(guiAttrProviderName)) { + log.trace("STORK attribute provider: " + guiAttrProviderName + + " is already stored"); + storedAttributeProviders.remove(guiAttrProviderName); + + } else { + log.trace("Add new STORK attribute provider: " + guiAttrProviderName + + " to service"); + + } + } + } + + if (!storedAttributeProviders.isEmpty()) { + log.trace("Remove STORK attribute providers from configuration."); + for (String el : storedAttributeProviders.values()) { + String removeString = KeyValueUtils.getPrefixFromKey(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + keysToDelete.add(removeString + "*"); + log.debug("Remove STORK attribute provider with key:" + removeString + "*"); + + } + + } + + } catch (ConfigurationException e) { + log.error("Configuration access FAILED.", e); + + } + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + //check V-IDP specific Target configurations + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (!Boolean.parseBoolean(isBusinessService)) { + log.info("STORK V-IDP only allowed as business Service."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + "STORK V-IDP only allowed as business Service.")); + } + + String identificationType = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (MiscUtil.isEmpty(identificationType) || + !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) { + log.info("STORK V-IDP only allowes identification numbers with STORK prefix."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - IdentificationType", + "STORK V-IDP only allowes identification numbers with STORK prefix")); + + } + + + Map storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + log.trace("Validate STORK attribute provider with key: " + current.getKey() + " value: " + current.getValue()); + String index = KeyValueUtils.getParentKey(current.getKey()); + + //validate attribute provider name + String attrProviderName = current.getValue(); + if (MiscUtil.isEmpty(attrProviderName)) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_STORKATTRIBUTEPROVIDERS.contains(attrProviderName)) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.valid"))); + } + } + + String attrProviderURL = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL); + String attrProviderAttr = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES); + + if (MiscUtil.isEmpty(attrProviderURL) || !ValidationHelper.validateURL(attrProviderURL)) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.url.valid"))); + } + + + if (MiscUtil.isEmpty(attrProviderAttr) || !attrProviderAttr.matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.attributes.valid"))); + } + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_VIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java new file mode 100644 index 000000000..bf2a38cd9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java @@ -0,0 +1,101 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; + +/** + * @author tlenz + * + */ +public class ServicesSSOAuthenticationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesSSOAuthenticationTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.sso"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SSO Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + //Actually, there is nothing to validate. + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java new file mode 100644 index 000000000..766032f1f --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -0,0 +1,221 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.CompanyNumberValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesTargetTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesTargetTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Target Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String check; + if (Boolean.parseBoolean(isBusinessService)) { + + //check identification type + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (!MOAIDConfigurationConstants.BUSINESSSERVICENAMES.keySet().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - Type", + LanguageHelper.getErrorString("validation.general.stork.sptarget"))); + } + + //check identification number + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.empty"))); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + + if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + .equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid"))); + } + } + } + + } else { + + //check own target + String useOwnTarget = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN); + if (MiscUtil.isNotEmpty(useOwnTarget) && Boolean.parseBoolean(useOwnTarget)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME, + "Own Target - FriendlyName", + LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + //check Own Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET, + "Own Target - Target", + LanguageHelper.getErrorString("validation.general.target.admin.valid"))); + } + } + + } else { + + //check PublicURL Prefix allows PublicService + String uniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (!ValidationHelper.isPublicServiceAllowed(input.get(uniqueID))) { + log.warn("PublicURLPrefix does not allow PublicService: " + uniqueID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {uniqueID}) )); + + } + + //check Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.valid"))); + } + } + + String isSubTargetUsed = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB); + if (MiscUtil.isNotEmpty(isSubTargetUsed) && Boolean.parseBoolean(isSubTargetUsed)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB, + "PublicService - Target SubSector", + LanguageHelper.getErrorString("validation.general.target.subsector.valid"))); + + } + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java new file mode 100644 index 000000000..96088b6eb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java @@ -0,0 +1,137 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesbPKDecryptionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesbPKDecryptionTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - bPK-Decryption Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + + //TODO: + + +// String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +// log.warn("OAFriendlyName contains potentail XSS characters: " + check); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", +// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); +// } +// } else { +// log.info("OA friendlyName is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); +// } +// +// String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); +// if (MiscUtil.isEmpty(isBusinessService)) { +// log.info("OA businessservice flag is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, +// "BusinessService", +// LanguageHelper.getErrorString("validation.general.businessservice.empty"))); +// +// } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java new file mode 100644 index 000000000..6ec48fa43 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java @@ -0,0 +1,122 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +import java.util.Iterator; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.validation.ValidationException; + +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.logging.Logger; + +public class MetaDataVerificationFilter implements MetadataFilter { + + BasicX509Credential credential; + + public MetaDataVerificationFilter(BasicX509Credential credential) { + this.credential = credential; + } + + + public void doFilter(XMLObject metadata) throws SignatureValidationException { + + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if(entitiesDescriptor.getSignature() == null) { + throw new SignatureValidationException("Root element of metadata file has to be signed"); + } + try { + processEntitiesDescriptor(entitiesDescriptor); + + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); + } + + } if (metadata instanceof EntityDescriptor) { + try { + EntityDescriptor entity = (EntityDescriptor) metadata; + if (entity.getSignature() != null) + verify(entity, this.credential); + + else + throw new SignatureValidationException("Root element of metadata file has to be signed", null); + + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); + } + } + } + + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws SignatureValidationException { + Iterator entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + verify(desc, this.credential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator entIT = desc.getEntityDescriptors().iterator(); + + while(entIT.hasNext()) { + EntityDescriptor entity = entIT.next(); + if (entity.getSignature() != null) + verify(entity, this.credential); + } + } + + private void verify(SignableSAMLObject entityDescriptor, Credential cred) + throws SignatureValidationException { + if (entityDescriptor.getSignature() == null) { + throw new SignatureValidationException("PVP2X Metadata not signed"); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SignatureValidationException("Failed to validate Signature", e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SignatureValidationException("Failed to verfiy Signature", e); + + } + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java new file mode 100644 index 000000000..587afe381 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java @@ -0,0 +1,98 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.opensaml.common.xml.SAMLSchemaBuilder; + +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SchemaValidationFilter implements MetadataFilter { + + private boolean isActive = true; + + /** + * + */ + public SchemaValidationFilter(boolean useSchemaValidation) { + this.isActive = useSchemaValidation; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws SchemaValidationException { + + String errString = null; + + if (isActive) { + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + DOMSource source = new DOMSource(arg0.getDOM()); + val.validate(source); + Logger.info("Metadata Schema validation check done OK"); + return; + + } catch (SAXException e) { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Metadata Schema validation FAILED with exception:", e); + else + Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } catch (Exception e) { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Metadata Schema validation FAILED with exception:", e); + else + Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } + + throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString); + + } else + Logger.info("Metadata Schema validation check is DEACTIVATED!"); + + } + +} diff --git a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator index 42bc23c95..8faf16843 100644 --- a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator +++ b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator @@ -1 +1,5 @@ +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolOpenIDTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolPVP2XTask at.gv.egovernment.moa.id.config.webgui.validation.task.impl.GeneralSTORKConfigurationTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesAuthenticationSTORKTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolSTORKTask \ No newline at end of file diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties index 2f36ab125..bb0499020 100644 --- a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties +++ b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties @@ -6,6 +6,7 @@ config.02=Configfile is not readable. ({0}) config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file not defined +config.06=Configfile {1} does not start with {0} prefix. error.title=Fehler: error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. @@ -372,7 +373,8 @@ validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folge validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer. -validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00F6ltiges Format. +validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00FCltiges Format. +validation.general.businessservice.empty=Die Application ist weder dem \u00F6ffentlichen noch dem privaten Sektor zugeordnet. validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties index 154f380ae..420ac27ec 100644 --- a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties +++ b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties @@ -6,6 +6,7 @@ config.02=Configfile is not readable. ({0}) config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file is not defined +config.06=Configfile {1} does not start with {0} prefix. error.title=Error: error.login.internal=The error occurred during the processing. Please try again or contact Administrator. @@ -371,6 +372,7 @@ validation.edituser.bpk.valid=BPK contains forbidden characters. The following c validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0} validation.general.publicURLprefix.empty=Public URL Prefix is blank. validation.general.publicURLprefix.valid=Public URL Prefix has invalid format. +validation.general.businessservice.empty=Online application is no public or private application. validation.general.certStoreDirectory.empty=CertStoreDirectory is blank. validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0} validation.general.Defaultchainigmode.empty=There is no DefaultChainingMode selected. diff --git a/id/moa-id-webgui/src/main/resources/gui/meta.properties b/id/moa-id-webgui/src/main/resources/gui/meta.properties index 177dff6f1..0abf358d9 100644 --- a/id/moa-id-webgui/src/main/resources/gui/meta.properties +++ b/id/moa-id-webgui/src/main/resources/gui/meta.properties @@ -1,28 +1,76 @@ -__BASE__.moaid.0=moa.id.general - -#__BASE__.all.1=moa.id.gateway +__BASE__.moaidgeneral.0=moa.id.general +__BASE__.moaidoa.0=moa.id.services.oa +__BASE__.moaidinterfederation.0=moa.id.services moa.id.general.__TY=general moa.id.general.__CA=General Configuration moa.id.general.__DE=General MOA-ID Configuration -#moa.id.oa.__GR=moa.id -#moa.id.oa.__TY=ARRAY -#moa.id.oa.__ADD=true -#moa.id.oa.__DEL=true -#moa.id.oa.__CA=List of online Applications -#moa.id.oa.__DE=Long description of the list of online Applications... -#moa.id.oa.__CTY=OA -#moa.id.oa.__CCA=Name;Online Applications URL -#moa.id.oa.__CIDS=name;url -#moa.id.oa.__CDE=An online Application - - -#moa.id.oa.__TE.name=Online Application Template -#moa.id.oa.__TE.url=http://sampleonline.application.com/ -#moa.id.oa.__TE.attributes.0.name=Vorname -#moa.id.oa.__TE.attributes.0.type=FIRSTNAME -#moa.id.oa.__TE.attributes.0.required=true -#moa.id.oa.__TE.__CA=A Template for an online Application -#moa.id.oa.__TE.__DE=Long description of the list of online Applications... +moa.id.services.__TY=GROUP +moa.id.services.__CA=MOA-ID Interfederation Services +moa.id.services.__DE=Interfederation Services + +##Online application## +moa.id.services.oa.__TY=ARRAY +moa.id.services.oa.__ADD=true +moa.id.services.oa.__DEL=true +moa.id.services.oa.__CA=List of online Applications +moa.id.services.oa.__DE=All actually configured online application +moa.id.services.oa.__CTY=moaidoa +moa.id.services.oa.__CCA=Unique ID;Friendlyname +moa.id.services.oa.__CIDS=uniqueID;friendlyName +moa.id.services.oa.__CDE=Online Application + +moa.id.services.oa.__TE.friendlyName=Sample Name +moa.id.services.oa.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.oa.__TE.isActive=false + +##V-IDP## +moa.id.services.vidp.__GR=moa.id.services +moa.id.services.vidp.__TY=ARRAY +moa.id.services.vidp.__ADD=true +moa.id.services.vidp.__DEL=true +moa.id.services.vidp.__CA=List of V-IDPs +moa.id.services.vidp.__DE=All actually configured V-IDP instances +moa.id.services.vidp.__CTY=moaidvidp +moa.id.services.vidp.__CCA=Unique ID;Friendlyname +moa.id.services.vidp.__CIDS=uniqueID;friendlyName +moa.id.services.vidp.__CDE=V-IDP + +moa.id.services.vidp.__TE.friendlyName=Sample V-IDP +moa.id.services.vidp.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.vidp.__TE.isActive=false + +##I-IDP## +moa.id.services.iidp.__GR=moa.id.services +moa.id.services.iidp.__TY=ARRAY +moa.id.services.iidp.__ADD=true +moa.id.services.iidp.__DEL=true +moa.id.services.iidp.__CA=List of Interfederation IDPs +moa.id.services.iidp.__DE=All actually configured I-IDP instances +moa.id.services.iidp.__CTY=moaidiidp +moa.id.services.iidp.__CCA=Unique ID;Friendlyname +moa.id.services.iidp.__CIDS=uniqueID;friendlyName +moa.id.services.iidp.__CDE=I-IDP + +moa.id.services.iidp.__TE.friendlyName=Sample I-IDP +moa.id.services.iidp.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.iidp.__TE.isActive=false + +##Gateway## +moa.id.services.gateway.__GR=moa.id.services +moa.id.services.gateway.__TY=ARRAY +moa.id.services.gateway.__ADD=true +moa.id.services.gateway.__DEL=true +moa.id.services.gateway.__CA=List of STORK<->PVP Gateways +moa.id.services.gateway.__DE=All actually configured Gateway instances +moa.id.services.gateway.__CTY=moaidgateway +moa.id.services.gateway.__CCA=Unique ID;Friendlyname +moa.id.services.gateway.__CIDS=uniqueID;friendlyName +moa.id.services.gateway.__CDE=V-IDP + +moa.id.services.gateway.__TE.friendlyName=Sample Gateway +moa.id.services.gateway.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.gateway.__TE.isActive=false + diff --git a/id/moa-id-webgui/src/main/resources/gui/types/gateway.json b/id/moa-id-webgui/src/main/resources/gui/types/gateway.json new file mode 100644 index 000000000..50ccd200c --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/gateway.json @@ -0,0 +1,50 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidgateway", + "type": "object", + "title": "STORK<->PVP Gateway", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "interfederation": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation", + "type": "object", + "title": "PVP Gateway", + "description": "STORK<->PVP Gateway configuration", + "options": { + "collapsed": true + }, + "properties": { + "forward.IDP": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/forward/entityID", + "type": "string", + "title": "PVP portal EntityID" + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/general.json b/id/moa-id-webgui/src/main/resources/gui/types/general.json index a4addb5f8..f7861332d 100644 --- a/id/moa-id-webgui/src/main/resources/gui/types/general.json +++ b/id/moa-id-webgui/src/main/resources/gui/types/general.json @@ -24,16 +24,19 @@ "onlineBKU" : { "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/online", "type": "string", + "format": "url", "title": "Online BKU" }, "handyBKU" : { "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/handy", "type": "string", + "format": "url", "title": "Handy BKU" }, "localBKU" : { "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/local", "type": "string", + "format": "url", "title": "Local BKU" } } @@ -87,6 +90,10 @@ "preview" : { "id": "http://www.egiz.gv.at/dynUI/general/auth/authblock/transform/preview", "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/general/auth/authblock/transform/filename", + "type": "string" } } }, diff --git a/id/moa-id-webgui/src/main/resources/gui/types/iidp.json b/id/moa-id-webgui/src/main/resources/gui/types/iidp.json new file mode 100644 index 000000000..a42254c36 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/iidp.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidiidp", + "type": "object", + "title": "Interfederation IDP", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "interfederation": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation", + "type": "object", + "title": "PVP Gateway", + "description": "STORK<->PVP Gateway configuration", + "options": { + "collapsed": true + }, + "properties": { + "SSO.inbound": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/inbound", + "type": "boolean", + "format" : "checkbox", + "title": "Allow inbound SSO" + }, + "SSO.outbound": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/outbound", + "type": "boolean", + "format" : "checkbox", + "title": "Allow outbound SSO" + }, + "SSO.store": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/store", + "type": "boolean", + "format" : "checkbox", + "title": "Store SSO session" + }, + "passiveReqeust": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/passiveReqeust", + "type": "boolean", + "format" : "checkbox", + "title": "Use SAML2 isPassive attribute" + }, + "localAuthOnError": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/localAuthOnError", + "type": "boolean", + "format" : "checkbox", + "title": "Local authentication in case of an error" + }, + "attributequery.url": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/attributequery/url", + "type": "string", + "title": "AttributeQuery service URL" + } + } + }, + "protocols": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols", + "type": "object", + "title": "Protocols", + "description": "Authentication protocol configuration", + "options": { + "collapsed": true + }, + "properties": { + "pvp2x": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x", + "type": "object", + "title": "PVP Configuration", + "description": "PVP 2.x authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "URL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/url", + "type": "string", + "title": "Metadata URL" + }, + "certificate": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate", + "type": "object", + "format": "file", + "title": "Metadata certificate", + "description": "Certificate for metadata signature validation", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/preview", + "type": "string" + } + } + } + } + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/oa.json b/id/moa-id-webgui/src/main/resources/gui/types/oa.json index eee0e97aa..aafc63b2e 100644 --- a/id/moa-id-webgui/src/main/resources/gui/types/oa.json +++ b/id/moa-id-webgui/src/main/resources/gui/types/oa.json @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/draft-04/schema#", "id": "http://www.egiz.gv.at/dynUI/OA", - "typeName": "oa", + "typeName": "moaidoa", "type": "object", "title": "Online Application Configuration", "format": "tabs", @@ -29,7 +29,7 @@ "format" : "checkbox", "title": "Private Sector application" }, - "target": { + "auth.target": { "id": "http://www.egiz.gv.at/dynUI/OA/target", "type": "object", "title": "Target definition", @@ -96,25 +96,36 @@ "type": "string", "title": "Sub-Target" }, - "use.own" : { - "id": "http://www.egiz.gv.at/dynUI/OA/target/public/useowntarget", - "type": "boolean", - "format" : "checkbox", - "title": "Use own-target" - }, - "own.target" : { - "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget", - "type": "string", - "title": "Own target" - }, - "own.name" : { - "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget/friendlyname", - "type": "string", - "title": "Own target - friendlyname" - } + "own" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/own", + "type": "object", + "title": "Own Target", + "description": "Own Target definition", + "options": { + "collapsed": true + }, + "properties": { + "use" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/useowntarget", + "type": "boolean", + "format" : "checkbox", + "title": "Use own-target" + }, + "target" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget", + "type": "string", + "title": "Own target" + }, + "name" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget/friendlyname", + "type": "string", + "title": "Own target - friendlyname" + } + } + } } }, - "private": { + "business": { "id": "http://www.egiz.gv.at/dynUI/OA/target/private", "type": "object", "title": "Private Sector definition", @@ -138,11 +149,515 @@ "id": "http://www.egiz.gv.at/dynUI/OA/target/private/value", "type": "string", "title": "Identifier" - }, + } } } } - } + }, + "auth": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth", + "type": "object", + "title": "Authentication", + "description": "Authentication configuration", + "options": { + "collapsed": true + }, + "properties": { + "bku": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku", + "type": "object", + "title": "BKU configuration", + "description": "Online application specific BKU communikation", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/online", + "type": "string", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/handy", + "type": "string", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/local", + "type": "string", + "title": "Local BKU" + }, + "keyBoxIdentifier" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/keyBoxIdentifier", + "type": "string", + "title": "KeyBoxIdentifier", + "enum": [ + "SecureSignatureKeypair", + "CertifiedKeypair" + ] + }, + "template": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template", + "type": "object", + "title": "SecurityLayer Templates", + "description": "Online application specific SecurityLayer templates", + "options": { + "collapsed": true + }, + "properties": { + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template/legacy", + "type": "boolean", + "format" : "checkbox", + "title": "Activate Legacy Mode" + }, + "first.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/first/url", + "type": "string", + "title": "First SL-Template" + }, + "second.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/second/url", + "type": "string", + "title": "Second SL-Template" + }, + "third.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/third/url", + "type": "string", + "title": "Third SL-Template" + } + } + } + } + }, + "templates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/templates", + "type": "object", + "title": "BKU selection customization", + "description": "Customization of the BKU selection form", + "options": { + "collapsed": true + }, + "properties": { + "customize": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize", + "type": "object", + "title": "Customize default template", + "description": "Customization of the default template", + "options": { + "collapsed": true + }, + "properties": { + "fonttype" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/fonttype", + "type": "string", + "title": "Font Type" + }, + "color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/back", + "type": "string", + "title": "Backcolor" + }, + "color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/front", + "type": "string", + "title": "Frontcolor" + }, + "header.color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/back", + "type": "string", + "title": "Header Backcolor" + }, + "header.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/front", + "type": "string", + "title": "Header Frontcolor" + }, + "header.text" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/text", + "type": "string", + "title": "Header Text" + }, + "button.color.back.focus" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/back/focus", + "type": "string", + "title": "Font Type" + }, + "button.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/front", + "type": "string", + "title": "Font Type" + }, + "applet.redirecttarget" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/redirecttarget", + "type": "string", + "title": "Applet - Redirect Target", + "enum": [ + "_blank", + "_self", + "_parent", + "_top" + ] + }, + "applet.hight" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/hight", + "type": "string", + "title": "Applet - Hight" + }, + "applet.width" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/width", + "type": "string", + "title": "Applet - Width" + } + } + }, + "bkuselection": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection", + "type": "object", + "format": "file", + "title": "BKU selection template", + "description": "Applicatio specific BKU selection template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/filename", + "type": "string" + } + } + }, + "sendAssertion": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion", + "type": "object", + "format": "file", + "title": "SendAssertion selection template", + "description": "Applicatio specific SendAssertion template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/filename", + "type": "string" + } + } + } + } + }, + "authblock": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock", + "type": "object", + "title": "AuthBlock configuration", + "description": "Online application specific AuthBlock configuration", + "options": { + "collapsed": true + }, + "properties": { + "removebPK" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/removebpk", + "type": "boolean", + "format" : "checkbox", + "title": "Remove bPK/wbPK" + }, + "additionaltext" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/text", + "type": "string", + "format": "textarea", + "title": "Additional AuthBlock Text" + } + } + }, + "testcredentials": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials", + "type": "object", + "title": "Test identities", + "description": "Test identities configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable test identities" + }, + "oids" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/oids", + "type": "string", + "title": "Allowed test-identity OIDs" + } + } + }, + "mandates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates", + "type": "object", + "title": "Mandates", + "description": "Online mandate configuration", + "options": { + "collapsed": true + }, + "properties": { + "use" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/use", + "type": "boolean", + "format" : "checkbox", + "title": "Mandates (yes/no)" + }, + "only" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/only", + "type": "boolean", + "format" : "checkbox", + "title": "Only mandates allowed" + }, + "profiles" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/profiles", + "type": "string", + "title": "Allowed mandated profiles" + } + } + }, + "sso": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso", + "type": "object", + "title": "Single Sign-On (SSO)", + "description": "Single Sign-On configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Single Sign-On (yes/no)" + }, + "userRequest" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso/sendassertionrequest", + "type": "boolean", + "format" : "checkbox", + "title": "Additional Userrequest" + } + } + }, + "stork": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork", + "type": "object", + "title": "STORK", + "description": "STORK configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable STORK logon" + }, + "minqaalevel" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/minqaa", + "type": "boolean", + "format" : "checkbox", + "title": "Minimum QAA Level" + }, + "countries" : { + "type": "array", + "title": "Countries", + "format": "table", + "options": { + "collapsed": true, + "disable_array_add": true, + "disable_array_delete": true, + "disable_array_reorder": true + }, + "items": { + "type": "object", + "properties": { + "countrycode": { + "type": "string", + "readOnly": true, + "title": "CountryCode" + }, + "enabled": { + "type": "boolean", + "format": "checkbox", + "title": "Enabled" + } + } + } + }, + "attributes" : { + "type": "array", + "title": "Attributes", + "format": "table", + "options": { + "collapsed": true, + "disable_array_add": true, + "disable_array_delete": true, + "disable_array_reorder": true + }, + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "readOnly": true, + "title": "CountryCode" + }, + "requested": { + "type": "boolean", + "format": "checkbox", + "title": "Requested" + }, + "mandatory": { + "type": "boolean", + "format": "checkbox", + "title": "Mandatory" + } + } + } + } + } + } + } + }, + "protocols": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols", + "type": "object", + "title": "Protocols", + "description": "Authentication protocol configuration", + "options": { + "collapsed": true + }, + "properties": { + "saml1": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1", + "type": "object", + "title": "SAML1 Configuration", + "description": "SAML1 authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enabled" + }, + "idl" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/idl", + "type": "boolean", + "format" : "checkbox", + "title": "IdentityLink" + }, + "baseid" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/baseid", + "type": "boolean", + "format" : "checkbox", + "title": "BaseID" + }, + "authblock" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/authblock", + "type": "boolean", + "format" : "checkbox", + "title": "AuthBlock" + }, + "certificate" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/certificate", + "type": "boolean", + "format" : "checkbox", + "title": "Signer Certificate" + }, + "mandate" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/mandate", + "type": "boolean", + "format" : "checkbox", + "title": "Full mandate" + }, + "returnError" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/returnError", + "type": "boolean", + "format" : "checkbox", + "title": "Return Errors to Application" + } + } + }, + "pvp2x": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x", + "type": "object", + "title": "PVP Configuration", + "description": "PVP 2.x authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "URL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/url", + "type": "string", + "title": "Metadata URL" + }, + "certificate": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate", + "type": "object", + "format": "file", + "title": "Metadata certificate", + "description": "Certificate for metadata signature validation", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/preview", + "type": "string" + } + } + } + } + }, + "openID" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid", + "type": "object", + "title": "OpenID Connect Configuration", + "description": "OpenID Connect authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "clientID" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/clientid", + "type": "string", + "readOnly" : true, + "title": "Client-ID" + }, + "secret" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/clientsecret", + "type": "string", + "readOnly" : true, + "title": "Client-Secret" + }, + "redirectURL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/redirectURL", + "type": "string", + "title": "Client-Secret" + } + } + } + } + } }, "required": ["uniqueID", "friendlyName"] } diff --git a/id/moa-id-webgui/src/main/resources/gui/types/vidp.json b/id/moa-id-webgui/src/main/resources/gui/types/vidp.json new file mode 100644 index 000000000..3e6e4fb7b --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/vidp.json @@ -0,0 +1,371 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidvidp", + "type": "object", + "title": "STORK V-IDP", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "auth.target": { + "id": "http://www.egiz.gv.at/dynUI/OA/target", + "type": "object", + "title": "Target definition", + "description": "bPK or wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "business": { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private", + "type": "object", + "title": "Private Sector definition", + "description": "wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "type" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/type", + "type": "string", + "title": "Sector Type", + "enum": [ + "FN", + "ZVR", + "ERSB", + "STORK" + ] + }, + "value" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/value", + "type": "string", + "title": "Identifier" + } + } + } + } + }, + "auth": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth", + "type": "object", + "title": "Authentication", + "description": "Authentication configuration", + "options": { + "collapsed": true + }, + "properties": { + "bku": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku", + "type": "object", + "title": "BKU configuration", + "description": "Online application specific BKU communikation", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/online", + "type": "string", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/handy", + "type": "string", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/local", + "type": "string", + "title": "Local BKU" + }, + "keyBoxIdentifier" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/keyBoxIdentifier", + "type": "string", + "title": "KeyBoxIdentifier", + "enum": [ + "SecureSignatureKeypair", + "CertifiedKeypair" + ] + }, + "template": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template", + "type": "object", + "title": "SecurityLayer Templates", + "description": "Online application specific SecurityLayer templates", + "options": { + "collapsed": true + }, + "properties": { + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template/legacy", + "type": "boolean", + "format" : "checkbox", + "title": "Activate Legacy Mode" + }, + "first.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/first/url", + "type": "string", + "title": "First SL-Template" + }, + "second.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/second/url", + "type": "string", + "title": "Second SL-Template" + }, + "third.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/third/url", + "type": "string", + "title": "Third SL-Template" + } + } + } + } + }, + "templates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/templates", + "type": "object", + "title": "BKU selection customization", + "description": "Customization of the BKU selection form", + "options": { + "collapsed": true + }, + "properties": { + "customize": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize", + "type": "object", + "title": "Customize default template", + "description": "Customization of the default template", + "options": { + "collapsed": true + }, + "properties": { + "fonttype" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/fonttype", + "type": "string", + "title": "Font Type" + }, + "color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/back", + "type": "string", + "title": "Backcolor" + }, + "color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/front", + "type": "string", + "title": "Frontcolor" + }, + "header.color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/back", + "type": "string", + "title": "Header Backcolor" + }, + "header.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/front", + "type": "string", + "title": "Header Frontcolor" + }, + "header.text" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/text", + "type": "string", + "title": "Header Text" + }, + "button.color.back.focus" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/back/focus", + "type": "string", + "title": "Font Type" + }, + "button.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/front", + "type": "string", + "title": "Font Type" + }, + "applet.redirecttarget" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/redirecttarget", + "type": "string", + "title": "Applet - Redirect Target", + "enum": [ + "_blank", + "_self", + "_parent", + "_top" + ] + }, + "applet.hight" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/hight", + "type": "string", + "title": "Applet - Hight" + }, + "applet.width" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/width", + "type": "string", + "title": "Applet - Width" + } + } + }, + "bkuselection": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection", + "type": "object", + "format": "file", + "title": "BKU selection template", + "description": "Applicatio specific BKU selection template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/filename", + "type": "string" + } + } + }, + "sendAssertion": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion", + "type": "object", + "format": "file", + "title": "SendAssertion selection template", + "description": "Applicatio specific SendAssertion template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/filename", + "type": "string" + } + } + } + } + }, + "authblock": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock", + "type": "object", + "title": "AuthBlock configuration", + "description": "Online application specific AuthBlock configuration", + "options": { + "collapsed": true + }, + "properties": { + "removebPK" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/removebpk", + "type": "boolean", + "format" : "checkbox", + "title": "Remove bPK/wbPK" + }, + "additionaltext" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/text", + "type": "string", + "format": "textarea", + "title": "Additional AuthBlock Text" + } + } + }, + "testcredentials": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials", + "type": "object", + "title": "Test identities", + "description": "Test identities configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable test identities" + }, + "oids" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/oids", + "type": "string", + "title": "Allowed test-identity OIDs" + } + } + }, + "stork": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork", + "type": "object", + "title": "STORK", + "description": "STORK configuration", + "options": { + "collapsed": true + }, + "properties": { + "requireConsent" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/requireConsent", + "type": "boolean", + "format" : "checkbox", + "title": "Ask the user for attributes transfer consent" + }, + "attributeprovider" : { + "type": "array", + "title": "Attribute-Provider Plug-ins", + "format": "table", + "options": { + "collapsed": true + }, + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "title": "Attribute Plug-in", + "enum": [ + "StorkAttributeRequestProvider", + "EHvdAttributeProvider_deprecated", + "EHvdAttributeProvider", + "SignedDocAttributeRequestProvider", + "MandateAttributeRequestProvider", + "PVPAuthenticationProvider" + ] + }, + "url": { + "type": "string", + "format": "url", + "title": "URL" + }, + "attributes": { + "type": "string", + "title": "Attribute (CSV)" + } + } + } + } + } + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml b/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml index 3d1528fdf..0ee7ac89c 100644 --- a/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml +++ b/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml @@ -9,14 +9,16 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - - + - + - - + + + + + \ No newline at end of file -- cgit v1.2.3