From 7523477ce0884b45a992748a12ea824fa85ea14d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Sun, 26 Nov 2017 21:04:51 +0100 Subject: add String escaping on same methods --- .../id/commons/config/MigrateConfiguration.java | 206 ++++++++++----------- .../java/at/gv/egovernment/moa/util/FileUtils.java | 68 +++---- .../at/gv/egovernment/moa/util/KeyStoreUtils.java | 54 +++--- .../at/gv/egovernment/moa/util/OutputXML2File.java | 102 ---------- 4 files changed, 164 insertions(+), 266 deletions(-) delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java index 4e8c7dffd..32dd97148 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java @@ -1,103 +1,103 @@ -package at.gv.egovernment.moa.id.commons.config; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; - -import javax.xml.bind.JAXBException; - -import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI; -import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams; - -/** - * CLI tool which is able to perform the following tasks: - * - */ -public class MigrateConfiguration { - - public static void main(String[] args) { - - MOAIDConfCLI cli = new MOAIDConfCLI(); - MigrateConfigurationParams parsedParameters = cli.parse(args); - - // consider settings of force switch - boolean isOverwriteData = parsedParameters.isOverwriteData(); - ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData); - - if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) { - // read input from file - workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil); - - } else if (parsedParameters.getInputDBConfig() != null) { - // read input from database - workWithImputFromDB(parsedParameters, configUtil); - - } else { - System.exit(1); - } - } - - /** - * Handle the case where input from a file is read. - * - * @param inputFileUrl - * the url of the input file. - * @param parsedParameters - * the command line parameters. - * @param configUtil - * the class for working with the configuration. - */ - private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters, - ConfigurationUtil configUtil) { - File inFile = new File(inputFileUrl); - try (FileInputStream inStream = new FileInputStream(inFile);) { - - if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { - // input from file and output to a file is desired - File outFile = new File(parsedParameters.getOutputFile()); - configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile); - - } else if (parsedParameters.getOutputDBConfig() != null) { - // input from file and output to a database is desired - configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig()); - } - } catch (JAXBException e) { - System.out.println("MOA-ID XML configuration can not be loaded from given file."); - System.exit(1); - } catch (FileNotFoundException e) { - System.out.println("Could not find the input file."); - System.exit(1); - } catch (IOException e) { - System.out.println("Could not read from the input file."); - System.exit(1); - } - } - - /** - * Handle the case where input is read from a database. - * - * @param parsedParameters - * the command line parameters. - * @param configUtil - * the class for working with the configuration. - */ - private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) { - if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { - // input from database and output to a file is desired - File outFile = new File(parsedParameters.getOutputFile()); - String inputDBConfigFilePath = parsedParameters.getInputDBConfig(); - configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile); - - } else if (parsedParameters.getOutputDBConfig() != null) { - // input from database and output to a database is desired - // configUtil.readFromDBWriteToDB(inDBConfigFilePath, - // outDBConfigFilePath); - } - } -} \ No newline at end of file +//package at.gv.egovernment.moa.id.commons.config; +// +//import java.io.File; +//import java.io.FileInputStream; +//import java.io.FileNotFoundException; +//import java.io.IOException; +// +//import javax.xml.bind.JAXBException; +// +//import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI; +//import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams; +// +///** +// * CLI tool which is able to perform the following tasks: +// * +// */ +//public class MigrateConfiguration { +// +// public static void main(String[] args) { +// +// MOAIDConfCLI cli = new MOAIDConfCLI(); +// MigrateConfigurationParams parsedParameters = cli.parse(args); +// +// // consider settings of force switch +// boolean isOverwriteData = parsedParameters.isOverwriteData(); +// ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData); +// +// if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) { +// // read input from file +// workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil); +// +// } else if (parsedParameters.getInputDBConfig() != null) { +// // read input from database +// workWithImputFromDB(parsedParameters, configUtil); +// +// } else { +// System.exit(1); +// } +// } +// +// /** +// * Handle the case where input from a file is read. +// * +// * @param inputFileUrl +// * the url of the input file. +// * @param parsedParameters +// * the command line parameters. +// * @param configUtil +// * the class for working with the configuration. +// */ +// private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters, +// ConfigurationUtil configUtil) { +// File inFile = new File(inputFileUrl); +// try (FileInputStream inStream = new FileInputStream(inFile);) { +// +// if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { +// // input from file and output to a file is desired +// File outFile = new File(parsedParameters.getOutputFile()); +// configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile); +// +// } else if (parsedParameters.getOutputDBConfig() != null) { +// // input from file and output to a database is desired +// configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig()); +// } +// } catch (JAXBException e) { +// System.out.println("MOA-ID XML configuration can not be loaded from given file."); +// System.exit(1); +// } catch (FileNotFoundException e) { +// System.out.println("Could not find the input file."); +// System.exit(1); +// } catch (IOException e) { +// System.out.println("Could not read from the input file."); +// System.exit(1); +// } +// } +// +// /** +// * Handle the case where input is read from a database. +// * +// * @param parsedParameters +// * the command line parameters. +// * @param configUtil +// * the class for working with the configuration. +// */ +// private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) { +// if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { +// // input from database and output to a file is desired +// File outFile = new File(parsedParameters.getOutputFile()); +// String inputDBConfigFilePath = parsedParameters.getInputDBConfig(); +// configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile); +// +// } else if (parsedParameters.getOutputDBConfig() != null) { +// // input from database and output to a database is desired +// // configUtil.readFromDBWriteToDB(inDBConfigFilePath, +// // outDBConfigFilePath); +// } +// } +//} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java index a70d62e1e..3291f8a15 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java @@ -53,40 +53,40 @@ public class FileUtils { in.close(); return content; } - /** - * Reads a file, given by URL, into a String. - * @param urlString file URL - * @param encoding character encoding - * @return file content - * @throws IOException on any exception thrown - */ - public static String readURL(String urlString, String encoding) throws IOException { - byte[] content = readURL(urlString); - return new String(content, encoding); - } - /** - * Reads a file, given by filename, into a byte array. - * @param filename filename - * @return file content - * @throws IOException on any exception thrown - */ - public static byte[] readFile(String filename) throws IOException { - BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename)); - byte[] content = StreamUtils.readStream(in); - in.close(); - return content; - } - /** - * Reads a file, given by filename, into a String. - * @param filename filename - * @param encoding character encoding - * @return file content - * @throws IOException on any exception thrown - */ - public static String readFile(String filename, String encoding) throws IOException { - byte[] content = readFile(filename); - return new String(content, encoding); - } +// /** +// * Reads a file, given by URL, into a String. +// * @param urlString file URL +// * @param encoding character encoding +// * @return file content +// * @throws IOException on any exception thrown +// */ +// public static String readURL(String urlString, String encoding) throws IOException { +// byte[] content = readURL(urlString); +// return new String(content, encoding); +// } +// /** +// * Reads a file, given by filename, into a byte array. +// * @param filename filename +// * @return file content +// * @throws IOException on any exception thrown +// */ +// public static byte[] readFile(String filename) throws IOException { +// BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename)); +// byte[] content = StreamUtils.readStream(in); +// in.close(); +// return content; +// } +// /** +// * Reads a file, given by filename, into a String. +// * @param filename filename +// * @param encoding character encoding +// * @return file content +// * @throws IOException on any exception thrown +// */ +// public static String readFile(String filename, String encoding) throws IOException { +// byte[] content = readFile(filename); +// return new String(content, encoding); +// } /** * Reads a file from a resource. * @param name resource name diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java index 3d28f4f2b..38dcafcc0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java @@ -126,33 +126,33 @@ public class KeyStoreUtils { } return ks; } - /** - * Creates a key store from a directory containg X509 certificate files, - * aliasing them with the index in the String[], starting with "0". - * All the files in the directory are considered to be certificates. - * - * @param keyStoreType key store type - * @param certDirURLString file URL of directory containing certificate filenames - * @return key store created - * @throws IOException thrown while reading the certificates from file - * @throws GeneralSecurityException thrown while creating the key store - */ - public static KeyStore createKeyStoreFromCertificateDirectory( - String keyStoreType, - String certDirURLString) - throws IOException, GeneralSecurityException { - - URL certDirURL = new URL(certDirURLString); - String certDirname = certDirURL.getFile(); - File certDir = new File(certDirname); - String[] certFilenames = certDir.list(); - String separator = - (certDirname.endsWith(File.separator) ? "" : File.separator); - for (int i = 0; i < certFilenames.length; i++) { - certFilenames[i] = certDirname + separator + certFilenames[i]; - } - return createKeyStore(keyStoreType, certFilenames); - } +// /** +// * Creates a key store from a directory containg X509 certificate files, +// * aliasing them with the index in the String[], starting with "0". +// * All the files in the directory are considered to be certificates. +// * +// * @param keyStoreType key store type +// * @param certDirURLString file URL of directory containing certificate filenames +// * @return key store created +// * @throws IOException thrown while reading the certificates from file +// * @throws GeneralSecurityException thrown while creating the key store +// */ +// public static KeyStore createKeyStoreFromCertificateDirectory( +// String keyStoreType, +// String certDirURLString) +// throws IOException, GeneralSecurityException { +// +// URL certDirURL = new URL(certDirURLString); +// String certDirname = certDirURL.getFile(); +// File certDir = new File(certDirname); +// String[] certFilenames = certDir.list(); +// String separator = +// (certDirname.endsWith(File.separator) ? "" : File.separator); +// for (int i = 0; i < certFilenames.length; i++) { +// certFilenames[i] = certDirname + separator + certFilenames[i]; +// } +// return createKeyStore(keyStoreType, certFilenames); +// } /** * Loads an X509 certificate from file. diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java deleted file mode 100644 index e3f8f75a1..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -/* - * Created on 26.04.2004 - * - * @author rschamberger - * $ID$ - */ -package at.gv.egovernment.moa.util; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * utility functions to write XML data to files - * @author rschamberger - * @version $Id$ - */ -public class OutputXML2File { - - /** - * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8) - * - * @param filename file name - * @param rootElem root element in DOM tree - * @param hierarchy of the Logger - */ - public static void debugOutputXML2File(String filename, Element rootElem, String hierarchy) { - if (Logger.isDebugEnabled(hierarchy)) { - outputXML2File(filename, rootElem); - } - } - - /** - * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8) - * - * @param filename file name - * @param xmlString XML string - * @param hierarchy of the Logger - */ - public static void debugOutputXML2File(String filename, String xmlString, String hierarchy) { - if (Logger.isDebugEnabled(hierarchy)) { - outputXML2File(filename, xmlString); - } - } - - /** - * writes an XML structure to file (Encoding: UTF-8) - * - * @param filename file name - * @param rootElem root element in DOM tree - */ - public static void outputXML2File(String filename, Element rootElem) { - try { - String xmlString = new String(DOMUtils.serializeNode(rootElem)); - outputXML2File(filename, xmlString); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - - /** - * writes an XML structure to file (Encoding: UTF-8) - * - * @param filename file name - * @param xmlString XML string - */ - public static void outputXML2File(String filename, String xmlString) { - try { - java.io.OutputStream fout = new java.io.FileOutputStream(filename); - byte[] xmlData = xmlString.getBytes("UTF-8"); - fout.write(xmlData); - fout.close(); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - -} -- cgit v1.2.3 From c635f245db55dbab616db3835087fbf33be832d0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 27 Nov 2017 12:09:21 +0100 Subject: refactoring: rename method --- .../moa/id/commons/validation/ValidationHelper.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java index 01ae2a354..0a0c4b06d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java @@ -22,11 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.commons.validation; -import iaik.asn1.ObjectID; -import iaik.utils.Util; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -45,6 +40,10 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.logging.Logger; +import iaik.asn1.ObjectID; +import iaik.utils.Util; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; public class ValidationHelper { @@ -322,7 +321,7 @@ public class ValidationHelper { return "; % \" ' ` , < > \\"; } - public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) { + public static boolean containsNotValidCharacter(String param, boolean commaallowed) { if (param == null) { return false; @@ -340,7 +339,7 @@ public class ValidationHelper { param.indexOf("/") != -1; } - public static String getPotentialCSSCharacter(boolean commaallowed) { + public static String getNotValidCharacter(boolean commaallowed) { if (commaallowed) return "; % \" ' ` < > \\ /"; -- cgit v1.2.3 From f6ef9b2e21af5a55b9f2b360de3cff38c56904d6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 27 Nov 2017 15:33:37 +0100 Subject: add some more escaptions --- .../java/at/gv/egovernment/moa/logging/Logger.java | 5 +++- .../java/at/gv/egovernment/moa/util/FileUtils.java | 35 +--------------------- 2 files changed, 5 insertions(+), 35 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java index 3730b36ce..9152f2549 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java @@ -27,6 +27,9 @@ package at.gv.egovernment.moa.logging; import java.util.HashMap; import java.util.Map; +import org.apache.commons.lang3.StringEscapeUtils; + + /** * A utility class acting as a facade to the logging subsystem. * @@ -88,7 +91,7 @@ public class Logger { private static String prepareMessage(Object message) { if(null == message) return "no message given"; - return message.toString(); + return StringEscapeUtils.escapeHtml4(message.toString()); } /** diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java index 3291f8a15..8d6aea164 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java @@ -53,40 +53,7 @@ public class FileUtils { in.close(); return content; } -// /** -// * Reads a file, given by URL, into a String. -// * @param urlString file URL -// * @param encoding character encoding -// * @return file content -// * @throws IOException on any exception thrown -// */ -// public static String readURL(String urlString, String encoding) throws IOException { -// byte[] content = readURL(urlString); -// return new String(content, encoding); -// } -// /** -// * Reads a file, given by filename, into a byte array. -// * @param filename filename -// * @return file content -// * @throws IOException on any exception thrown -// */ -// public static byte[] readFile(String filename) throws IOException { -// BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename)); -// byte[] content = StreamUtils.readStream(in); -// in.close(); -// return content; -// } -// /** -// * Reads a file, given by filename, into a String. -// * @param filename filename -// * @param encoding character encoding -// * @return file content -// * @throws IOException on any exception thrown -// */ -// public static String readFile(String filename, String encoding) throws IOException { -// byte[] content = readFile(filename); -// return new String(content, encoding); -// } + /** * Reads a file from a resource. * @param name resource name -- cgit v1.2.3 From 91b54c413aca1f214de482e7ea899bdec114880d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 28 Nov 2017 10:54:34 +0100 Subject: deactivated PVP EntityCategory mapper as default --- .../java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index 07b07d980..4dda4c736 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -13,6 +13,7 @@ public interface AuthConfiguration extends ConfigurationProvider{ public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname"; public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname"; + public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active"; public static final String DEFAULT_X509_CHAININGMODE = "pkix"; -- cgit v1.2.3