From 80ff1ae02a1080594433494fcf99e5e8ca470584 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Dec 2020 14:38:12 +0100 Subject: switch to next snapshot version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- 26 files changed, 26 insertions(+), 26 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 4a8ba973a..b6c82328b 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.5 + 4.1.6-SNAPSHOT 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index fa7694129..36275beea 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.5 + 4.1.6-SNAPSHOT 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index b60e62ac3..e78ebd175 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.5 + 4.1.6-SNAPSHOT MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 1522121d2..b4e8b9858 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.5 + 4.1.6-SNAPSHOT 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index 84506b71c..70d9609bb 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.5 + 4.1.6-SNAPSHOT 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 5a743549b..adfb2aa4f 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 72d5b51d7..50075abfe 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 28d0b3f68..e8b194f3f 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 545a9d953..452a566bf 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index 85857cd59..ac60b89a4 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 427bab738..2ad6199a9 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index e4441dc95..8bc49354d 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index b1dd44779..2668b4f97 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index b826597e9..1df8e5824 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index 9764a8ee6..3b583d69e 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index e3cc3cb52..4db2aa3ad 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 45fd97508..eabb1fc18 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 46b645403..be7a15d89 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 131ae455b..a7a4dad1b 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 0dccba648..1f7606e1d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index d0869994b..dbf91dccf 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 1148ab31c..049da3a4e 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index d2cd5686e..87ae74148 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 5b19d44c0..aef322b1e 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.5 + 4.1.6-SNAPSHOT moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index d2bce7b0d..fb8c5c5df 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.5 + 4.1.6-SNAPSHOT MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index e9fb44b80..8b1dd5b4b 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.5 + 4.1.6-SNAPSHOT 4.0.0 -- cgit v1.2.3 From d9366a3cdbc4cbcbd9900aacca53ea23f69990d0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Feb 2021 09:32:02 +0100 Subject: add missing certificates into truststore --- ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ---------------------- ...remium-Sig-05.20141215-20241209.SerNo165fb8.crt | 36 ++++++++++++++++++++++ 2 files changed, 36 insertions(+), 36 deletions(-) delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt (limited to 'id') diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt deleted file mode 100644 index ee17cdb80..000000000 --- a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt +++ /dev/null @@ -1,36 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB -VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp -bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl -c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx -MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV -BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry -LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 -bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC -IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS -BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp -gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR -cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls -5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d -s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka -hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE -/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 -kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh -5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu -IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj -AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov -L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME -DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 -3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy -8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG -x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM -tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 -76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra -nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN -sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp -FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy -Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq -C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 -85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK -6MsTXFjxlwpIacl4fkAxk6L22xfB ------END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- -- cgit v1.2.3 From 4f8f303c78b2696a5166c6688310f206f79cc42b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 15 Mar 2021 07:49:19 +0100 Subject: update demo-SP for IDA testing --- .../id/demoOA/servlet/pvp2/DemoApplication.java | 46 +++++++++++++++------- .../moa/id/demoOA/utils/AttributeListBuilder.java | 12 +++--- 2 files changed, 38 insertions(+), 20 deletions(-) (limited to 'id') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index e36a880ba..df58fbc7a 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -41,6 +41,7 @@ import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; +import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.EncryptedAssertion; @@ -229,21 +230,20 @@ public class DemoApplication extends HttpServlet { Decrypter samlDecrypter = new Decrypter(null, skicr, encryptedKeyResolver); - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } + for (EncryptedAssertion encAssertion : encryAssertionList) { + Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion); + samlResponse.getAssertions().add(decryptedAssertion); + log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument(decryptedAssertion))); + + } log.debug("Assertion decryption finished. "); } else { - saml2assertions = samlResponse.getAssertions(); + log.debug("Assertiojn is not encryted. Use it as it is"); } - - samlResponse.getAssertions().clear(); - samlResponse.getAssertions().addAll(saml2assertions); - + //set assertion org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); String assertion = DOMUtils.serializeNode(doc); @@ -254,7 +254,9 @@ public class DemoApplication extends HttpServlet { String familyName = null; String birthday = null; - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption"); + + for (org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) { try { principleId = saml2assertion.getSubject().getNameID().getValue(); @@ -270,16 +272,32 @@ public class DemoApplication extends HttpServlet { List attributes = attributeStatements.get(i).getAttributes(); for (int x = 0; x < attributes.size(); x++) { - String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); + + + String strAttributeName = attributes.get(x).getName(); - if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) + log.debug("Find attribute with name: " + strAttributeName + " and value: " + + attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue()); + + if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) + + } + + if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - } + + } + + if (strAttributeName.equals(PVPConstants.BPK_NAME)) { + principleId = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } } } request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java index 1dcc66a56..9dc0d1d6f 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java @@ -47,19 +47,19 @@ public class AttributeListBuilder implements PVPConstants{ //select PVP2 attributes which are needed for this application - requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); - requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false)); - requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(MANDATE_FULL_MANDATE_NAME, MANDATE_FULL_MANDATE_FRIENDLY_NAME, false)); -- cgit v1.2.3 From c3aa73a61e37e65545a18169b54d0360f964f273 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 22 Apr 2021 12:28:56 +0200 Subject: add new assembly process --- id/ConfigWebTool/pom.xml | 9 ++- id/assembly-auth-edu.xml | 191 --------------------------------------------- id/assembly-auth-final.xml | 191 --------------------------------------------- id/assembly-proxy.xml | 120 ---------------------------- id/oa/pom.xml | 2 +- 5 files changed, 6 insertions(+), 507 deletions(-) delete mode 100644 id/assembly-auth-edu.xml delete mode 100644 id/assembly-auth-final.xml delete mode 100644 id/assembly-proxy.xml (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index b6c82328b..63db8f8db 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -227,7 +227,10 @@ - + war + + moa-id-configuration + - - - moa-id-auth-edu-${moa-id-version} - - - - ${basedir}/id/server/data/deploy - / - - **/conf/Catalina/** - ${basedir}/id/server/data/deploy/conf/moa-id-proxy/** - - - - ${basedir}/spss/handbook/conf/moa-spss/certstore - /conf/moa-id/certs/certstore - - **/* - - - - ${basedir}/spss/handbook/conf/moa-spss/certstore - /conf/moa-spss/certstore - - **/* - - - - ${basedir}/id/server/doc - /doc - - ${basedir}/id/server/doc/proxy/** - - - - ${basedir}/id/server/data/deploy/conf - /doc/conf - - ${basedir}/id/server/data/deploy/conf/moa-id-proxy/** - - - - ${basedir}/id - / - - history.txt - readme_${moa-id-version}.txt - - - - ${basedir} - / - - LICENSE-2.0.txt - NOTICE.txt - IAIK-LICENSE.txt - EUPL v.1.1 - Licence.pdf - SIC_LICENSE.txt - - - - - - - - MOA.id.server:moa-id-auth-edu - - - true - / - ${artifactId}.${extension} - - - - xalan-bin-dist:xalan - xerces:xercesImpl - xalan-bin-dist:xml-apis - xalan-bin-dist:serializer - - /endorsed - ${artifactId}.${extension} - - - - iaik.prod:iaik_ecc - iaik.prod:iaik_jce_full - iaik.prod:iaik_Pkcs11Provider - iaik.prod:iaik_Pkcs11Wrapper:jar - - /ext - ${artifactId}.${extension} - - - false - - - - - - MOA.id.server:moa-id-lib - - - javadoc - false - api-doc - /doc - true - - - - - - MOA.id:moa-id-configuration - - - false - / - ${artifactId}.${extension} - false - - - - - - MOA.id.server:moa-id-commons - - - false - /migration/ - ${artifactId}.${extension} - false - - - /migration/dependency-jars - ${artifactId}.${extension} - - - - - - - - MOA.id:moa-id-oa - - - true - ../ - true - /source/${artifactId}/src - - **/target/** - **/bin/** - **/.settings/** - .* - - - pom.xml - - - - false - / - ${artifactId}.${extension} - false - - - - iaik:commons-iaik - MOA:moa-common - - /source/repositority - ${artifactId}.${extension} - - - - - - - - - component-pkcs11libs.xml - - - diff --git a/id/assembly-auth-final.xml b/id/assembly-auth-final.xml deleted file mode 100644 index 504f5620a..000000000 --- a/id/assembly-auth-final.xml +++ /dev/null @@ -1,191 +0,0 @@ - - id-auth-final-${moa-id-version} - - - dir - zip - - - - moa-id-auth-final-${moa-id-version} - - - - ${basedir}/id/server/data/deploy - / - - **/conf/Catalina/** - ${basedir}/id/server/data/deploy/conf/moa-id-proxy/** - - - - ${basedir}/spss/handbook/conf/moa-spss/certstore - /conf/moa-id/certs/certstore - - **/* - - - - ${basedir}/spss/handbook/conf/moa-spss/certstore - /conf/moa-spss/certstore - - **/* - - - - ${basedir}/id/server/doc - /doc - - ${basedir}/id/server/doc/proxy/** - - - - ${basedir}/id/server/data/deploy/conf - /doc/conf - - ${basedir}/id/server/data/deploy/conf/moa-id-proxy/** - - - - ${basedir}/id - / - - history.txt - readme_${moa-id-version}.txt - - - - ${basedir} - / - - LICENSE-2.0.txt - NOTICE.txt - IAIK-LICENSE.txt - EUPL v.1.1 - Licence.pdf - SIC_LICENSE.txt - - - - - - - - MOA.id.server:moa-id-auth-final - - - true - / - ${artifactId}.${extension} - - - - xalan-bin-dist:xalan - xerces:xercesImpl - xalan-bin-dist:xml-apis - xalan-bin-dist:serializer - - /endorsed - ${artifactId}.${extension} - - - - iaik.prod:iaik_ecc - iaik.prod:iaik_jce_full - iaik.prod:iaik_Pkcs11Provider - iaik.prod:iaik_Pkcs11Wrapper:jar - - /ext - ${artifactId}.${extension} - - - false - - - - - - MOA.id.server:moa-id-lib - - - javadoc - false - api-doc - /doc - true - - - - - - MOA.id:moa-id-configuration - - - false - / - ${artifactId}.${extension} - false - - - - - - MOA.id.server:moa-id-commons - - - false - /migration/ - ${artifactId}.${extension} - false - - - /migration/dependency-jars - ${artifactId}.${extension} - - - - - - - - MOA.id:moa-id-oa - - - true - ../ - true - /source/${artifactId}/src - - **/target/** - **/bin/** - **/.settings/** - .* - - - pom.xml - - - - false - / - ${artifactId}.${extension} - false - - - - iaik:commons-iaik - MOA:moa-common - - /source/repositority - ${artifactId}.${extension} - - - - - - - - - component-pkcs11libs.xml - - - diff --git a/id/assembly-proxy.xml b/id/assembly-proxy.xml deleted file mode 100644 index d43783e69..000000000 --- a/id/assembly-proxy.xml +++ /dev/null @@ -1,120 +0,0 @@ - - id-proxy-${moa-id-proxy-version} - - - dir - zip - - - - moa-id-proxy-${moa-id-proxy-version} - - - - ${basedir}/id/server/data/deploy - / - - **/conf/moa-spss/** - **/conf/moa-id/transforms/** - - - - ${basedir}/id/server/doc/proxy - /doc - - - ${basedir}/id - / - - history.txt - readme_${moa-id-proxy-version}.txt - - - - ${basedir} - / - - LICENSE-2.0.txt - NOTICE.txt - IAIK-LICENSE.txt - EUPL v.1.1 - Licence.pdf - SIC_LICENSE.txt - - - - - - - - MOA.id.server:moa-id-proxy - - - true - / - ${artifactId}.${extension} - - - - xalan-bin-dist:xalan - xerces:xercesImpl - xalan-bin-dist:xml-apis - xalan-bin-dist:serializer - - /endorsed - ${artifactId}.${extension} - - - - iaik.prod:iaik_ecc - iaik.prod:iaik_jce_full - iaik.prod:iaik_Pkcs11Provider - iaik.prod:iaik_Pkcs11Wrapper:jar - - /ext - ${artifactId}.${extension} - - - false - - - - - - MOA.id.server:moa-id-lib - - - javadoc - false - api-doc - /doc - true - - - - - - - component-pkcs11libs.xml - - - diff --git a/id/oa/pom.xml b/id/oa/pom.xml index b4e8b9858..2897de96b 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -19,7 +19,7 @@ - oa + moa-id-oa - - - org.apache.maven.plugins - maven-war-plugin - 2.1.1 - - - - - false - true - - false - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - 1.7 - 1.7 - - - - - - - - - axis - axis - - - MOA.spss.server - moa-spss-lib - - - MOA.id.server - moa-id-lib - - - - - iaik.prod - iaik_jce_full - - provided - - - iaik.prod - iaik_ecc - - provided - - - iaik.prod - iaik_Pkcs11Provider - - provided - - - iaik.prod - iaik_Pkcs11Wrapper - - provided - - - xalan-bin-dist - xalan - - provided - - - xerces - xercesImpl - - provided - - - xalan-bin-dist - xml-apis - - provided - - - xalan-bin-dist - serializer - - provided - - - - diff --git a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF b/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF deleted file mode 100644 index 58630c02e..000000000 --- a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF +++ /dev/null @@ -1,2 +0,0 @@ -Manifest-Version: 1.0 - diff --git a/id/server/proxy/src/main/webapp/WEB-INF/web.xml b/id/server/proxy/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index 57926f207..000000000 --- a/id/server/proxy/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,82 +0,0 @@ - - - - MOA ID Proxy - MOA ID Proxy Service - - - ParameterInOrder Filter - at.gv.egovernment.moa.id.util.ParameterInOrderFilter - - - ParameterInOrder Filter - /* - - - - Proxy - Proxy - Forwards requests to the online application - at.gv.egovernment.moa.id.proxy.servlet.ProxyServlet - 0 - - - ConfigurationUpdate - ConfigurationUpdate - Update MOA-ID Proxy configuration from the configuration file - at.gv.egovernment.moa.id.proxy.servlet.ConfigurationServlet - - - - - jspservlet - org.apache.jasper.servlet.JspServlet - - - - - - jspservlet - /errorpage-proxy.jsp - - - - jspservlet - /message-proxy.jsp - - - - ConfigurationUpdate - /ConfigurationUpdate - - - Proxy - /* - - - 30 - - - 500 - /errorpage-proxy.jsp - - - - ConfigurationUpdate - /ConfigurationUpdate - - - moa-admin - - - - BASIC - UserDatabase - - - - The role that is required to log in to the moa Application - - moa-admin - - diff --git a/id/server/proxy/src/main/webapp/errorpage-proxy.jsp b/id/server/proxy/src/main/webapp/errorpage-proxy.jsp deleted file mode 100644 index 07f3e7f69..000000000 --- a/id/server/proxy/src/main/webapp/errorpage-proxy.jsp +++ /dev/null @@ -1,50 +0,0 @@ - -<%@ page contentType="text/html; charset=UTF-8" %> - - -Ein Fehler ist aufgetreten - -<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown"); - String errorMessage = (String)request.getAttribute("ErrorMessage"); - String wrongParameters = (String)request.getAttribute("WrongParameters"); -%> - - -

Fehler bei der Anmeldung

-

Bei der Anmeldung ist ein Fehler aufgetreten.

- -<% if (errorMessage != null) { %> -

-<%= errorMessage%>
-

-<% } %> -<% if (exceptionThrown != null) { %> -

-<%= exceptionThrown.getMessage()%> -

-<% } %> -<% if (wrongParameters != null) { %> -

Die Angabe der Parameter ist unvollständig.

- <%= wrongParameters %>
-

- Beispiele für korrekte Links zur MOA-ID Authentisierung sind: -

-

-<a href="https://<MOA-URL>/StartAuthentication?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>"> -

-

-<a href="https://<MOA-URL>/SelectBKU?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"> -

-

-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entfällt die Angabe des Target Parameters: -

-

-<a href="https://<MOA-URL>/StartAuthentication?OA=<OA-URL>&Template=<Template-URL>"> -

-

-<a href="https://<MOA-URL>/SelectBKU?OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"> -

-

Die Angabe der Parameter "Template" und "BKUSelectionTemplate" ist optional.

-<% } %> - - \ No newline at end of file diff --git a/id/server/proxy/src/main/webapp/message-proxy.jsp b/id/server/proxy/src/main/webapp/message-proxy.jsp deleted file mode 100644 index 0d970898a..000000000 --- a/id/server/proxy/src/main/webapp/message-proxy.jsp +++ /dev/null @@ -1,20 +0,0 @@ - -<%@ page contentType="text/html; charset=UTF-8" %> - - -MOA-ID Proxy - -<% String message = (String)request.getAttribute("Message"); -%> - - -

MOA-ID Proxy

- -<% if (message != null) { %> -

-<%= message%>
-

-<% } %> - - - \ No newline at end of file -- cgit v1.2.3 From 7c0b889c2eab8734f890c2a53175852422760416 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Jun 2021 20:30:08 +0200 Subject: add dummy authentication-modul that loads eID information from local configuration --- id/server/auth-edu/pom.xml | 7 +- id/server/modules/moa-id-module-dummyAuth/pom.xml | 41 +++++ .../auth/dummy/ConfigurationProperties.java | 58 +++++++ .../auth/dummy/DummyIdentityAuthModule.java | 152 +++++++++++++++++ .../DummyIdentityAuthSpringResourceProvider.java | 62 +++++++ .../auth/dummy/service/DummyIdentityService.java | 182 +++++++++++++++++++++ .../task/InjectDummyIdentityInformationTask.java | 134 +++++++++++++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../main/resources/dummy_identity_auth.process.xml | 16 ++ .../resources/moaid_dummy_identity_auth.beans.xml | 23 +++ .../modules/auth/dummy/test/BeanCreationTest.java | 67 ++++++++ .../dummy/test/DummyIdentityAuthModuleTest.java | 117 +++++++++++++ ...ummyIdentityAuthSpringResourceProviderTest.java | 55 +++++++ .../auth/dummy/test/DummyIdentityServiceTest.java | 48 ++++++ .../InjectDummyIdentityInformationTaskTest.java | 92 +++++++++++ .../auth/dummy/test/dummy/DummyAuthConfigMap.java | 136 +++++++++++++++ .../src/test/resources/config/config1.properties | 6 + .../src/test/resources/config/config2.properties | 5 + .../src/test/resources/config/idlstore/idl_1.json | 6 + .../src/test/resources/config/idlstore/idl_2.json | 6 + .../config/idlstore/idl_invalid_json_1.json | 6 + .../config/idlstore/idl_invalid_json_2.json | 7 + .../config/idlstore/idl_invalid_json_3.json | 8 + .../config/idlstore/idl_missing_attr.json | 5 + .../config/idlstore/idl_wrong_extension.txt | 6 + .../resources/test_dummy_identity_auth.beans.xml | 20 +++ .../test_dummy_identity_auth_lazy.beans.xml | 27 +++ id/server/modules/pom.xml | 4 +- 28 files changed, 1295 insertions(+), 2 deletions(-) create mode 100644 id/server/modules/moa-id-module-dummyAuth/pom.xml create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml create mode 100644 id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml (limited to 'id') diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index adfb2aa4f..42e035c7a 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -207,7 +207,12 @@ MOA.id.server.modules moa-id-module-bkaMobilaAuthSAML2Test - + + + MOA.id.server.modules + moa-id-module-dummy-authenticatiuon + + MOA.id.server.modules moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml new file mode 100644 index 000000000..42b8ca775 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -0,0 +1,41 @@ + + + 4.0.0 + + MOA.id.server.modules + moa-id-modules + 4.1.6-SNAPSHOT + + moa-id-module-dummy-authenticatiuon + Module for dummy authentication in MOA-ID + + + + org.springframework + spring-test + test + + + junit + junit + test + + + at.gv.egiz.eaaf + eaaf_core_utils + test + test-jar + + + at.gv.egiz.eaaf + eaaf-core + test + test-jar + + + + + + diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java new file mode 100644 index 000000000..b42e5b0f7 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java @@ -0,0 +1,58 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy; + +import java.util.Collection; +import java.util.Set; + +import com.google.common.collect.Sets; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public class ConfigurationProperties { + + // configuration properties + private static final String MODULE_PREFIX = "modules.dummyauth."; + + public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled"; + public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp"; + public static final String PROP_MODULE_IDENTITY_STORE_PATH = MODULE_PREFIX + "identity.store.path"; + + // http parameter + public static final String HTTP_PARAM_START_DUMMY_AUTH = "dummyauth"; + + // configuration filetype + public static final String ALLOWED_FILE_TYPE = "json"; + + + //minimum required attributes + public static final Collection MINIMUM_REQ_ATTRIBUTES = Sets.newHashSet( + PVPAttributeDefinitions.BIRTHDATE_NAME, + PVPAttributeDefinitions.GIVEN_NAME_NAME, + PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, + PVPAttributeDefinitions.BPK_NAME); + + private ConfigurationProperties() { + // hide constructor or static class + } +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java new file mode 100644 index 000000000..e2f550736 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java @@ -0,0 +1,152 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy; + +import java.io.Serializable; +import java.util.Collection; +import java.util.Collections; +import java.util.stream.Collectors; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class DummyIdentityAuthModule implements AuthModule { + + private int priority = 2; + + @Autowired(required = true) + protected IConfigurationWithSP authConfig; + @Autowired(required = true) + private IAuthenticationManager authManager; + + private Collection uniqueIDsDummyAuthEnabled; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + @PostConstruct + private void initialDummyAuthWhiteList() { + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + Logger.info("AuthModule for 'dummy-identities' is enabled"); + + // load allowed service-provider Id's + uniqueIDsDummyAuthEnabled = authConfig.getBasicConfigurationWithPrefix( + ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream() + .filter(el -> StringUtils.isNotEmpty(el)) + .collect(Collectors.toSet()); + + if (!uniqueIDsDummyAuthEnabled.isEmpty()) { + Logger.info("Dummy authentication is enabled for ...."); + uniqueIDsDummyAuthEnabled.forEach(el -> Logger.info(" EntityID: " + el)); + + } + + // TODO: do we need a selection parameter from external + authManager.addParameterNameToWhiteList(ConfigurationProperties.HTTP_PARAM_START_DUMMY_AUTH); + + } else { + uniqueIDsDummyAuthEnabled = Collections.emptySet(); + Logger.info("AuthModule for 'dummy-identities' is disabled"); + + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); + Logger.trace("Check dummy-auth for SP: " + spEntityID); + if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + final Serializable flagObj = context.get(ConfigurationProperties.HTTP_PARAM_START_DUMMY_AUTH); + if (flagObj instanceof String && Boolean.valueOf((String) flagObj)) { + Logger.info("Starting Dummy-Identity authentication for SP: " + spEntityID); + return "dummyIdentityAuthentication"; + + } else { + Logger.debug("Dummy-Identity authentication flag not 'true'. Skip it ... "); + + } + + } else { + Logger.debug("Unique SP-Id: " + spEntityID + + " is not in whitelist for Dummy-Identity authentication."); + + } + + } else { + Logger.trace("Dummy-Identity authentication is disabled"); + + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:/dummy_identity_auth.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java new file mode 100644 index 000000000..d8218b7f1 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java @@ -0,0 +1,62 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class DummyIdentityAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource authConfig = new ClassPathResource("/moaid_dummy_identity_auth.beans.xml", DummyIdentityAuthSpringResourceProvider.class); + return new Resource[] {authConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "Module for 'Dummy Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java new file mode 100644 index 000000000..9bb961e47 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java @@ -0,0 +1,182 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.service; + +import java.io.IOException; +import java.nio.file.FileVisitOption; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + +import javax.annotation.PostConstruct; + +import org.apache.commons.io.FilenameUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; +import com.fasterxml.jackson.annotation.PropertyAccessor; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.ConfigurationProperties; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Service that holdes and selects dummy-identities for dummy-authentication. + * + * @author tlenz + * + */ +public class DummyIdentityService { + + @Autowired IConfiguration config; + + private List> availableIdentities = new ArrayList<>(); + + + private static ObjectMapper jsonMapper = new ObjectMapper(); + + static { + // initialize JSON Mapper + jsonMapper.configure(DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY, true); + jsonMapper.configure(DeserializationFeature.FAIL_ON_TRAILING_TOKENS, true); + jsonMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true); + jsonMapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE); + jsonMapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY); + jsonMapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY); + + } + + + /** + * Get an identity randomly from available identities. + * + * @return Map of identity attributes + * @throws EAAFAuthenticationException In case of an empty identity store + */ + public Map getIdentityRandomly() throws EAAFAuthenticationException { + if (availableIdentities.isEmpty()) { + throw new EAAFAuthenticationException("builder.08", new Object[] {"No Dummy-Identity available"}); + + } + + + + int num = (int) (Math.random() * 1000000) % availableIdentities.size(); + Logger.debug("Select element: " + num + " from dummy-identity store"); + return availableIdentities.get(num); + + } + + /** + * Get number of available identity sets. + * + * @return available dummy identities + */ + public int getNumberOfLoadedIdentitySets( ) { + return availableIdentities.size(); + + } + + + @PostConstruct + private void initialize() throws EAAFException { + try { + Logger.debug("Initializing Dummy-Identity authentication service ... "); + + //get all files from datastore + Set identityConfigFiles = getAllFilesFromIdentityStore(); + Logger.debug("Find #" + identityConfigFiles.size() + " files in identity-store. Starting identity extraction ... "); + + //extract identity informations + identityConfigFiles.stream() + .filter(el -> FilenameUtils.isExtension(el.getFileName().toString(), ConfigurationProperties.ALLOWED_FILE_TYPE)) + .forEach(el -> loadJson(el)); + + Logger.info("Dummy-Identity authentication service contains #" + availableIdentities.size() + " data-sets"); + + } catch (EAAFException e) { + handleError(e); + + } catch (IOException e) { + handleError(new EAAFException("config.05", + new Object[] {ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH}, e)); + + } + } + + + private void loadJson(Path file) { + try { + Logger.debug("Reading dummy-identity from file: " + file.getFileName() + " ... "); + Map dummyEid = jsonMapper.readValue(file.toFile(), Map.class); + + // check minimum required attributes + ConfigurationProperties.MINIMUM_REQ_ATTRIBUTES.stream().forEach( + el -> { + if (!dummyEid.containsKey(el)) { + throw new RuntimeException("dummy-identity from file: " + file.getFileName() + " missing attribute: " + el); + + } + }); + + Logger.debug("Add dummy-identity from file: " + file.getFileName()); + availableIdentities.add(dummyEid); + + + } catch (Exception e) { + Logger.warn("Can NOT read dummy-identity from file: " + file.getFileName() + " Identity will be skipped", e); + + } + + } + + + private Set getAllFilesFromIdentityStore() throws IOException, EAAFConfigurationException { + String identityStorePath = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH); + if (StringUtils.isEmpty(identityStorePath)) { + throw new EAAFConfigurationException("config.08", + new Object[] {ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH}); + + } + + String absIdentityStorePath = FileUtils.makeAbsoluteURL(identityStorePath, config.getConfigurationRootDirectory()); + if (absIdentityStorePath.startsWith("file:")) { + absIdentityStorePath = absIdentityStorePath.substring("file:".length()); + + } + + return Files.walk(Paths.get(absIdentityStorePath), FileVisitOption.FOLLOW_LINKS) + .filter(Files::isRegularFile) + .filter(Files::isReadable) + .collect(Collectors.toSet()); + + } + + + private void handleError(EAAFException e) throws EAAFException { + if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + throw e; + + } else { + Logger.info("Dummy-Identity authentication is disabled. Ignore exception: " + e.getMessage()); + + } + + } + + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java new file mode 100644 index 000000000..8fed1c544 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java @@ -0,0 +1,134 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.task; + +import java.util.Map; +import java.util.Map.Entry; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("InjectDummyIdentityInformationTask") +public class InjectDummyIdentityInformationTask extends AbstractAuthServletTask { + + @Autowired + IConfiguration moaAuthConfig; + @Autowired + DummyIdentityService service; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) + throws TaskExecutionException { + + try { + Logger.debug("Injecting user credentials for Dummy-Identity authentication ... "); + parseDemoValuesIntoMOASession(pendingReq); + + // store MOASession into database + requestStoreage.storePendingRequest(pendingReq); + + } catch (final MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (final Exception e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + /** + * @param pendingReq + * @param moaSession + * @throws MOAIDException + * @throws EAAFStorageException + * @throws EAAFAuthenticationException + */ + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException, + EAAFAuthenticationException { + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setForeigner(false); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); + + final Map rawIdentity = service.getIdentityRandomly(); + + // add attributes into session + for (final Entry el : rawIdentity.entrySet()) { + moaSession.setGenericDataToSession(el.getKey(), el.getValue()); + Logger.debug("Add PVP-attribute " + el.getKey() + " into MOASession"); + + } + + // set BKU URL + if (rawIdentity.containsKey(PVPAttributeDefinitions.EID_CCS_URL_NAME)) { + moaSession.setBkuURL(rawIdentity.get(PVPAttributeDefinitions.EID_CCS_URL_NAME)); + + } else { + moaSession.setBkuURL("http://egiz.gv.at/dummy-authentication"); + + } + + // check if mandates are included + if (rawIdentity.containsKey(PVPAttributeDefinitions.MANDATE_TYPE_NAME) + || rawIdentity.containsKey(PVPAttributeDefinitions.MANDATE_TYPE_OID_NAME)) { + Logger.debug("Find Mandate-Attributes in E-ID response. Switch to mandate-mode ... "); + moaSession.setUseMandates(true); + + } else { + moaSession.setUseMandates(false); + + } + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..a60db29cb --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml new file mode 100644 index 000000000..d7351fbbd --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml new file mode 100644 index 000000000..5c2ea1176 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java new file mode 100644 index 000000000..7fa2eab93 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.BeanCreationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth_lazy.beans.xml" }) +public class BeanCreationTest { + + @Autowired DummyAuthConfigMap config; + @Autowired ApplicationContext context; + + @Before + public void initialize() { + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(false)); + + } + + @Test + public void authModuleDeactivated() { + assertNotNull("AuthModule", context.getBean(DummyIdentityAuthModule.class)); + + } + + @Test + @DirtiesContext + public void dummyIdentityServiceDisabled() { + assertNotNull("IdentityService", context.getBean(DummyIdentityService.class)); + + } + + @Test + @DirtiesContext + public void dummyIdentityServiceEnabled() { + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + try { + context.getBean(DummyIdentityService.class); + fail("Wrong config not detected"); + + } catch (Exception e) { + assertTrue("wrong exception", e instanceof BeanCreationException); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java new file mode 100644 index 000000000..37bb0d9b4 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java @@ -0,0 +1,117 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth.beans.xml" }) +public class DummyIdentityAuthModuleTest { + + @Autowired DummyAuthConfigMap config; + @Autowired DummyIdentityAuthModule module; + + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + @Before + public void initialize() { + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + } + + @Test + public void checkProcessDefinition() { + String[] def = module.getProcessDefinitions(); + + assertNotNull("no process definition", def); + Arrays.asList(def).stream().forEach( + el -> DummyIdentityAuthModuleTest.class.getResourceAsStream(el)); + + } + + + @Test + public void deactivated() { + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(false)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void unknownServiceProvider() { + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderButNotRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderButWrongRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + context.put("dummyauth", 27); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderButFalseRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + context.put("dummyauth", "false"); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderAndRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + context.put("dummyauth", "true"); + + assertEquals("wrong authmethod identifier", "dummyIdentityAuthentication", + module.selectProcess(context, pendingReq)); + + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java new file mode 100644 index 000000000..0e9da9fea --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import java.io.IOException; +import java.io.InputStream; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthSpringResourceProvider; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class DummyIdentityAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final DummyIdentityAuthSpringResourceProvider test = + new DummyIdentityAuthSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream( + "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider"); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + DummyIdentityAuthSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found"); + + } + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java new file mode 100644 index 000000000..19a9fc72e --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.Map; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth.beans.xml" }) +public class DummyIdentityServiceTest { + + @Autowired DummyIdentityService service; + + + @Test + public void numberOfLoadedIdentities() { + assertEquals("wrong number of identities in store", 3, service.getNumberOfLoadedIdentitySets()); + + } + + @Test + public void getRandomIdentity() throws EAAFAuthenticationException { + Map idl = service.getIdentityRandomly(); + + assertNotNull("idl", idl); + assertEquals("wrong number of attributes", 4, idl.size()); + + } + + @Test + public void getManyRandomIdentity() throws EAAFAuthenticationException { + for(int i=0; i<50; i++) { + assertNotNull("idl", service.getIdentityRandomly()); + + } + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java new file mode 100644 index 000000000..5d41496e2 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java @@ -0,0 +1,92 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.task.InjectDummyIdentityInformationTask; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth.beans.xml" }) +public class InjectDummyIdentityInformationTaskTest { + + @Autowired InjectDummyIdentityInformationTask task; + @Autowired DummyAuthConfigMap config; + @Autowired IRequestStorage storage; + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + @Before + public void initialize() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + } + + @Test + public void injectIdentityData() throws TaskExecutionException, PendingReqIdValidationException { + + task.execute(pendingReq, context); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertNotNull("bkuUrl", moaSession.getBkuURL()); + assertEquals("missing attributes", 4, moaSession.getGenericSessionDataStorage().size()); + + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 000000000..3c0f9edf1 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map config = new HashMap<>(); + + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public Boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EAAFConfigurationException { + return null; + } + + @Override + public T getServiceProviderConfiguration(final String spIdentifier, final Class decorator) + throws EAAFConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIDPURL(final URL authReqUrl) throws EAAFException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties new file mode 100644 index 000000000..18bd21df1 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties @@ -0,0 +1,6 @@ +modules.dummyauth.enabled=true +modules.dummyauth.identity.store.path=src/test/resources/config/idlstore/ +modules.dummyauth.sp.1=aaabbccddeeffgg +modules.dummyauth.sp.2=yyasdfasfsa2323 +modules.dummyauth.sp.3= +modules.dummyauth.sp.4=435344534egewgegf diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties new file mode 100644 index 000000000..d38ba692b --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties @@ -0,0 +1,5 @@ +modules.dummyauth.enabled=false +modules.dummyauth.identity.store.path=notexit +modules.dummyauth.sp.1=aaabbccddeeffgg +modules.dummyauth.sp.2=yyasdfasfsa2323 +modules.dummyauth.sp.3=435344534egewgegf diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json new file mode 100644 index 000000000..4d927b7ad --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Max", + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} \ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json new file mode 100644 index 000000000..1cffdd696 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Susi", + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Musterfrau", + "urn:oid:1.2.40.0.10.2.1.1.55": "1950-02-02", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:zzyyxx99887dd" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json new file mode 100644 index 000000000..ec1a4ba49 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Max" + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json new file mode 100644 index 000000000..71c2f654e --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json @@ -0,0 +1,7 @@ +{ + "urn:oid:2.5.4.42": { + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann" + }, + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json new file mode 100644 index 000000000..29a245ca4 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json @@ -0,0 +1,8 @@ +{ + "urn:oid:2.5.4.42": { + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann" + }, + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json new file mode 100644 index 000000000..2f241c291 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json @@ -0,0 +1,5 @@ +{ + "urn:oid:2.5.4.42": "Max", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt new file mode 100644 index 000000000..4d927b7ad --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Max", + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} \ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml new file mode 100644 index 000000000..cca27822e --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml new file mode 100644 index 000000000..e818bd29c --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index fb8c5c5df..c762cf51c 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -36,7 +36,9 @@ moa-id-module-sl20_authentication moa-id-module-AT_eIDAS_connector - moa-id-module-E-ID_connector + moa-id-module-E-ID_connector + moa-id-module-dummyAuth + -- cgit v1.2.3 From dd90213ddbfeee68843fddaa7bf37624812ef217 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 7 Jun 2021 07:19:01 +0200 Subject: set 'needConsent' flag to false during dummy-authenticatio to over-roll SP configuration --- id/server/modules/moa-id-module-dummyAuth/pom.xml | 1 + .../modules/auth/dummy/task/InjectDummyIdentityInformationTask.java | 6 ++++++ 2 files changed, 7 insertions(+) (limited to 'id') diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml index 42b8ca775..b8f1163ad 100644 --- a/id/server/modules/moa-id-module-dummyAuth/pom.xml +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -9,6 +9,7 @@ 4.1.6-SNAPSHOT moa-id-module-dummy-authenticatiuon + ${moa-id-dummy-auth.version} Module for dummy authentication in MOA-ID diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java index 8fed1c544..5eb441bc9 100644 --- a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java @@ -75,6 +75,12 @@ public class InjectDummyIdentityInformationTask extends AbstractAuthServletTask Logger.debug("Injecting user credentials for Dummy-Identity authentication ... "); parseDemoValuesIntoMOASession(pendingReq); + // set 'needConsent' to false, because user gives consent during authentication + pendingReq.setNeedUserConsent(false); + + // set 'authenticated' flag to true + pendingReq.setAuthenticated(true); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); -- cgit v1.2.3 From 52a7359e6a819e6c92bab4234dd5fb509d0ed1f5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 27 Jul 2021 13:43:33 +0200 Subject: delete files that not needed any more --- id/server/proxy/.gitignore | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 id/server/proxy/.gitignore (limited to 'id') diff --git a/id/server/proxy/.gitignore b/id/server/proxy/.gitignore deleted file mode 100644 index 4dc009173..000000000 --- a/id/server/proxy/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/target -/bin -- cgit v1.2.3 From 1b7c56f30ff37596933a904b8ae931be18e9015b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 30 Aug 2021 10:37:37 +0200 Subject: throw RuntimeException in case of an error during initialization of transaction encryption-layer --- .../java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java index 498f8408b..d4a6ee786 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java @@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil { private static String key = null; public static SessionEncrytionUtil getInstance() { - if (instance == null) { + if (instance == null) { try { key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey(); - instance = new SessionEncrytionUtil(); + instance = new SessionEncrytionUtil(); } catch (Exception e) { Logger.warn("MOASession encryption can not be inizialized.", e); - + throw new RuntimeException("MOASession encryption can not be inizialized.", e); + } } return instance; -- cgit v1.2.3 From ba6ba0af88d8c9472a63356ddf3d19f84847c2d7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 28 Jul 2021 11:33:11 +0200 Subject: add new authentication module for EHVD communication --- id/server/auth-edu/pom.xml | 5 + .../modules/moa-id-module-ehvd_integration/pom.xml | 57 ++++++++ .../auth/modules/ehvd/ConfigurationProperties.java | 48 +++++++ .../auth/modules/ehvd/EhvdServiceAuthModule.java | 147 ++++++++++++++++++++ .../EhvdServiceAuthSpringResourceProvider.java | 62 +++++++++ .../ehvd/attributes/PvpRoleAttributeBuilder.java | 58 ++++++++ .../ehvd/service/EhvdCommunicationService.java | 69 ++++++++++ .../modules/ehvd/service/IEhvdCommunication.java | 23 ++++ .../ehvd/task/InjectEhvdInformationTask.java | 103 ++++++++++++++ .../DefaultAuth_with_ehvd_interaction.process.xml | 32 +++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 1 + .../resources/moaid_ehvd_service_auth.beans.xml | 23 ++++ .../resources/properties/id_messages.properties | 2 + .../protocol_response_statuscodes.properties | 2 + .../auth/modules/ehvd/test/BeanCreationTest.java | 39 ++++++ .../ehvd/test/EhvdServiceAuthModuleTest.java | 101 ++++++++++++++ .../EhvdServiceAuthSpringResourceProviderTest.java | 56 ++++++++ .../InjectEhvdIdentityInformationTaskTest.java | 131 ++++++++++++++++++ .../attributes/PvpRoleAttributeBuilderTest.java | 124 +++++++++++++++++ .../ehvd/test/dummy/DummyAuthConfigMap.java | 136 +++++++++++++++++++ .../id/auth/modules/ehvd/test/dummy/TestUtils.java | 150 +++++++++++++++++++++ .../utils/AttributeBuilderRegistrationTest.java | 41 ++++++ .../test/utils/AuthenticationRoleFactoryTest.java | 65 +++++++++ .../ehvd/test/utils/MoaStatusMessagerTest.java | 55 ++++++++ .../src/test/resources/config/config1.properties | 5 + .../src/test/resources/config/config2.properties | 4 + .../resources/test_ehvd_service_auth.beans.xml | 19 +++ .../test_ehvd_service_auth_lazy.beans.xml | 24 ++++ .../test_ehvd_service_messager_auth.beans.xml | 15 +++ id/server/modules/pom.xml | 1 + 31 files changed, 1599 insertions(+) create mode 100644 id/server/modules/moa-id-module-ehvd_integration/pom.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml (limited to 'id') diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 42e035c7a..6a8110a28 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -228,6 +228,11 @@ moa-id-module-EID_connector + + MOA.id.server.modules + moa-id-module-ehvd_integration + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..6985f2b7d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 000000000..4dd043048 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml new file mode 100644 index 000000000..4ef523ec8 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties new file mode 100644 index 000000000..89fd19362 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties @@ -0,0 +1,2 @@ +ehvd.00=GDA Status inaktiv +ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties new file mode 100644 index 000000000..fca8fa8cd --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -0,0 +1,2 @@ +test.01=aabbccdd +test.02=zzzyyyxxx \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java new file mode 100644 index 000000000..91bf67b2d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertNotNull; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth_lazy.beans.xml" }) +public class BeanCreationTest { + + @Autowired + DummyAuthConfigMap config; + @Autowired + ApplicationContext context; + + @Before + public void initialize() { + // re-set config + config.putConfigValue("modules.ehvd.enabled", String.valueOf(false)); + + } + + @Test + public void authModuleDeactivated() { + assertNotNull("AuthModule", context.getBean(EhvdServiceAuthModule.class)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java new file mode 100644 index 000000000..4a7c98803 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java @@ -0,0 +1,101 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdServiceAuthModuleTest { + + @Autowired DummyAuthConfigMap config; + @Autowired EhvdServiceAuthModule module; + + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + @Before + public void initialize() { + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.ehvd.enabled", String.valueOf(true)); + + context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(false)); + context.put(MOAIDAuthConstants.PARAM_BKU, RandomStringUtils.randomAlphabetic(5)); + + } + + @Test + public void checkProcessDefinition() { + String[] def = module.getProcessDefinitions(); + + assertNotNull("no process definition", def); + Arrays.asList(def).stream().forEach( + el -> EhvdServiceAuthModuleTest.class.getResourceAsStream(el)); + + } + + @Test + public void bkuSelectionActiv() { + context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(true)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void deactivated() { + config.putConfigValue("modules.ehvd.enabled", String.valueOf(false)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void unknownServiceProvider() { + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderAndRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + + assertEquals("wrong authmethod identifier", "DefaultAuthenticationWithEHVDInteraction", + module.selectProcess(context, pendingReq)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java new file mode 100644 index 000000000..b584e8753 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class EhvdServiceAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final EhvdServiceAuthSpringResourceProvider test = + new EhvdServiceAuthSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream( + "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider"); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + EhvdServiceAuthSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found"); + + } + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java new file mode 100644 index 000000000..45f7a8fc4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java @@ -0,0 +1,131 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; + +import java.io.IOException; +import java.security.PublicKey; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Assert; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class InjectEhvdIdentityInformationTaskTest { + + @Autowired InjectEhvdInformationTask task; + @Autowired DummyAuthConfigMap config; + @Autowired IRequestStorage storage; + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + @Before + public void initialize() throws EAAFParserException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + //inject identityLink + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(TestUtils.generateDummyIdl( + RandomStringUtils.randomAlphanumeric(10), + EAAFConstants.URN_PREFIX_BASEID)); + + } + + @Test + public void noIdentityLinkInSession() { + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(null); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "process.04", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + + task.execute(pendingReq, context); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java new file mode 100644 index 000000000..df02c6f4e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java @@ -0,0 +1,124 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class PvpRoleAttributeBuilderTest { + + @Autowired + private IConfiguration basicConfig; + + private PvpRoleAttributeBuilder toTest = new PvpRoleAttributeBuilder(); + private IAttributeGenerator g = new SimpleStringAttributeGenerator(); + private ISPConfiguration oaParam; + + + @Before + public void initialize() { + oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig); + + } + + @Test + public void checkName() { + assertEquals("wrong attr. name", "urn:oid:1.2.40.0.10.2.1.1.261.30", toTest.getName()); + + } + + @Test + public void checkEmptyAttribute() { + assertNull("wrong empty attr.", toTest.buildEmpty(g)); + + } + + @Test + public void wrongAuthData() throws AttributeBuilderException { + IAuthData authData = new AuthenticationData(); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + public void noRoles() throws AttributeBuilderException { + IAuthData authData = generateAuthData(null); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + @Test + public void emptyRoles() throws AttributeBuilderException { + IAuthData authData = generateAuthData(Collections.emptyList()); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + @Test + public void randomRoles() throws AttributeBuilderException { + String role1 = RandomStringUtils.randomAlphabetic(5); + String role2 = RandomStringUtils.randomAlphabetic(5); + String role3 = RandomStringUtils.randomAlphabetic(5); + String role4 = RandomStringUtils.randomAlphabetic(5); + + IAuthData authData = generateAuthData(Arrays.asList( + new AuthenticationRole(role1, role1), + new AuthenticationRole(role2, role2), + new AuthenticationRole(role3, role3 + "()"), + new AuthenticationRole(role4, role4 + "(\"aaa\"=\"bbb\")") + )); + + // perform test + String attrValue = toTest.build(oaParam, authData, g); + + // validate state + assertNotNull("wrong attr. value", attrValue); + + String[] el = attrValue.split(";"); + assertEquals("wrong role count", 4, el.length); + assertEquals("wrong 1. role", role1, el[0]); + assertEquals("wrong 2. role", role2, el[1]); + assertEquals("wrong 3. role", role3 + "()", el[2]); + assertEquals("wrong 4. role", role4 + "(\"aaa\"=\"bbb\")", el[3]); + + + } + + private IAuthData generateAuthData(List roles) { + MOAAuthenticationData authData = new MOAAuthenticationData(null); + if (roles != null) { + roles.forEach(el -> authData.addAuthenticationRole(el)); + + } + + return authData; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 000000000..865cf7157 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map config = new HashMap<>(); + + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public Boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EAAFConfigurationException { + return null; + } + + @Override + public T getServiceProviderConfiguration(final String spIdentifier, final Class decorator) + throws EAAFConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIDPURL(final URL authReqUrl) throws EAAFException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java new file mode 100644 index 000000000..9ab52a27e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java @@ -0,0 +1,150 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; + +public class TestUtils { + + public static IIdentityLink generateDummyIdl(String baseId, String baseIdType) { + return new IIdentityLink() { + + @Override + public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + // TODO Auto-generated method stub + + } + + @Override + public void setPublicKey(PublicKey[] publicKey) { + // TODO Auto-generated method stub + + } + + @Override + public void setPrPerson(Element prPerson) { + // TODO Auto-generated method stub + + } + + @Override + public void setIssueInstant(String issueInstant) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationValue(String identificationValue) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationType(String identificationType) { + // TODO Auto-generated method stub + + } + + @Override + public void setGivenName(String givenName) { + // TODO Auto-generated method stub + + } + + @Override + public void setFamilyName(String familyName) { + // TODO Auto-generated method stub + + } + + @Override + public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + // TODO Auto-generated method stub + + } + + @Override + public void setDateOfBirth(String dateOfBirth) { + // TODO Auto-generated method stub + + } + + @Override + public String getSerializedSamlAssertion() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element getSamlAssertion() { + // TODO Auto-generated method stub + return null; + } + + @Override + public PublicKey[] getPublicKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element getPrPerson() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIdentificationValue() { + return baseId; + + } + + @Override + public String getIdentificationType() { + return baseIdType; + + } + + @Override + public String getGivenName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFamilyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element[] getDsigReferenceTransforms() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDateOfBirth() { + // TODO Auto-generated method stub + return null; + } + }; + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java new file mode 100644 index 000000000..5ff8ffba7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.util.List; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.xml.ConfigurationException; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; + +@RunWith(BlockJUnit4ClassRunner.class) +public class AttributeBuilderRegistrationTest { + + @BeforeClass + public static void classInitializer() throws ConfigurationException { + EAAFDefaultSAML2Bootstrap.bootstrap(); + + } + + @Test + public void checkRegistratedAttributeBuilder() { + + List supportedAttributes = PVPAttributeBuilder.buildSupportedEmptyAttributes(); + + assertFalse("Registered Attribute-Builder is empty", supportedAttributes.isEmpty()); + assertTrue("No role attribute registrated", supportedAttributes.stream() + .filter(el -> PVPAttributeDefinitions.ROLES_NAME.equals(el.getName())) + .findFirst() + .isPresent()); + + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java new file mode 100644 index 000000000..6d39b926e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; + +@RunWith(BlockJUnit4ClassRunner.class) +public class AuthenticationRoleFactoryTest { + + @Test + public void simpleRole() { + String role = RandomStringUtils.randomAlphabetic(5); + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(role); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", role, toCheck.getRawRoleString()); + assertNull("wrong role attr", toCheck.getParams()); + + } + + @Test + public void complexeRoleEmptyParams() { + String role = RandomStringUtils.randomAlphabetic(5); + String fullRole = role + "()"; + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString()); + assertNull("wrong role attr", toCheck.getParams()); + + } + + @Test + public void complexeRoleWithParams() { + String p1 = RandomStringUtils.randomAlphabetic(5); + String v1 = RandomStringUtils.randomAlphabetic(5); + String p2 = RandomStringUtils.randomAlphabetic(5); + String v2 = RandomStringUtils.randomAlphabetic(5); + + String role = RandomStringUtils.randomAlphabetic(5); + String fullRole = role + "(\"" + + p1 + "\"=\"" + v1 + "\"," + + p2 + "\"=\"" + v2 + "\"" + +")"; + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString()); + assertNotNull("wrong role attr", toCheck.getParams()); + assertEquals("wrong param size", 2, toCheck.getParams().size()); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java new file mode 100644 index 000000000..399980dbf --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({"/test_ehvd_service_messager_auth.beans.xml"}) +public class MoaStatusMessagerTest { + + @Autowired IStatusMessenger messager; + + + @Test + public void checkErrorCodeMapper() { + assertEquals("default errorcode", "9199", + messager.getResponseErrorCode(new NullPointerException())); + + + assertEquals("new errorCode file", "aabbccdd", + messager.mapInternalErrorToExternalError("test.01")); + assertEquals("new errorCode file", "zzzyyyxxx", + messager.mapInternalErrorToExternalError("test.02")); + + assertEquals("existing errorCode file", "4401", + messager.mapInternalErrorToExternalError("auth.34")); + assertEquals("existing errorCode file", "1101", + messager.mapInternalErrorToExternalError("parser.07")); + + } + + @Test + public void checkErrorMessages() { + assertEquals("new error msg", + "GDA Status inaktiv", messager.getMessage("ehvd.00", null)); + assertEquals("new error msg", + "Allgemeiner Fehler bei der Abfrage des EHVD Service", messager.getMessage("ehvd.99", null)); + + + assertEquals("existing error msg", + "Zertifikat konnte nicht ausgelesen werden.", messager.getMessage("auth.14", null)); + assertEquals("existing error msg", + "\"Issuer\" im AUTH-Block nicht vorhanden.", messager.getMessage("validator.32", null)); + + } + + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties new file mode 100644 index 000000000..bc71dc6ab --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties @@ -0,0 +1,5 @@ +modules.ehvd.enabled=true +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3= +modules.ehvd.sp.4=435344534egewgegf diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties new file mode 100644 index 000000000..4e666c204 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties @@ -0,0 +1,4 @@ +modules.ehvd.enabled=false +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3=435344534egewgegf diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml new file mode 100644 index 000000000..b499ad395 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml @@ -0,0 +1,19 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml new file mode 100644 index 000000000..7116034b7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml new file mode 100644 index 000000000..5d8e03fb5 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml @@ -0,0 +1,15 @@ + + + + + + \ No newline at end of file diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index c762cf51c..a5cf8bfa0 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -38,6 +38,7 @@ moa-id-module-AT_eIDAS_connector moa-id-module-E-ID_connector moa-id-module-dummyAuth + moa-id-module-ehvd_integration -- cgit v1.2.3 From 56af7bee462d70f08d0442254c632f39e50ec96f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 29 Jul 2021 09:03:47 +0200 Subject: add EHVD WSDL and implement SOAP client --- .../modules/moa-id-module-ehvd_integration/pom.xml | 68 +- .../auth/modules/ehvd/ConfigurationProperties.java | 19 +- .../auth/modules/ehvd/exception/EhvdException.java | 19 + .../ehvd/service/EhvdCommunicationService.java | 194 ++++- .../resources/properties/id_messages.properties | 5 +- .../protocol_response_statuscodes.properties | 7 +- .../src/main/resources/wsdl/eHVD.wsdl | 220 +++++ .../InjectEhvdIdentityInformationTaskTest.java | 131 --- .../InjectEhvdIdentityInformationQsSystemTest.java | 141 +++ .../InjectEhvdIdentityInformationTaskTest.java | 961 +++++++++++++++++++++ .../ehvd/test/utils/MoaStatusMessagerTest.java | 2 +- .../skjolber/mockito/soap/Soap12EndpointRule.java | 195 +++++ .../src/test/resources/config/config1.properties | 3 + .../resources/config/config_qs_service.properties | 8 + .../resources/test_ehvd_qs_service_auth.beans.xml | 19 + 15 files changed, 1820 insertions(+), 172 deletions(-) create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl delete mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 05b2d0daa..6f9463710 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -22,13 +22,20 @@ - + MOA.id.server moa-id-lib provided + + javax.servlet + javax.servlet-api + 3.1.0 + provided + + org.springframework @@ -52,6 +59,63 @@ test test-jar - + + com.github.skjolber + mockito-soap-cxf + 1.2.0 + test + + + + + + + org.apache.cxf + cxf-codegen-plugin + 3.4.1 + + + xerces + xercesImpl + 2.8.1 + + + com.sun.xml.bind + jaxb-impl + 2.2.5 + + + com.sun.xml.bind + jaxb-xjc + 2.2.5 + + + + + generate-sources + generate-sources + + ${project.build.directory}/generated/cxf + + + ${basedir}/src/main/resources/wsdl/eHVD.wsdl + + eHVD=at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl + + + -verbose + + + + + + wsdl2java + + + + + + + diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java index fd7d1b013..07d65f2f5 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -22,26 +22,23 @@ */ package at.gv.egovernment.moa.id.auth.modules.ehvd; -import java.util.Collection; - -import com.google.common.collect.Sets; - import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; public class ConfigurationProperties { // configuration properties private static final String MODULE_PREFIX = "modules.ehvd."; - + public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled"; public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp"; - + public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target"; - - - public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH"; - + public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url"; + + public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port"; + + public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH"; + private ConfigurationProperties() { // hide constructor or static class } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java new file mode 100644 index 000000000..daab154bc --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.exception; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; + +public class EhvdException extends AuthenticationException{ + + private static final long serialVersionUID = 380654627005502948L; + + public EhvdException(String messageId, Object[] parameters) { + super(messageId, parameters); + + } + + public EhvdException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index f0e2069a1..ab4a70751 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -1,69 +1,213 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; +import java.net.URL; +import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.handler.Handler; +import javax.xml.ws.soap.SOAPFaultException; +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.ProxyServerType; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVDService; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GetGdaDescriptors; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +import at.gv.egovernment.moa.id.auth.modules.ehvd.exception.EhvdException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.util.LoggingHandler; /** * Implement interaction with EHVD service to get GDA information. - * + * * @author tlenz * */ public class EhvdCommunicationService implements IEhvdCommunication { - @Autowired IConfiguration config; - + private static final String GDA_RESP_STATUS_ACTIVE = "Aktiv"; + + private static final String ERROR_EHVD_00 = "ehvd.00"; + private static final String ERROR_EHVD_01 = "ehvd.01"; + private static final String ERROR_EHVD_02 = "ehvd.02"; + private static final String ERROR_CONFIG_05 = "config.05"; + + @Autowired + IConfiguration config; + private String ehvdBpkTarget; - + + private EHVD ehvdClient; + /** * Get user's GDA roles from EHVD Service. - * + * * @param identityLink IdentityLink of the user * @return {@link List} of Roles that are received from EHVD * @throws AuthenticationException In case of an EHVD communication error - * @throws EAAFBuilderException In case of a bPK generation error + * @throws EAAFBuilderException In case of a bPK generation error */ @Override @Nonnull - public List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException { - + public List getRoles(IIdentityLink identityLink) throws AuthenticationException, + EAAFBuilderException { + // get bPK for EHVD request - Pair ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), + final Pair ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), ehvdBpkTarget); - - - //TODO: request EHVD and handle errors - - //TODO: parse roles from response - - + + // request EHVD and handle errors + final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst()); + + // parse roles from response + return parseGdaResponse(gdaResp); + + } + + @Nonnull + private GdaIndexResponse requestingGda(String bpk) throws EhvdException { + try { + final GetGdaDescriptors gdaReq = buildGdaRequest(bpk); + Logger.debug("Requesting EHVD to get GDA status ... "); + final GdaIndexResponse gdaResp = ehvdClient.getGDA(gdaReq); + Logger.debug("Receive GDA status. Starting response validation ... "); + return gdaResp; + + } catch (final SOAPFaultException e) { + // extract reason for this error + String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() + : e.getMessage(); + + Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); + throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}, e); + + } catch (final Exception e) { + Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); + throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e); + + } + + } + + private List parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { + if (ehvdResp.getGda() != null) { + final GdaDescriptor gdaInfo = ehvdResp.getGda(); + if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) { + Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles"); + return gdaInfo.getRoles().getRole(); + + } else { + Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... "); + throw new EhvdException(ERROR_EHVD_00, null); + + } + + } else { + Logger.debug("Receive empty GDA response"); + // TODO: what we to in case of empty response? + + } + return Collections.emptyList(); - + + } + + private GetGdaDescriptors buildGdaRequest(String bPK) { + final GetGdaDescriptors req = new GetGdaDescriptors(); + final InstanceIdentifier gdaIdentifier = new InstanceIdentifier(); + gdaIdentifier.setOidIssuingAuthority(PVPAttributeDefinitions.BPK_OID); + gdaIdentifier.setId(bPK); + req.setHcIdentifier(gdaIdentifier); + return req; + } @PostConstruct - private void initialize() { - ehvdBpkTarget = config.getBasicConfiguration( - ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, - ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); - Logger.info("Initialize EHVD Client with bPK target: " + ehvdBpkTarget); + private void initialize() throws EAAFConfigurationException { + if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + initializeEhvdClient(); + + ehvdBpkTarget = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, + ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); + Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget); + + } else { + Logger.info("Skipping EHVD client because it's not active"); + + } + } + + private void initializeEhvdClient() throws EAAFConfigurationException { + Logger.debug("Initializing EHVD client ... "); + final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl"); + final EHVDService service = new EHVDService(url); + ehvdClient = service.getEHVDPort12(); + + // load service end-point URL from configuration + final String ehvdEndpointUrl = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT); + if (StringUtils.isEmpty(ehvdEndpointUrl)) { + Logger.error("Missing configuration for EHVD WebService endpoint. " + + "(Property: " + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT + ")"); + throw new EAAFConfigurationException(ERROR_CONFIG_05, + new Object[] { ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT }); + + } + + // inject service end-point URL + final Map requestContext = ((BindingProvider) ehvdClient).getRequestContext(); + requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ehvdEndpointUrl); + + // inject Logging handler + List handlerList = ((BindingProvider) ehvdClient).getBinding().getHandlerChain(); + if (handlerList == null) { + handlerList = new ArrayList<>(); + + } + + handlerList.add(new LoggingHandler()); + ((BindingProvider) ehvdClient).getBinding().setHandlerChain(handlerList); + + Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl); + + + // these code is only for local testing + String socksPort = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); + if (StringUtils.isNotEmpty(socksPort)) { + Logger.warn("Injecting SOCKS5 Proxy for service communication!"); + final Client client = ClientProxy.getClient(ehvdClient); + final HTTPConduit http = (HTTPConduit) client.getConduit(); + http.getClient().setProxyServerType(ProxyServerType.SOCKS); + http.getClient().setProxyServer("127.0.0.1"); + http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); + + } } - + } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties index 89fd19362..104342a9d 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties @@ -1,2 +1,5 @@ -ehvd.00=GDA Status inaktiv +ehvd.00=Für den abgefragtem GDA liegt keine Berechtigung vor +ehvd.01=Technischer Fehler bei der Abfrage von GDA Informationen. Ursache: {0} +ehvd.02=Fehler bei der Abfrage von GDA Informationen. Ursache: {0} + ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties index fca8fa8cd..400994330 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -1,2 +1,7 @@ test.01=aabbccdd -test.02=zzzyyyxxx \ No newline at end of file +test.02=zzzyyyxxx + +ehvd.00=7000 +ehvd.01=7001 +ehvd.02=7001 +ehvd.99=7099 \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl new file mode 100644 index 000000000..a1138f068 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl @@ -0,0 +1,220 @@ + + + + Service: eHVD + Version: 2 + Owner: BRZ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + eHVD Service Interfaces + + + + + + + + + + + + + + + + + + + + SOAP 1.2 Binding + + + + + + + + + + + + + + + + + + + + + + + + + + + + + eHVD Service + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java deleted file mode 100644 index 45f7a8fc4..000000000 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java +++ /dev/null @@ -1,131 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.ehvd.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.fail; - -import java.io.IOException; -import java.security.PublicKey; -import java.util.HashMap; -import java.util.Map; - -import javax.xml.transform.TransformerException; - -import org.apache.commons.lang3.RandomStringUtils; -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.util.Assert; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; -import org.w3c.dom.Element; - -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.IRequestStorage; -import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EAAFException; -import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; -import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; -import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; -import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ - "/test_ehvd_service_auth.beans.xml" }) -public class InjectEhvdIdentityInformationTaskTest { - - @Autowired InjectEhvdInformationTask task; - @Autowired DummyAuthConfigMap config; - @Autowired IRequestStorage storage; - - protected MockHttpServletRequest httpReq; - protected MockHttpServletResponse httpResp; - private ExecutionContext context; - private TestRequestImpl pendingReq; - private Map spConfigMap; - - @Before - public void initialize() throws EAAFParserException { - httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - context = new ExecutionContextImpl(); - - spConfigMap = new HashMap<>(); - spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); - - ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); - pendingReq = new TestRequestImpl(); - pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); - pendingReq.setSpConfig(spConfig); - - // re-set config - config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); - - //inject identityLink - final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( - AuthenticationSessionWrapper.class); - moaSession.setIdentityLink(TestUtils.generateDummyIdl( - RandomStringUtils.randomAlphanumeric(10), - EAAFConstants.URN_PREFIX_BASEID)); - - } - - @Test - public void noIdentityLinkInSession() { - final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( - AuthenticationSessionWrapper.class); - moaSession.setIdentityLink(null); - - try { - task.execute(pendingReq, context); - fail("wrong state not detected"); - - } catch (TaskExecutionException e) { - Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); - assertEquals("wrong errorCode", "process.04", ((EAAFException) e.getOriginalException()).getErrorId()); - - } - } - - - @Test - public void validateState() throws TaskExecutionException, PendingReqIdValidationException { - - task.execute(pendingReq, context); - - // validate state - IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); - assertNotNull("pendingReq not stored", storedReq); - - final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( - AuthenticationSessionWrapper.class); - - assertFalse("foreign", moaSession.isForeigner()); - assertFalse("mandate", moaSession.isMandateUsed()); - assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); - - } - -} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java new file mode 100644 index 000000000..585083a77 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java @@ -0,0 +1,141 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.tasks; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.net.SocketTimeoutException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.soap.Detail; +import javax.xml.soap.Name; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPFault; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.IfProfileValue; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Assert; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Attr; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.TypeInfo; +import org.w3c.dom.UserDataHandler; + +import com.github.skjolber.mockito.soap.Soap12EndpointRule; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDARoles; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDAStatus; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_qs_service_auth.beans.xml" }) +@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") +public class InjectEhvdIdentityInformationQsSystemTest { + + @Autowired + InjectEhvdInformationTask task; + @Autowired + DummyAuthConfigMap config; + @Autowired + IRequestStorage storage; + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + @Before + public void initialize() throws EAAFParserException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + final ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + } + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + // inject identityLink + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(TestUtils.generateDummyIdl( + RandomStringUtils.randomAlphanumeric(10), + EAAFConstants.URN_PREFIX_BASEID)); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSessionStored = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSessionStored.isForeigner()); + assertFalse("mandate", moaSessionStored.isMandateUsed()); + assertEquals("missing attributes", 1, moaSessionStored.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSessionStored.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java new file mode 100644 index 000000000..0c84a7bcf --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java @@ -0,0 +1,961 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.tasks; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.net.SocketTimeoutException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.soap.Detail; +import javax.xml.soap.Name; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPFault; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Assert; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Attr; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.TypeInfo; +import org.w3c.dom.UserDataHandler; + +import com.github.skjolber.mockito.soap.Soap12EndpointRule; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDARoles; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDAStatus; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class InjectEhvdIdentityInformationTaskTest { + + @Autowired + InjectEhvdInformationTask task; + @Autowired + DummyAuthConfigMap config; + @Autowired + IRequestStorage storage; + + @Rule + public final Soap12EndpointRule soap = Soap12EndpointRule.newInstance(); + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + private EHVD ehvdService; + + @Before + public void initialize() throws EAAFParserException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + final ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + // inject identityLink + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(TestUtils.generateDummyIdl( + RandomStringUtils.randomAlphanumeric(10), + EAAFConstants.URN_PREFIX_BASEID)); + + // mock EHVD service + ehvdService = soap.mock(EHVD.class, "http://localhost:1234/ehvd"); + + } + + @Test + public void noIdentityLinkInSession() { + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(null); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "process.04", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void noActiveGda() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(false, Arrays.asList(role1))); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.00", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void gdaGenericServiceError() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + when(ehvdService.getGDA(any())).thenThrow(new RuntimeException("No anwser from Service")); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.02", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void gdaServiceError() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String msg = RandomStringUtils.randomAlphabetic(10); + SOAPFault fault = generateSoaFault(msg); + SOAPFaultException error = new SOAPFaultException(fault ); + when(ehvdService.getGDA(any())).thenThrow(error); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.02", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = RandomStringUtils.randomAlphabetic(10); + String role2 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2))); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + role1 + ";" + role2, + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + } + + private GdaIndexResponse generateGdaResponse(boolean isActive, List roles) { + GdaIndexResponse resp = new GdaIndexResponse(); + GdaDescriptor gda = new GdaDescriptor(); + resp.setGda(gda); + + GDAStatus status = new GDAStatus(); + gda.setStatus(status); + status.setEhvdstatus(isActive ? "Aktiv" : "Inaktiv"); + + GDARoles gdaRoles = new GDARoles(); + gda.setRoles(gdaRoles); + gdaRoles.getRole().addAll(roles); + + return resp; + } + + private SOAPFault generateSoaFault(String msg) { + return new SOAPFault() { + + @Override + public void setIdAttributeNode(Attr idAttr, boolean isId) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setIdAttributeNS(String namespaceURI, String localName, boolean isId) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setIdAttribute(String name, boolean isId) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public Attr setAttributeNodeNS(Attr newAttr) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Attr setAttributeNode(Attr newAttr) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAttributeNS(String namespaceURI, String qualifiedName, String value) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setAttribute(String name, String value) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public Attr removeAttributeNode(Attr oldAttr) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void removeAttributeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void removeAttribute(String name) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public boolean hasAttributeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasAttribute(String name) { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getTagName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public TypeInfo getSchemaTypeInfo() { + // TODO Auto-generated method stub + return null; + } + + @Override + public NodeList getElementsByTagNameNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public NodeList getElementsByTagName(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Attr getAttributeNodeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Attr getAttributeNode(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttributeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttribute(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object setUserData(String key, Object data, UserDataHandler handler) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setTextContent(String textContent) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setPrefix(String prefix) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setNodeValue(String nodeValue) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public Node replaceChild(Node newChild, Node oldChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node removeChild(Node oldChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void normalize() { + // TODO Auto-generated method stub + + } + + @Override + public String lookupPrefix(String namespaceURI) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String lookupNamespaceURI(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isSupported(String feature, String version) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSameNode(Node other) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isEqualNode(Node arg) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isDefaultNamespace(String namespaceURI) { + // TODO Auto-generated method stub + return false; + } + + @Override + public Node insertBefore(Node newChild, Node refChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasChildNodes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Object getUserData(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTextContent() throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getPreviousSibling() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getParentNode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Document getOwnerDocument() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getNodeValue() throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public short getNodeType() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getNodeName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getNextSibling() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getNamespaceURI() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLocalName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getLastChild() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getFirstChild() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object getFeature(String feature, String version) { + // TODO Auto-generated method stub + return null; + } + + @Override + public NodeList getChildNodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBaseURI() { + // TODO Auto-generated method stub + return null; + } + + @Override + public NamedNodeMap getAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public short compareDocumentPosition(Node other) throws DOMException { + // TODO Auto-generated method stub + return 0; + } + + @Override + public Node cloneNode(boolean deep) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node appendChild(Node newChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setValue(String value) { + // TODO Auto-generated method stub + + } + + @Override + public void setParentElement(SOAPElement parent) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void recycleNode() { + // TODO Auto-generated method stub + + } + + @Override + public String getValue() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement getParentElement() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void detachNode() { + // TODO Auto-generated method stub + + } + + @Override + public void setEncodingStyle(String encodingStyle) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public SOAPElement setElementQName(QName newName) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean removeNamespaceDeclaration(String prefix) { + // TODO Auto-generated method stub + return false; + } + + @Override + public void removeContents() { + // TODO Auto-generated method stub + + } + + @Override + public boolean removeAttribute(QName qname) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean removeAttribute(Name name) { + // TODO Auto-generated method stub + return false; + } + + @Override + public Iterator getVisibleNamespacePrefixes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getNamespaceURI(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getNamespacePrefixes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getEncodingStyle() { + // TODO Auto-generated method stub + return null; + } + + @Override + public QName getElementQName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Name getElementName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getChildElements(QName qname) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getChildElements(Name name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getChildElements() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttributeValue(QName qname) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttributeValue(Name name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getAllAttributesAsQNames() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getAllAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public QName createQName(String localName, String prefix) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addTextNode(String text) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addNamespaceDeclaration(String prefix, String uri) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(String localName, String prefix, String uri) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(String localName, String prefix) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(SOAPElement element) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(String localName) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(QName qname) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(Name name) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addAttribute(QName qname, String value) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addAttribute(Name name, String value) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setFaultString(String faultString, Locale locale) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultString(String faultString) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultRole(String uri) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultNode(String uri) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultCode(String faultCode) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultCode(QName faultCodeQName) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultCode(Name faultCodeQName) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultActor(String faultActor) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void removeAllFaultSubcodes() { + // TODO Auto-generated method stub + + } + + @Override + public boolean hasDetail() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Iterator getFaultSubcodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Locale getFaultStringLocale() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultString() { + return msg; + + } + + @Override + public String getFaultRole() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getFaultReasonTexts() throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultReasonText(Locale locale) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getFaultReasonLocales() throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultNode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public QName getFaultCodeAsQName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Name getFaultCodeAsName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultCode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultActor() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Detail getDetail() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void appendFaultSubcode(QName subcode) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void addFaultReasonText(String text, Locale locale) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public Detail addDetail() throws SOAPException { + // TODO Auto-generated method stub + return null; + } + }; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java index 399980dbf..387aca540 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java @@ -39,7 +39,7 @@ public class MoaStatusMessagerTest { @Test public void checkErrorMessages() { assertEquals("new error msg", - "GDA Status inaktiv", messager.getMessage("ehvd.00", null)); + "Für den abgefragtem GDA liegt keine Berechtigung vor", messager.getMessage("ehvd.00", null)); assertEquals("new error msg", "Allgemeiner Fehler bei der Abfrage des EHVD Service", messager.getMessage("ehvd.99", null)); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java new file mode 100644 index 000000000..547401cc3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java @@ -0,0 +1,195 @@ +package com.github.skjolber.mockito.soap; + +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.ws.soap.SOAPBinding; +import javax.xml.ws.spi.Provider; + +import org.apache.cxf.Bus; +import org.apache.cxf.endpoint.EndpointException; +import org.apache.cxf.endpoint.ServerImpl; +import org.apache.cxf.jaxws.EndpointImpl; +import org.apache.cxf.jaxws.JaxWsServerFactoryBean; +import org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean; +import org.apache.cxf.service.ServiceImpl; +import org.apache.cxf.service.model.EndpointInfo; +import org.apache.cxf.transport.ChainInitiationObserver; +import org.apache.cxf.transport.Destination; +import org.apache.cxf.transport.DestinationFactory; +import org.apache.cxf.transport.DestinationFactoryManager; + + +/** + * Fork of {@link SoapEndpointRule} that set endpoint.setBindingUri(SOAPBinding.SOAP12HTTP_BINDING) + * into {@link EndpointImpl}. + * + * @author tlenz + * + */ +public class Soap12EndpointRule extends SoapServerRule { + private static final int PORT_RANGE_START = 1024 + 1; + private static final int PORT_RANGE_END = PortManager.PORT_RANGE_MAX; + + public static Soap12EndpointRule newInstance() { + return new Soap12EndpointRule(); + } + + private final Map endpoints = new HashMap<>(); + + private PortManager portManager; + + public Soap12EndpointRule() { + this(PORT_RANGE_START, PORT_RANGE_END); + } + + public Soap12EndpointRule(String... portNames) { + this(PORT_RANGE_START, PORT_RANGE_END, portNames); + } + + public Soap12EndpointRule(int portRangeStart, int portRangeEnd, String... portNames) { + portManager = new PortManager(portRangeStart, portRangeEnd) { + @Override + public Destination reserve(int port) throws Exception { + return createDestination(port); + } + + @Override + public void release(Destination destination) { + destination.shutdown(); + } + }; + + portManager.add(portNames); + } + + /** + * Returns the port number that was reserved for the given name. + * + * @param portName port name + * @return a valid port number if the port has been reserved, -1 otherwise + */ + public int getPort(String portName) { + return portManager.getPort(portName); + } + + /** + * Returns all port names and respective port numbers. + * + * @return a map of port name and port value (a valid port number if the port + * has been reserved, or -1 otherwise) + */ + public Map getPorts() { + return portManager.getPorts(); + } + + /** + * Attempt to reserve a port by starting a server. + * + * @param port port to reserve + * @return destination if successful + * @throws IOException + * @throws EndpointException + */ + private Destination createDestination(int port) throws IOException, EndpointException { + final JaxWsServiceFactoryBean jaxWsServiceFactoryBean = new JaxWsServiceFactoryBean(); + + final JaxWsServerFactoryBean serverFactoryBean = new JaxWsServerFactoryBean(jaxWsServiceFactoryBean); + final Bus bus = serverFactoryBean.getBus(); + + final String address = "http://localhost:" + port; + serverFactoryBean.setAddress(address); + + final DestinationFactory destinationFactory = bus.getExtension(DestinationFactoryManager.class) + .getDestinationFactoryForUri(address); + + final EndpointInfo ei = new EndpointInfo(null, Integer.toString(port)); + ei.setAddress(address); + + final Destination destination = destinationFactory.getDestination(ei, bus); + + final ServiceImpl serviceImpl = new ServiceImpl(); + + final org.apache.cxf.endpoint.Endpoint endpoint = new org.apache.cxf.endpoint.EndpointImpl(bus, + serviceImpl, ei); + destination.setMessageObserver(new ChainInitiationObserver(endpoint, bus)); + return destination; + } + + @Override + public void proxy(T target, Class port, String address, String wsdlLocation, + List schemaLocations, Map properties) { + assertValidParams(target, port, address); + + if (endpoints.containsKey(address)) { + throw new IllegalArgumentException("Endpoint " + address + " already exists"); + } + + final T serviceInterface = SoapServiceProxy.newInstance(target); + + final EndpointImpl endpoint = (EndpointImpl) Provider.provider().createEndpoint(null, serviceInterface); + endpoint.setBindingUri(SOAPBinding.SOAP12HTTP_BINDING); + + if (wsdlLocation != null) { + endpoint.setWsdlLocation(wsdlLocation); + } + + if (schemaLocations != null) { + endpoint.setSchemaLocations(schemaLocations); + } + + endpoint.setProperties(processProperties(properties, wsdlLocation, schemaLocations)); + + final Destination destination = portManager.getData(parsePort(address)); + if (destination != null) { + final ServerImpl server = endpoint.getServer(); + server.setDestination(destination); + } + + endpoint.publish(address); + + endpoints.put(address, endpoint); + } + + @Override + protected void before() { + // reserve all ports + portManager.start(); + } + + @Override + protected void after() { + destroy(); + } + + /** + * Stop and remove endpoints, keeping port reservations. + */ + public void clear() { + endpoints.values().forEach(EndpointImpl::stop); + endpoints.clear(); + } + + @Override + public void destroy() { + endpoints.values().forEach(endpoint -> { + endpoint.stop(); + endpoint.getBus().shutdown(true); + }); + endpoints.clear(); + portManager.stop(); + } + + @Override + public void stop() { + endpoints.values().forEach(endpoint -> endpoint.getServer().stop()); + } + + @Override + public void start() { + // republish + endpoints.values().forEach(endpoint -> endpoint.getServer().start()); + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties index bc71dc6ab..43e900f4b 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties @@ -3,3 +3,6 @@ modules.ehvd.sp.1=aaabbccddeeffgg modules.ehvd.sp.2=yyasdfasfsa2323 modules.ehvd.sp.3= modules.ehvd.sp.4=435344534egewgegf + +modules.ehvd.service.url=http://localhost:1234/ehvd +#modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties new file mode 100644 index 000000000..13ecdab2b --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties @@ -0,0 +1,8 @@ +modules.ehvd.enabled=true +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3= +modules.ehvd.sp.4=435344534egewgegf + +modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at +modules.ehvd.proxy.socks.port=12345 diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml new file mode 100644 index 000000000..0595d4eb4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml @@ -0,0 +1,19 @@ + + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3 From 7abe41afdb6f454e02126dbc90fb0352d0d15f74 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 30 Jul 2021 09:16:47 +0200 Subject: throw a specific error in case of a EHVD response that contains no GDA information --- .../modules/ehvd/service/EhvdCommunicationService.java | 12 +++++------- .../resources/properties/id_messages.properties | 1 + .../properties/protocol_response_statuscodes.properties | 1 + .../InjectEhvdIdentityInformationQsSystemTest.java | 4 ++-- .../tasks/InjectEhvdIdentityInformationTaskTest.java | 17 +++++++++++++++++ 5 files changed, 26 insertions(+), 9 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index ab4a70751..2ef79a141 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -51,6 +51,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { private static final String ERROR_EHVD_00 = "ehvd.00"; private static final String ERROR_EHVD_01 = "ehvd.01"; private static final String ERROR_EHVD_02 = "ehvd.02"; + private static final String ERROR_EHVD_03 = "ehvd.03"; private static final String ERROR_CONFIG_05 = "config.05"; @Autowired @@ -100,8 +101,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { // extract reason for this error String errorMsg = e.getFault() != null ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() - : e.getMessage(); - + : e.getMessage(); Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}, e); @@ -127,13 +127,11 @@ public class EhvdCommunicationService implements IEhvdCommunication { } } else { - Logger.debug("Receive empty GDA response"); - // TODO: what we to in case of empty response? + Logger.info("Receive empty GDA response"); + throw new EhvdException(ERROR_EHVD_03, new Object[] {}); + } - - return Collections.emptyList(); - } private GetGdaDescriptors buildGdaRequest(String bPK) { diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties index 104342a9d..643893413 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties @@ -1,5 +1,6 @@ ehvd.00=Für den abgefragtem GDA liegt keine Berechtigung vor ehvd.01=Technischer Fehler bei der Abfrage von GDA Informationen. Ursache: {0} ehvd.02=Fehler bei der Abfrage von GDA Informationen. Ursache: {0} +ehvd.03=Antwort des EHVD Service beinhaltet keine GDA Informationen ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties index 400994330..72048b8e3 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -4,4 +4,5 @@ test.02=zzzyyyxxx ehvd.00=7000 ehvd.01=7001 ehvd.02=7001 +ehvd.03=7001 ehvd.99=7099 \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java index 585083a77..e77e2db58 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java @@ -120,8 +120,8 @@ public class InjectEhvdIdentityInformationQsSystemTest { final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( AuthenticationSessionWrapper.class); moaSession.setIdentityLink(TestUtils.generateDummyIdl( - RandomStringUtils.randomAlphanumeric(10), - EAAFConstants.URN_PREFIX_BASEID)); + "SUTFhJ/FXHmLGfTFchYnnWG/e3A=", + EAAFConstants.URN_PREFIX_CDID + "GH")); task.execute(pendingReq, context); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java index 0c84a7bcf..8620ef98b 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java @@ -196,6 +196,23 @@ public class InjectEhvdIdentityInformationTaskTest { } } + @Test + public void noGdaInfosInResponse() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + GdaIndexResponse gdaResponse = new GdaIndexResponse(); + when(ehvdService.getGDA(any())).thenReturn(gdaResponse); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.03", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + @Test public void validateState() throws TaskExecutionException, PendingReqIdValidationException { // set-up EHVD response -- cgit v1.2.3 From eed64f78c6e0dd37145b373d7218c07c0f4a8a33 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 30 Jul 2021 11:16:49 +0200 Subject: do not forward SOAP exception into MOA-ID exception handling because child objects of SOAP exceptions are not serializable --- .../ehvd/service/EhvdCommunicationService.java | 2 +- .../InjectEhvdIdentityInformationQsSystemTest.java | 30 ++++++++++++++++++++++ .../resources/config/config_qs_service.properties | 1 + 3 files changed, 32 insertions(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index 2ef79a141..51bae6dfd 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -103,7 +103,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() : e.getMessage(); Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); - throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}, e); + throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); } catch (final Exception e) { Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java index e77e2db58..8bccefc8d 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java @@ -25,6 +25,7 @@ import javax.xml.ws.soap.SOAPFaultException; import org.apache.commons.lang3.RandomStringUtils; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; @@ -92,6 +93,35 @@ public class InjectEhvdIdentityInformationQsSystemTest { private TestRequestImpl pendingReq; private Map spConfigMap; + @BeforeClass + public static void classInitializer() { + System.setProperty( + "https.cipherSuites", + //high secure RSA bases ciphers + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + + + //high secure ECC bases ciphers + ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + + ",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" + + ",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" + + ",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" + + ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + + ",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + + + //secure backup chipers + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_256_CBC_SHA" + ); + + } + @Before public void initialize() throws EAAFParserException { httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties index 13ecdab2b..2f6c45365 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties @@ -5,4 +5,5 @@ modules.ehvd.sp.3= modules.ehvd.sp.4=435344534egewgegf modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at +#modules.ehvd.service.bpk.target= modules.ehvd.proxy.socks.port=12345 -- cgit v1.2.3 From e8fba75fda7841ba9ad584553abf23be1adee0ef Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 30 Jul 2021 11:18:15 +0200 Subject: fix bug in definition of allowed SSL CipherSuites that results in a error during SSL hand-shake --- .../java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index b0f452861..baf4349e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -77,10 +77,10 @@ public class MOAIDAuthInitializer { System.setProperty( "https.cipherSuites", //high secure RSA bases ciphers - ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + - ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + - ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + - ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + //high secure ECC bases ciphers ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + -- cgit v1.2.3 From ef16b7e22800a5b200e58dd83fc406bb94dd671a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 30 Jul 2021 11:28:23 +0200 Subject: Log some EHVD faults on INFO level because they are well known --- .../ehvd/service/EhvdCommunicationService.java | 35 +++++++++++++++++----- 1 file changed, 28 insertions(+), 7 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index 51bae6dfd..a25a7f421 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -5,6 +5,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Set; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -19,6 +20,8 @@ import org.apache.cxf.transport.http.HTTPConduit; import org.apache.cxf.transports.http.configuration.ProxyServerType; import org.springframework.beans.factory.annotation.Autowired; +import com.google.common.collect.Sets; + import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; @@ -53,7 +56,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { private static final String ERROR_EHVD_02 = "ehvd.02"; private static final String ERROR_EHVD_03 = "ehvd.03"; private static final String ERROR_CONFIG_05 = "config.05"; - + + private static final Set SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002"); + @Autowired IConfiguration config; @@ -98,12 +103,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { return gdaResp; } catch (final SOAPFaultException e) { - // extract reason for this error - String errorMsg = e.getFault() != null - ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() - : e.getMessage(); - Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); - throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); + throw handleSoapFaultError(e); } catch (final Exception e) { Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); @@ -113,6 +113,27 @@ public class EhvdCommunicationService implements IEhvdCommunication { } + private EhvdException handleSoapFaultError(SOAPFaultException e) { + // extract reason for this error + String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() + : e.getMessage(); + + if (SERVICE_ERRORS_LOG_INFO.stream() + .filter(el -> errorMsg.contains(el)) + .findFirst() + .isPresent()) { + Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + + } else { + Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); + + } + + return new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); + + } + private List parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { if (ehvdResp.getGda() != null) { final GdaDescriptor gdaInfo = ehvdResp.getGda(); -- cgit v1.2.3 From 031d236181704248475554ebf7ae373096637a4f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Sep 2021 13:45:25 +0200 Subject: update EHVD Role filtering and mapping --- .../auth/modules/ehvd/ConfigurationProperties.java | 3 + .../auth/modules/ehvd/EhvdServiceAuthModule.java | 10 +- .../EhvdServiceAuthSpringResourceProvider.java | 55 +++++----- .../ehvd/attributes/PvpRoleAttributeBuilder.java | 25 +++-- .../auth/modules/ehvd/exception/EhvdException.java | 4 +- .../ehvd/service/EhvdCommunicationService.java | 111 ++++++++++++++++----- .../modules/ehvd/service/IEhvdCommunication.java | 6 +- .../ehvd/task/InjectEhvdInformationTask.java | 36 +++---- .../resources/properties/id_messages.properties | 1 + .../protocol_response_statuscodes.properties | 1 + .../attributes/PvpRoleAttributeBuilderTest.java | 26 +++++ .../InjectEhvdIdentityInformationTaskTest.java | 80 ++++++++++++++- .../src/test/resources/config/config1.properties | 3 + 13 files changed, 268 insertions(+), 93 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java index 07d65f2f5..035e59387 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -34,6 +34,9 @@ public class ConfigurationProperties { public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target"; public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url"; + public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex"; + + public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp"; public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port"; diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java index 917c226a2..d087b9fe2 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java @@ -107,20 +107,20 @@ public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl { if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); - Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ...."); - boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq)); + Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ...."); + final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq)); if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) { - Logger.debug("EHVD communication is allowed for SP: " + spEntityID); + Logger.debug("EHVD communication is allowed for SP: " + spEntityID); return "DefaultAuthenticationWithEHVDInteraction"; } else { if (Logger.isDebugEnabled()) { if (ccAuthRequested) { Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication."); - + } else { Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too"); - + } } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java index ea0695a1a..589a316fe 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java @@ -33,30 +33,39 @@ import at.gv.egiz.components.spring.api.SpringResourceProvider; */ public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider { - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() - */ - @Override - public Resource[] getResourcesToLoad() { - ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", EhvdServiceAuthSpringResourceProvider.class); - return new Resource[] {authConfig}; - } + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", + EhvdServiceAuthSpringResourceProvider.class); + return new Resource[] { authConfig }; + } - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() - */ - @Override - public String[] getPackagesToScan() { - // TODO Auto-generated method stub - return null; - } + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() - */ - @Override - public String getName() { - return "Module for 'Dummy Authentication'"; - } + /* + * (non-Javadoc) + * + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "Module for 'Dummy Authentication'"; + } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java index 0f1c96aa8..a79aa86dd 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java @@ -15,44 +15,43 @@ import at.gv.egovernment.moa.logging.Logger; public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder { private static final String ROLE_NAME_DELIMITER = ";"; - + @Override public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { if (authData instanceof IMOAAuthData) { - IMOAAuthData moaAuthData = (IMOAAuthData)authData; - if (moaAuthData.getAuthenticationRoles() != null + final IMOAAuthData moaAuthData = (IMOAAuthData) authData; + if (moaAuthData.getAuthenticationRoles() != null && !moaAuthData.getAuthenticationRoles().isEmpty()) { return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME, moaAuthData.getAuthenticationRoles().stream() .map(el -> el.getRawRoleString()) .collect(Collectors.joining(ROLE_NAME_DELIMITER))); - - + } else { Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME); - + } - + } else { Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context"); - + } - + return null; - + } @Override public ATT buildEmpty(IAttributeGenerator g) { return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME); - + } @Override public String getName() { return ROLES_NAME; - + } - + } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java index daab154bc..f621d1bb4 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java @@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.exception; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -public class EhvdException extends AuthenticationException{ +public class EhvdException extends AuthenticationException { private static final long serialVersionUID = 380654627005502948L; @@ -15,5 +15,5 @@ public class EhvdException extends AuthenticationException{ super(messageId, parameters, e); } - + } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index a25a7f421..900adaff7 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -2,10 +2,12 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; import java.net.URL; import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -29,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; @@ -55,16 +58,20 @@ public class EhvdCommunicationService implements IEhvdCommunication { private static final String ERROR_EHVD_01 = "ehvd.01"; private static final String ERROR_EHVD_02 = "ehvd.02"; private static final String ERROR_EHVD_03 = "ehvd.03"; + private static final String ERROR_EHVD_04 = "ehvd.04"; private static final String ERROR_CONFIG_05 = "config.05"; - + private static final Set SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002"); - + @Autowired IConfiguration config; private String ehvdBpkTarget; private EHVD ehvdClient; + private Pattern ehvdRolePattern; + + private List ehvhPvpRoleList; /** * Get user's GDA roles from EHVD Service. @@ -102,9 +109,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { Logger.debug("Receive GDA status. Starting response validation ... "); return gdaResp; - } catch (final SOAPFaultException e) { + } catch (final SOAPFaultException e) { throw handleSoapFaultError(e); - + } catch (final Exception e) { Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e); @@ -114,24 +121,25 @@ public class EhvdCommunicationService implements IEhvdCommunication { } private EhvdException handleSoapFaultError(SOAPFaultException e) { - // extract reason for this error - String errorMsg = e.getFault() != null - ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() + // extract reason for this error + final String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() + : e.getMessage() : e.getMessage(); - + if (SERVICE_ERRORS_LOG_INFO.stream() - .filter(el -> errorMsg.contains(el)) - .findFirst() - .isPresent()) { - Logger.info("EHVD communication failed with SOAP response: " + errorMsg); - + .filter(el -> errorMsg.contains(el)) + .findFirst() + .isPresent()) { + Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + } else { Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); - - } - - return new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); - + + } + + return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); + } private List parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { @@ -139,7 +147,24 @@ public class EhvdCommunicationService implements IEhvdCommunication { final GdaDescriptor gdaInfo = ehvdResp.getGda(); if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) { Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles"); - return gdaInfo.getRoles().getRole(); + + // match roles with regex from configuration + final Optional validGdaRole = gdaInfo.getRoles().getRole().stream() + .filter(el -> matchGdaRole(el)) + .findFirst(); + + if (validGdaRole.isPresent()) { + Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: " + + StringUtils.join(ehvhPvpRoleList, ",") + " into Session"); + + // set role into response + return ehvhPvpRoleList; + + } else { + Logger.info("No valid GDA role in EHVD response"); + throw new EhvdException(ERROR_EHVD_04, null); + + } } else { Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... "); @@ -150,11 +175,19 @@ public class EhvdCommunicationService implements IEhvdCommunication { } else { Logger.info("Receive empty GDA response"); throw new EhvdException(ERROR_EHVD_03, new Object[] {}); - } } + private boolean matchGdaRole(String role) { + final Matcher matcher = ehvdRolePattern.matcher(role); + final boolean matches = matcher.matches(); + Logger.trace(matches ? "EHVD role: " + role + " matches" + : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString()); + return matches; + + } + private GetGdaDescriptors buildGdaRequest(String bPK) { final GetGdaDescriptors req = new GetGdaDescriptors(); final InstanceIdentifier gdaIdentifier = new InstanceIdentifier(); @@ -170,17 +203,45 @@ public class EhvdCommunicationService implements IEhvdCommunication { if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { initializeEhvdClient(); + // load EHVD bPK target ehvdBpkTarget = config.getBasicConfiguration( ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget); + // load Regex to match EHVD Roles to PVP Roles + final String ehvdRoleRegex = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + ehvdRolePattern = Pattern.compile(ehvdRoleRegex); + + Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString()); + + // load PVP Roles for EHVD integration + final String ehvdPvpRole = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PVP_ROLE); + checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE); + ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole); + Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ",")); + } else { Logger.info("Skipping EHVD client because it's not active"); } } + private void checkConfigPropertyNotNull(String valueToCheck, String configPropName) + throws EAAFConfigurationException { + if (StringUtils.isEmpty(valueToCheck)) { + Logger.error("Missing configuration for EHVD module. " + + "(Property: " + configPropName + ")"); + throw new EAAFConfigurationException(ERROR_CONFIG_05, + new Object[] { configPropName }); + + } + + } + private void initializeEhvdClient() throws EAAFConfigurationException { Logger.debug("Initializing EHVD client ... "); final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl"); @@ -214,9 +275,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl); - // these code is only for local testing - String socksPort = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); + final String socksPort = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); if (StringUtils.isNotEmpty(socksPort)) { Logger.warn("Injecting SOCKS5 Proxy for service communication!"); final Client client = ClientProxy.getClient(ehvdClient); @@ -224,9 +285,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { http.getClient().setProxyServerType(ProxyServerType.SOCKS); http.getClient().setProxyServer("127.0.0.1"); http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); - + } - + } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java index 8a9c7db5c..2d9291ed7 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java @@ -2,8 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; import java.util.List; -import javax.annotation.Nonnull; - import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -12,11 +10,11 @@ public interface IEhvdCommunication { /** * Get user's GDA roles from EHVD Service. - * + * * @param identityLink IdentityLink of the user * @return {@link List} of Roles that are received from EHVD * @throws AuthenticationException In case of an EHVD communication error - * @throws EAAFBuilderException In case of a bPK generation error + * @throws EAAFBuilderException In case of a bPK generation error */ List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException; diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java index b44863b80..8f22c6ffc 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java @@ -31,16 +31,14 @@ import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; /** @@ -50,8 +48,9 @@ import at.gv.egovernment.moa.logging.Logger; @Component("InjectEhvdInformationTask") public class InjectEhvdInformationTask extends AbstractAuthServletTask { - @Autowired IEhvdCommunication ehvdService; - + @Autowired + IEhvdCommunication ehvdService; + /* * (non-Javadoc) * @@ -66,17 +65,19 @@ public class InjectEhvdInformationTask extends AbstractAuthServletTask { HttpServletResponse response) throws TaskExecutionException { try { - final AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - + final AuthenticationSessionWrapper session = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + // validate internal state validateInternalState(session); - + // requesting roles from EHVD - List ehvdRoles = ehvdService.getRoles(session.getIdentityLink()); - - // inject EHVD roles - session.setGenericDataToSession(PVPConstants.ROLES_NAME, StringUtils.join(ehvdRoles, ";")); - + final List ehvdRoles = ehvdService.getRoles(session.getIdentityLink()); + + // inject EHVD roles + session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME, + StringUtils.join(ehvdRoles, ";")); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -90,14 +91,13 @@ public class InjectEhvdInformationTask extends AbstractAuthServletTask { } private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException { - //check if identityLink is available - if (session.getIdentityLink() == null ) { + // check if identityLink is available + if (session.getIdentityLink() == null) { Logger.error("No IdentityLink in session. There is an internal error in process definition"); throw new AuthenticationException("process.04", null); - + } - - + } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties index 643893413..b4a752a2d 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties @@ -2,5 +2,6 @@ ehvd.00=F ehvd.01=Technischer Fehler bei der Abfrage von GDA Informationen. Ursache: {0} ehvd.02=Fehler bei der Abfrage von GDA Informationen. Ursache: {0} ehvd.03=Antwort des EHVD Service beinhaltet keine GDA Informationen +ehvd.04=Keine gültige EHVD Role gefunden ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties index 72048b8e3..5c98c199b 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -5,4 +5,5 @@ ehvd.00=7000 ehvd.01=7001 ehvd.02=7001 ehvd.03=7001 +ehvd.04=7002 ehvd.99=7099 \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java index df02c6f4e..cabd8df19 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -27,6 +28,7 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder; import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; @RunWith(SpringJUnit4ClassRunner.class) @@ -99,6 +101,8 @@ public class PvpRoleAttributeBuilderTest { // validate state assertNotNull("wrong attr. value", attrValue); + assertFalse("List delimiter after last element" ,attrValue.endsWith(";")); + String[] el = attrValue.split(";"); assertEquals("wrong role count", 4, el.length); @@ -110,6 +114,28 @@ public class PvpRoleAttributeBuilderTest { } + @Test + public void brzProductionRole() throws AttributeBuilderException { + + IAuthData authData = generateAuthData(Arrays.asList( + AuthenticationRoleFactory.buildFormPVPole("EPI-GDA()"))); + + // perform test + String attrValue = toTest.build(oaParam, authData, g); + + // validate state + assertNotNull("wrong attr. value", attrValue); + assertFalse("List delimiter after last element" ,attrValue.endsWith(";")); + + + String[] el = attrValue.split(";"); + assertEquals("wrong role count", 1, el.length); + assertEquals("wrong 1. role", "EPI-GDA()", el[0]); + + assertEquals("wrong role attr. value", "EPI-GDA()", attrValue); + + } + private IAuthData generateAuthData(List roles) { MOAAuthenticationData authData = new MOAAuthenticationData(null); if (roles != null) { diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java index 8620ef98b..adedd1d02 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java @@ -7,7 +7,6 @@ import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; -import java.net.SocketTimeoutException; import java.util.Arrays; import java.util.HashMap; import java.util.Iterator; @@ -213,13 +212,61 @@ public class InjectEhvdIdentityInformationTaskTest { } } + @Test - public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + public void noValidGdaRole() throws TaskExecutionException, PendingReqIdValidationException { // set-up EHVD response String role1 = RandomStringUtils.randomAlphabetic(10); String role2 = RandomStringUtils.randomAlphabetic(10); when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2))); + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.04", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + + @Test + public void validateStateWithRandomData() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = RandomStringUtils.randomAlphabetic(10); + String role2 = "1.2.40.0.34.5.2:101"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + "EPI-GDA()", + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + } + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = "1.2.40.0.33.5.2.101"; + String role2 = "1.2.40.0.34.5.2:100"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + task.execute(pendingReq, context); // validate state @@ -234,11 +281,38 @@ public class InjectEhvdIdentityInformationTaskTest { assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); assertEquals("wrong role attr", - role1 + ";" + role2, + "EPI-GDA()", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); } + @Test + public void validateStateSecondOid() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = "1.2.40.0.33.5.2.101"; + String role2 = "1.2.40.0.34.5.2:158"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + "EPI-GDA()", + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + } + private GdaIndexResponse generateGdaResponse(boolean isActive, List roles) { GdaIndexResponse resp = new GdaIndexResponse(); GdaDescriptor gda = new GdaDescriptor(); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties index 43e900f4b..263192c07 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties @@ -6,3 +6,6 @@ modules.ehvd.sp.4=435344534egewgegf modules.ehvd.service.url=http://localhost:1234/ehvd #modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at + +modules.ehvd.role.pvp=EPI-GDA() +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ \ No newline at end of file -- cgit v1.2.3 From 37a34d1422fbde8813b4a6027b33e0549d753637 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Sep 2021 13:46:32 +0200 Subject: switch EHVD module to RC1 version --- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 6a8110a28..7d9f0ed44 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -228,7 +228,7 @@ moa-id-module-EID_connector - + MOA.id.server.modules moa-id-module-ehvd_integration diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 50075abfe..1f5582339 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -170,6 +170,11 @@ MOA.id.server.modules moa-id-module-EID_connector + + + MOA.id.server.modules + moa-id-module-ehvd_integration + -- cgit v1.2.3 From e0f2c884de659fb1bd3670bdc1ac04edf2382552 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Sep 2021 12:11:11 +0200 Subject: add jUnit test to check generic data-transfer in AuthenticationDataBuilder --- .../auth/data/AuthenticationDataBuilderTest.java | 34 +++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 645cb601f..a3a717072 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -1,9 +1,12 @@ package at.gv.egovernment.moa.id.config.auth.data; +import static org.junit.Assert.assertEquals; + import java.io.ByteArrayInputStream; import java.util.Arrays; import java.util.List; +import org.apache.commons.lang3.RandomStringUtils; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -13,6 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; + import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.data.IMOAAuthData; @@ -153,6 +158,33 @@ public class AuthenticationDataBuilderTest { } + @Test + public void genericDataTransfer() throws Exception { + TestRequestImpl pendingReq = new TestRequestImpl(); + DummyOAConfig oaParam = new DummyOAConfig(); + oaParam.setHasBaseIdTransferRestriction(false); + oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH"); + oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a")); + pendingReq.setSpConfig(oaParam); + + final AuthenticationSessionWrapper session = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink()); + + // set random data to transfer + String key = RandomStringUtils.randomAlphabetic(5); + String value = RandomStringUtils.randomAlphabetic(5); + session.setGenericDataToSession(key, value); + + + // execute test + IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); + + + assertEquals("generic data-transfer failed", value, authData.getGenericData(key, String.class)); + + } + @Test public void buildAuthDataWithIDLOnly_1() throws Exception { @@ -166,7 +198,7 @@ public class AuthenticationDataBuilderTest { IAuthenticationSession session = new DummyAuthSession(); session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink()); pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession()); - + IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); -- cgit v1.2.3 From 664c9bcffc537dc206140f03ca0a7c9b81b396cd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Sep 2021 12:37:14 +0200 Subject: update EHVD communication-task to implement new requirements from BRZ --- .../auth/modules/ehvd/ConfigurationProperties.java | 12 +++++++ .../ehvd/service/EhvdCommunicationService.java | 32 +++++++++++++++-- .../modules/ehvd/service/IEhvdCommunication.java | 7 ++-- .../ehvd/task/InjectEhvdInformationTask.java | 10 ++++-- .../InjectEhvdIdentityInformationTaskTest.java | 42 +++++++++++++++++++--- 5 files changed, 90 insertions(+), 13 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java index 035e59387..d1f7c47b2 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -42,6 +42,18 @@ public class ConfigurationProperties { public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH"; + + //TODO: define custom EHVD SAML2 attributes + public static final String ATTRIBUTE_URN_EHVD_PREFIX = "urn:brzgvat:attributes.ehvd."; + public static final String ATTRIBUTE_URN_EHVD_TITLE = ATTRIBUTE_URN_EHVD_PREFIX + "title"; + public static final String ATTRIBUTE_URN_EHVD_FIRSTNAME = ATTRIBUTE_URN_EHVD_PREFIX + "firstname"; + public static final String ATTRIBUTE_URN_EHVD_SURNAME = ATTRIBUTE_URN_EHVD_PREFIX + "surname"; + public static final String ATTRIBUTE_URN_EHVD_ZIPCODE = ATTRIBUTE_URN_EHVD_PREFIX + "zip"; + public static final String ATTRIBUTE_URN_EHVD_STATE = ATTRIBUTE_URN_EHVD_PREFIX + "state"; + public static final String ATTRIBUTE_URN_EHVD_ID = ATTRIBUTE_URN_EHVD_PREFIX + "id"; + public static final String ATTRIBUTE_URN_EHVD_OTHERID = ATTRIBUTE_URN_EHVD_PREFIX + "otherid"; + + private ConfigurationProperties() { // hide constructor or static class } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index 900adaff7..cf58fe718 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -83,7 +83,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { */ @Override @Nonnull - public List getRoles(IIdentityLink identityLink) throws AuthenticationException, + public EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException { // get bPK for EHVD request @@ -96,7 +96,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst()); // parse roles from response - return parseGdaResponse(gdaResp); + return EhvdResponseHolder.getInstance(gdaResp.getGda(), parseGdaResponse(gdaResp)); } @@ -287,7 +287,33 @@ public class EhvdCommunicationService implements IEhvdCommunication { http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); } - } + public static class EhvdResponseHolder { + final List roles; + final GdaDescriptor fullGdaResponse; + + + public static EhvdResponseHolder getInstance(GdaDescriptor gdaInfo, List processedRoles) { + return new EhvdResponseHolder(gdaInfo, processedRoles); + + } + + private EhvdResponseHolder(GdaDescriptor gdaInfo, List processedRoles) { + this.roles = processedRoles; + this.fullGdaResponse = gdaInfo; + + } + + public List getRoles() { + return roles; + } + + public GdaDescriptor getFullGdaResponse() { + return fullGdaResponse; + } + + + + } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java index 2d9291ed7..6b7c7e2f5 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java @@ -1,10 +1,9 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; -import java.util.List; - import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder; public interface IEhvdCommunication { @@ -12,10 +11,10 @@ public interface IEhvdCommunication { * Get user's GDA roles from EHVD Service. * * @param identityLink IdentityLink of the user - * @return {@link List} of Roles that are received from EHVD + * @return {@link EhvdResponseHolder} that contains the Roles received from EHVD and the full GDA response * @throws AuthenticationException In case of an EHVD communication error * @throws EAAFBuilderException In case of a bPK generation error */ - List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException; + EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException; } \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java index 8f22c6ffc..ee5dbb2fd 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java @@ -37,6 +37,8 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder; import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; @@ -72,12 +74,16 @@ public class InjectEhvdInformationTask extends AbstractAuthServletTask { validateInternalState(session); // requesting roles from EHVD - final List ehvdRoles = ehvdService.getRoles(session.getIdentityLink()); + final EhvdResponseHolder ehvdResponse = ehvdService.getRoles(session.getIdentityLink()); // inject EHVD roles session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME, - StringUtils.join(ehvdRoles, ";")); + StringUtils.join(ehvdResponse.getRoles(), ";")); + // inject full EHVD response + session.setGenericDataToSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, + ehvdResponse.getFullGdaResponse()); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java index adedd1d02..818a2c34b 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java @@ -1,8 +1,10 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.test.tasks; +import static org.hamcrest.CoreMatchers.instanceOf; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; @@ -61,11 +63,14 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDARoles; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDAStatus; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; @@ -251,7 +256,7 @@ public class InjectEhvdIdentityInformationTaskTest { assertFalse("foreign", moaSession.isForeigner()); assertFalse("mandate", moaSession.isMandateUsed()); - assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size()); assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); assertEquals("wrong role attr", "EPI-GDA()", @@ -278,7 +283,7 @@ public class InjectEhvdIdentityInformationTaskTest { assertFalse("foreign", moaSession.isForeigner()); assertFalse("mandate", moaSession.isMandateUsed()); - assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size()); assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); assertEquals("wrong role attr", "EPI-GDA()", @@ -292,7 +297,8 @@ public class InjectEhvdIdentityInformationTaskTest { String role1 = "1.2.40.0.33.5.2.101"; String role2 = "1.2.40.0.34.5.2:158"; String role3 = RandomStringUtils.randomAlphabetic(10); - when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + GdaIndexResponse gdaResponse = generateGdaResponse(true, Arrays.asList(role1, role2, role3)); + when(ehvdService.getGDA(any())).thenReturn(gdaResponse); task.execute(pendingReq, context); @@ -305,11 +311,17 @@ public class InjectEhvdIdentityInformationTaskTest { assertFalse("foreign", moaSession.isForeigner()); assertFalse("mandate", moaSession.isMandateUsed()); - assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size()); assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); assertEquals("wrong role attr", "EPI-GDA()", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + assertNotNull("no full GDA response", + moaSession.getGenericDataFromSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX)); + assertTrue("wrong GDA response type", + moaSession.getGenericDataFromSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX) instanceof GdaDescriptor); + } @@ -322,6 +334,20 @@ public class InjectEhvdIdentityInformationTaskTest { gda.setStatus(status); status.setEhvdstatus(isActive ? "Aktiv" : "Inaktiv"); + gda.setFirstname(RandomStringUtils.randomAlphabetic(5)); + gda.setSurname(RandomStringUtils.randomAlphabetic(5)); + gda.setTitle(RandomStringUtils.randomAlphabetic(5)); + + InstanceIdentifier id = new InstanceIdentifier(); + id.setId(RandomStringUtils.randomAlphabetic(5)); + gda.setId(id); + + gda.getOtherID().add(RandomStringUtils.randomAlphabetic(5)); + gda.getOtherID().add(RandomStringUtils.randomAlphabetic(5)); + + gda.getAddress().add(generateAddress()); + gda.getAddress().add(generateAddress()); + GDARoles gdaRoles = new GDARoles(); gda.setRoles(gdaRoles); gdaRoles.getRole().addAll(roles); @@ -329,6 +355,14 @@ public class InjectEhvdIdentityInformationTaskTest { return resp; } + private GdaAddress generateAddress() { + GdaAddress address = new GdaAddress(); + address.setZip(RandomStringUtils.randomNumeric(4)); + address.setState(RandomStringUtils.randomAlphabetic(10)); + return address; + + } + private SOAPFault generateSoaFault(String msg) { return new SOAPFault() { -- cgit v1.2.3 From 90eac625e68bdb9aaf1397b04f242fb94381bd4c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 16 Sep 2021 09:48:24 +0200 Subject: add new attribute builder for EHVD specific attributes --- .../auth/modules/ehvd/ConfigurationProperties.java | 1 + .../attributes/AbstractEhvdAttributeBuilder.java | 51 ++++++++++ .../EhvdAddressStateAttributeBuilder.java | 28 ++++++ .../EhvdAddressZipcodeAttributeBuilder.java | 28 ++++++ .../attributes/EhvdFirstnameAttributeBuilder.java | 22 +++++ .../ehvd/attributes/EhvdIdAttributeBuilder.java | 22 +++++ .../attributes/EhvdOtherIdAttributeBuilder.java | 54 +++++++++++ .../attributes/EhvdSurnameAttributeBuilder.java | 22 +++++ .../ehvd/attributes/EhvdTitelAttributeBuilder.java | 22 +++++ .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 4 + .../AbstractEhvdAttributeBuilderTest.java | 97 +++++++++++++++++++ .../EhvdAddressStateAttributeBuilderTest.java | 106 ++++++++++++++++++++ .../EhvdAddressZipAttributeBuilderTest.java | 107 +++++++++++++++++++++ .../EhvdFirstnameAttributeBuilderTest.java | 47 +++++++++ .../attributes/EhvdIdAttributeBuilderTest.java | 64 ++++++++++++ .../EhvdOtherIdAttributeBuilderTest.java | 86 +++++++++++++++++ .../EhvdSurnameAttributeBuilderTest.java | 48 +++++++++ .../attributes/EhvdTitelAttributeBuilderTest.java | 46 +++++++++ .../attributes/PvpRoleAttributeBuilderTest.java | 9 ++ .../src/test/resources/config/config1.properties | 2 +- .../resources/config/config_qs_service.properties | 3 + 21 files changed, 868 insertions(+), 1 deletion(-) create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java index d1f7c47b2..6cb9c08e3 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -35,6 +35,7 @@ public class ConfigurationProperties { public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target"; public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url"; public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex"; + public static final String PROP_MODULE_EHVD_OTHERID_PREFIX = MODULE_PREFIX + "service.otherid.prefix"; public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp"; diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java new file mode 100644 index 000000000..af413ffc3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.logging.Logger; + +public abstract class AbstractEhvdAttributeBuilder implements IPVPAttributeBuilder { + + @Override + public ATT build(ISPConfiguration spConfig, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { + try { + GdaDescriptor fullGdaInfo = + authData.getGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, GdaDescriptor.class); + + if (fullGdaInfo != null) { + String attrValue = generateAttributeValue(fullGdaInfo); + Logger.debug(StringUtils.isEmpty(attrValue) ? "Skip" : "Build" + + "attribute: " + getName()); + return g.buildStringAttribute(getName(), getName(), + StringUtils.isNotEmpty(attrValue) ? attrValue : null); + + } else { + Logger.trace("Skipping attr: " + getName() + " because no GDA info available"); + return null; + + } + + } catch (ClassCastException e) { + Logger.trace("Skipping attr: " + getName() + " because no GDA info available"); + return null; + + } + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(getName(), getName()); + + } + + protected abstract String generateAttributeValue(GdaDescriptor fullGdaInfo); + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java new file mode 100644 index 000000000..7056c3099 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java @@ -0,0 +1,28 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import java.util.stream.Collectors; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +// +//@PVPMETADATA +//public class EhvdAddressStateAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +// private static final String ATTR_VALUE_DELIMITER = "|"; +// +// @Override +// public String getName() { +// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_STATE; +// +// } +// +// @Override +// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +// return fullGdaInfo.getAddress().stream() +// .map(el -> el.getState() != null ? el.getState() : "") +// .collect(Collectors.joining(ATTR_VALUE_DELIMITER)); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java new file mode 100644 index 000000000..98a0567f2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java @@ -0,0 +1,28 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import java.util.stream.Collectors; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +// +//@PVPMETADATA +//public class EhvdAddressZipcodeAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +// private static final String ATTR_VALUE_DELIMITER = "|"; +// +// @Override +// public String getName() { +// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ZIPCODE; +// +// } +// +// @Override +// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +// return fullGdaInfo.getAddress().stream() +// .map(el -> el.getZip() != null ? el.getZip() : "") +// .collect(Collectors.joining(ATTR_VALUE_DELIMITER)); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java new file mode 100644 index 000000000..1bb923cf4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdFirstnameAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_FIRSTNAME; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getFirstname(); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java new file mode 100644 index 000000000..918b02c2e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdIdAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ID; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getId() != null ? fullGdaInfo.getId().getId() : null; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java new file mode 100644 index 000000000..2d0e20c9c --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java @@ -0,0 +1,54 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +//import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +//import at.gv.egovernment.moa.logging.Logger; +// +//@PVPMETADATA +//public class EhvdOtherIdAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +// private static final String DEFAULT_ID_PREFIX = "1.2.40.0.34.4.18:"; +// +// private String idPrefix; +// +// public EhvdOtherIdAttributeBuilder() { +// try { +// AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); +// if (config != null) { +// idPrefix = config.getBasicConfiguration( +// ConfigurationProperties.PROP_MODULE_EHVD_OTHERID_PREFIX, DEFAULT_ID_PREFIX); +// +// } else { +// idPrefix = DEFAULT_ID_PREFIX; +// +// } +// } catch (ConfigurationException e) { +// idPrefix = DEFAULT_ID_PREFIX; +// +// } +// +// Logger.info(" Set-up " + getName() + " with otherId prefix: " + idPrefix); +// +// } +// +// @Override +// public String getName() { +// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_OTHERID; +// +// } +// +// @Override +// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +// return fullGdaInfo.getOtherID().stream() +// .filter(el -> el.startsWith(idPrefix)) +// .findFirst() +// .map(el -> el.substring(idPrefix.length())) +// .orElse(null); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java new file mode 100644 index 000000000..db8de397b --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdSurnameAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_SURNAME; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getSurname(); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java new file mode 100644 index 000000000..c978d4dd2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdTitelAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_TITLE; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getTitle(); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 4dd043048..44f8d26cf 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -1 +1,5 @@ at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdIdAttributeBuilder diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java new file mode 100644 index 000000000..b1ac7d99a --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java @@ -0,0 +1,97 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Collections; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +public abstract class AbstractEhvdAttributeBuilderTest { + + @Autowired + protected IConfiguration basicConfig; + + protected DummySPConfiguration oaParam; + protected AuthenticationData authData; + protected IAttributeGenerator g = new SimpleStringAttributeGenerator(); + + protected abstract String expectedAttrName(); + protected abstract IAttributeBuilder getAttributeBuilderUnderTest(); + + protected GdaAddress generateAddress(String zip, String state) { + GdaAddress addr = new GdaAddress(); + addr.setZip(zip); + addr.setState(state); + return addr; + + } + + @Before + public void initialize() { + oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig); + authData = new AuthenticationData(); + + } + + @Test + public void checkAttributeRegistration() { + assertNotNull("Attribute: " + expectedAttrName() + " not registrated", + PVPAttributeBuilder.getAttributeBuilder(expectedAttrName())); + + } + + @Test + public void checkName() { + assertEquals("wrong attr. name", expectedAttrName(), getAttributeBuilderUnderTest().getName()); + + } + + @Test + public void checkEmptyAttribute() { + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().buildEmpty(g)); + + } + + @Test + public void noGdaInfos() throws AttributeBuilderException { + IAuthData authData = new AuthenticationData(); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + + @Test + public void wrongGdaInfos() throws AttributeBuilderException, EAAFStorageException { + AuthenticationData authData = new AuthenticationData(); + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, RandomStringUtils.randomAlphabetic(10)); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + + @Test + public void emptyGdaInfos() throws AttributeBuilderException, EAAFStorageException { + AuthenticationData authData = new AuthenticationData(); + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, new GdaDescriptor()); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java new file mode 100644 index 000000000..d342d331b --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java @@ -0,0 +1,106 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; +// +//import static org.junit.Assert.assertEquals; +//import static org.junit.Assert.assertNull; +// +//import org.apache.commons.lang3.RandomStringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressStateAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressZipcodeAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ +// "/test_ehvd_service_auth.beans.xml" }) +//public class EhvdAddressStateAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { +// +// @Override +// protected String expectedAttrName() { +// return "urn:brzgvat:attributes.ehvd.state"; +// +// } +// +// @Override +// protected IAttributeBuilder getAttributeBuilderUnderTest() { +// return new EhvdAddressStateAttributeBuilder(); +// +// } +// +// @Test +// public void checkMissing() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void singleAddress() throws EAAFStorageException, AttributeBuilderException { +// String state = RandomStringUtils.randomAlphabetic(5); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(5), state)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", state, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddress() throws EAAFStorageException, AttributeBuilderException { +// String state1 = RandomStringUtils.randomAlphabetic(4); +// String state2 = RandomStringUtils.randomAlphabetic(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1)); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", state1 + "|" + state2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullBefore() throws EAAFStorageException, AttributeBuilderException { +// String state1 = null; +// String state2 = RandomStringUtils.randomAlphabetic(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1)); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", "|" + state2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullAfter() throws EAAFStorageException, AttributeBuilderException { +// String state1 = RandomStringUtils.randomAlphabetic(4); +// String state2 = null; +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1)); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", state1 + "|", +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java new file mode 100644 index 000000000..69d17f8c3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java @@ -0,0 +1,107 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; +// +//import static org.junit.Assert.assertEquals; +//import static org.junit.Assert.assertNull; +// +//import org.apache.commons.lang3.RandomStringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressZipcodeAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ +// "/test_ehvd_service_auth.beans.xml" }) +//public class EhvdAddressZipAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { +// +// @Override +// protected String expectedAttrName() { +// return "urn:brzgvat:attributes.ehvd.zip"; +// +// } +// +// @Override +// protected IAttributeBuilder getAttributeBuilderUnderTest() { +// return new EhvdAddressZipcodeAttributeBuilder(); +// +// } +// +// @Test +// public void checkMissing() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void singleAddress() throws EAAFStorageException, AttributeBuilderException { +// String zip = RandomStringUtils.randomNumeric(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress( +// zip, +// RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", zip, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddress() throws EAAFStorageException, AttributeBuilderException { +// String zip1 = RandomStringUtils.randomNumeric(4); +// String zip2 = RandomStringUtils.randomNumeric(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5))); +// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", zip1 + "|" + zip2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullBefore() throws EAAFStorageException, AttributeBuilderException { +// String zip1 = null; +// String zip2 = RandomStringUtils.randomNumeric(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5))); +// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", "|" + zip2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullAfter() throws EAAFStorageException, AttributeBuilderException { +// String zip1 = RandomStringUtils.randomNumeric(4); +// String zip2 = null; +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5))); +// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", zip1 + "|", +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java new file mode 100644 index 000000000..66f1b5028 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java @@ -0,0 +1,47 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdFirstnameAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.firstname"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdFirstnameAttributeBuilder(); + + } + + @Test + public void checkValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + gdaInfo.setFirstname(RandomStringUtils.randomAlphabetic(5)); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", gdaInfo.getFirstname(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java new file mode 100644 index 000000000..db73f9191 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdIdAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdIdAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.id"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdIdAttributeBuilder(); + + } + + @Test + public void checkMissingId() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + InstanceIdentifier id = new InstanceIdentifier(); + gdaInfo.setId(id ); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + + @Test + public void checkValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + InstanceIdentifier id = new InstanceIdentifier(); + id.setId(RandomStringUtils.randomAlphabetic(5)); + gdaInfo.setId(id ); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", id.getId(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java new file mode 100644 index 000000000..bce8924d9 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java @@ -0,0 +1,86 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; +// +//import static org.junit.Assert.assertEquals; +//import static org.junit.Assert.assertNull; +// +//import org.apache.commons.lang3.RandomStringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ +// "/test_ehvd_service_auth.beans.xml" }) +//public class EhvdOtherIdAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { +// +// @Override +// protected String expectedAttrName() { +// return "urn:brzgvat:attributes.ehvd.otherid"; +// +// } +// +// @Override +// protected IAttributeBuilder getAttributeBuilderUnderTest() { +// return new EhvdOtherIdAttributeBuilder(); +// +// } +// +// @Test +// public void checkMissingId() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void checkWrongId() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void checkValidRandom() throws EAAFStorageException, AttributeBuilderException { +// String value = RandomStringUtils.randomAlphabetic(5); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10)); +// gdaInfo.getOtherID().add("1.2.40.0.34.4.18:" + value); +// +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", value, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void checkValidBrzReal() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10)); +// gdaInfo.getOtherID().add("1.2.40.0.34.4.18:1234-12"); +// gdaInfo.getOtherID().add("1.2.40.0.34.4.17:aabbccdd"); +// +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", "1234-12", +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java new file mode 100644 index 000000000..af9e60cb7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdSurnameAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.surname"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdSurnameAttributeBuilder(); + + } + + @Test + public void checkValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + gdaInfo.setSurname(RandomStringUtils.randomAlphabetic(5)); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", gdaInfo.getSurname(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java new file mode 100644 index 000000000..2863c3508 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java @@ -0,0 +1,46 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdTitelAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.title"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdTitelAttributeBuilder(); + + } + + @Test + public void checkTitelValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + gdaInfo.setTitle(RandomStringUtils.randomAlphabetic(5)); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", gdaInfo.getTitle(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java index cabd8df19..624abff5f 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java @@ -26,6 +26,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; @@ -50,6 +51,13 @@ public class PvpRoleAttributeBuilderTest { } + @Test + public void checkAttributeRegistration() { + assertNotNull("Attribute: urn:oid:1.2.40.0.10.2.1.1.261.30 not registrated", + PVPAttributeBuilder.getAttributeBuilder("urn:oid:1.2.40.0.10.2.1.1.261.30")); + + } + @Test public void checkName() { assertEquals("wrong attr. name", "urn:oid:1.2.40.0.10.2.1.1.261.30", toTest.getName()); @@ -69,6 +77,7 @@ public class PvpRoleAttributeBuilderTest { } + @Test public void noRoles() throws AttributeBuilderException { IAuthData authData = generateAuthData(null); assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties index 263192c07..580af5559 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties @@ -8,4 +8,4 @@ modules.ehvd.service.url=http://localhost:1234/ehvd #modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at modules.ehvd.role.pvp=EPI-GDA() -modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ \ No newline at end of file +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties index 2f6c45365..dc8fe54d5 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties @@ -7,3 +7,6 @@ modules.ehvd.sp.4=435344534egewgegf modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at #modules.ehvd.service.bpk.target= modules.ehvd.proxy.socks.port=12345 +modules.ehvd.role.pvp=EPI-GDA() +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ +#modules.ehvd.service.otherid.prefix=1.2.40.0.34.4.18: \ No newline at end of file -- cgit v1.2.3 From 876a6ffa92febc318c1708b752d9cb8d32d90138 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 28 Sep 2021 19:07:28 +0200 Subject: add new external errorCode to distiguish between no and empty response --- .../resources/properties/protocol_response_statuscodes.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties index 5c98c199b..d3ba65c11 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -4,6 +4,6 @@ test.02=zzzyyyxxx ehvd.00=7000 ehvd.01=7001 ehvd.02=7001 -ehvd.03=7001 +ehvd.03=7003 ehvd.04=7002 ehvd.99=7099 \ No newline at end of file -- cgit v1.2.3 From ac4812a1c4cccf61ba0843b04cb987df49f34e29 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 17 Nov 2021 08:22:46 +0100 Subject: distinguish between 'ERROR_EHVD_02' and 'ERROR_EHVD_03' based on error message --- .../moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index cf58fe718..b165d05e2 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -132,13 +132,15 @@ public class EhvdCommunicationService implements IEhvdCommunication { .findFirst() .isPresent()) { Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + return new EhvdException(ERROR_EHVD_03, new Object[] { errorMsg }); } else { Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); + return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); } - return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); + } -- cgit v1.2.3 From 0436de6184c1a95d463da52929e3bf60923d6e04 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Dec 2021 09:23:09 +0100 Subject: update third-party libs and resolve API issues --- id/ConfigWebTool/pom.xml | 16 + .../auth/pvp2/servlets/Authenticate.java | 313 +-- .../auth/pvp2/servlets/BuildMetadata.java | 531 +++-- .../auth/pvp2/servlets/SLOBackChannelServlet.java | 203 +- .../auth/pvp2/servlets/SLOBasicServlet.java | 433 ++-- .../auth/pvp2/servlets/SLOFrontChannelServlet.java | 443 ++-- .../config/ConfigurationProvider.java | 1235 ++++++----- .../configuration/data/FormularCustomization.java | 1564 +++++++------- .../id/configuration/data/GeneralMOAIDConfig.java | 2183 ++++++++++---------- .../id/configuration/data/GeneralStorkConfig.java | 274 +-- .../moa/id/configuration/data/OAListElement.java | 187 +- .../moa/id/configuration/data/StorkAttributes.java | 42 +- .../id/configuration/data/UserDatabaseFrom.java | 630 +++--- .../id/configuration/data/oa/AttributeHelper.java | 92 +- .../data/oa/IOnlineApplicationData.java | 55 +- .../data/oa/OAAuthenticationData.java | 1572 +++++++------- .../id/configuration/data/oa/OABPKEncryption.java | 633 +++--- .../id/configuration/data/oa/OAGeneralConfig.java | 275 +-- .../data/oa/OAMOAIDPInterfederationConfig.java | 362 ++-- .../id/configuration/data/oa/OAOAuth20Config.java | 267 +-- .../moa/id/configuration/data/oa/OAPVP2Config.java | 439 ++-- .../configuration/data/oa/OARevisionsLogData.java | 237 ++- .../id/configuration/data/oa/OASAML1Config.java | 383 ++-- .../moa/id/configuration/data/oa/OASSOConfig.java | 184 +- .../id/configuration/data/oa/OASTORKConfig.java | 623 +++--- .../data/oa/OATargetConfiguration.java | 851 ++++---- .../data/oa/PVPGatewayInterfederationConfig.java | 202 +- .../configuration/filter/AuthenticationFilter.java | 6 +- .../id/configuration/filter/EncodingFilter.java | 6 +- .../configuration/helper/AuthenticationHelper.java | 40 +- .../id/configuration/helper/DateTimeHelper.java | 50 +- .../id/configuration/helper/FormDataHelper.java | 131 +- .../id/configuration/helper/LanguageHelper.java | 106 +- .../moa/id/configuration/helper/MailHelper.java | 435 ++-- .../moa/id/configuration/helper/StringHelper.java | 62 +- .../configuration/struts/action/BasicAction.java | 175 +- .../configuration/struts/action/BasicOAAction.java | 1187 +++++------ .../struts/action/EditGeneralConfigAction.java | 1548 +++++++------- .../configuration/struts/action/EditOAAction.java | 981 ++++----- .../struts/action/IDPGatewayAction.java | 36 +- .../struts/action/ImportExportAction.java | 929 +++++---- .../configuration/struts/action/IndexAction.java | 1643 +++++++-------- .../struts/action/InterfederationIDPAction.java | 822 ++++---- .../configuration/struts/action/ListOAsAction.java | 307 ++- .../configuration/struts/action/MOAIDPAction.java | 41 +- .../id/configuration/struts/action/MainAction.java | 66 +- .../struts/action/OpenAdminRequestsAction.java | 125 +- .../struts/action/UserManagementAction.java | 1130 +++++----- .../id/configuration/struts/action/VIDPAction.java | 63 +- .../utils/ConfigurationEncryptionUtils.java | 84 +- .../moa/id/configuration/utils/SAML2Utils.java | 97 +- .../id/configuration/utils/UserRequestCleaner.java | 110 +- .../validation/CompanyNumberValidator.java | 92 +- .../validation/FormularCustomizationValitator.java | 284 +-- .../validation/IdentificationNumberValidator.java | 4 +- .../validation/UserDatabaseFormValidator.java | 312 ++- .../validation/moaconfig/MOAConfigValidator.java | 857 ++++---- .../validation/moaconfig/PVP2ContactValidator.java | 130 +- .../validation/moaconfig/StorkConfigValidator.java | 187 +- .../oa/OAAuthenticationDataValidation.java | 419 ++-- .../validation/oa/OAFileUploadValidation.java | 89 +- .../validation/oa/OAOAUTH20ConfigValidation.java | 33 +- .../validation/oa/OAPVP2ConfigValidation.java | 362 ++-- .../validation/oa/OASAML1ConfigValidation.java | 28 +- .../validation/oa/OASSOConfigValidation.java | 44 +- .../validation/oa/OASTORKConfigValidation.java | 85 +- .../validation/oa/OATargetConfigValidation.java | 254 ++- id/moa-id-webgui/pom.xml | 6 +- id/moa-spss-container/pom.xml | 59 +- id/oa/pom.xml | 8 +- .../egovernment/moa/id/demoOA/Configuration.java | 6 +- .../moa/id/demoOA/servlet/pvp2/Authenticate.java | 529 +++-- .../moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 509 +++-- .../id/demoOA/servlet/pvp2/DemoApplication.java | 554 ++--- .../moa/id/demoOA/servlet/pvp2/Index.java | 467 +++-- .../moa/id/demoOA/servlet/pvp2/SingleLogOut.java | 296 +-- id/server/idserverlib/pom.xml | 20 +- id/server/moa-id-commons/pom.xml | 10 +- .../moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 4 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 4 +- .../modules/moa-id-module-ehvd_integration/pom.xml | 1 - id/server/modules/moa-id-module-openID/pom.xml | 5 +- .../moa-id-module-sl20_authentication/pom.xml | 6 +- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 664 +++--- .../modules/moa-id-module-ssoTransfer/pom.xml | 4 +- 85 files changed, 15521 insertions(+), 15220 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 63db8f8db..fd896efe7 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -64,11 +64,23 @@ MOA.id.server moa-id-commons + + + org.apache.logging.log4j + log4j-api + + at.gv.egiz.eaaf eaaf_module_pvp2_core + + + log4j + log4j + + at.gv.egiz.eaaf @@ -206,6 +218,10 @@ javassist javassist + + org.apache.logging.log4j + log4j-api + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java index 84fbec0e8..c6946e509 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java @@ -36,7 +36,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.AuthnContextClassRef; @@ -67,163 +66,167 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - /** * Servlet implementation class Authenticate */ public class Authenticate extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - - private static DocumentBuilderFactory factory = null; - - static { - initialDocumentBuilderFactory(); - } - - synchronized private static void initialDocumentBuilderFactory() { - factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - - } - - public Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException, ParserConfigurationException { - try { - DocumentBuilder builder = null; - synchronized (factory) { - builder = factory.newDocumentBuilder(); - - } - - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - throw e; - } - - } - - protected void process(HttpServletRequest request, - HttpServletResponse response, Map legacyParameter) throws ServletException, IOException { - try { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - config.initializePVP2Login(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - HttpSession session = request.getSession(); - if (session != null) { - session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); - } - - authReq.setAssertionConsumerServiceIndex(0); - authReq.setAttributeConsumingServiceIndex(0); - authReq.setIssueInstant(new DateTime()); - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - - subject.setNameID(name); - authReq.setSubject(subject); - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - redirectEndpoint = sss; - } - } - - authReq.setDestination(redirectEndpoint.getLocation()); - - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - - authReq.setRequestedAuthnContext(reqAuthContext); - - //sign Message - X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, config); - - //encode message - PVP2Utils.postBindingEncoder(request, - response, - authReq, - authcredential, - redirectEndpoint.getLocation(), - null); - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response, null); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response, null); - } + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + + private static DocumentBuilderFactory factory = null; + + static { + initialDocumentBuilderFactory(); + } + + synchronized private static void initialDocumentBuilderFactory() { + factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + + } + + public Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException, ParserConfigurationException { + try { + DocumentBuilder builder = null; + synchronized (factory) { + builder = factory.newDocumentBuilder(); + + } + + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + throw e; + } + + } + + protected void process(HttpServletRequest request, + HttpServletResponse response, Map legacyParameter) throws ServletException, + IOException { + try { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + + final AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + final HttpSession session = request.getSession(); + if (session != null) { + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); + } + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setAttributeConsumingServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + final Subject subject = SAML2Utils.createSAMLObject(Subject.class); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + final NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameIDType.PERSISTENT); + authReq.setNameIDPolicy(policy); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + SingleSignOnService redirectEndpoint = null; + for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleSignOnServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + redirectEndpoint = sss; + } + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + final RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + final AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + + authReq.setRequestedAuthnContext(reqAuthContext); + + // sign Message + final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, + config); + + // encode message + PVP2Utils.postBindingEncoder(request, + response, + authReq, + authcredential, + redirectEndpoint.getLocation(), + null); + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java index 7256d8688..ca03054aa 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java @@ -44,9 +44,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; @@ -81,275 +79,274 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.AttributeListBuilder; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * Servlet implementation class BuildMetadata */ +@Slf4j public class BuildMetadata extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = Logger.getLogger(BuildMetadata.class); - - private static final int VALIDUNTIL_IN_HOURS = 24; - - /** - * @see HttpServlet#HttpServlet() - */ - public BuildMetadata() { - super(); - } - - protected static Signature getSignature(Credential credentials) { - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - - //config.initializePVP2Login(); - - SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); - - EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. - createSAMLObject(EntitiesDescriptor.class); - - DateTime date = new DateTime(); - spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); - - String name = config.getPVP2MetadataEntitiesName(); - if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); - throw new ConfigurationException("NO Metadata EntitiesName configurated"); - } - - spEntitiesDescriptor.setName(name); - spEntitiesDescriptor.setID(idGen.generateIdentifier()); - - EntityDescriptor spEntityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); - - spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - log.debug("Set OnlineApplicationURL to " + serviceURL); - spEntityDescriptor.setEntityID(serviceURL); - - SPSSODescriptor spSSODescriptor = SAML2Utils - .createSAMLObject(SPSSODescriptor.class); - - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(true); - - X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityCertificate(true); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential signingcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreMetadataKeyAlias(), - config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - - - log.debug("Set Metadata key information"); - //Set MetaData Signing key - KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); - entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); - Signature entitiesSignature = getSignature(signingcredential); - spEntitiesDescriptor.setSignature(entitiesSignature); - - //Set AuthRequest Signing certificate - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - - //set AuthRequest encryption certificate - if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { - X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - - NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); - - spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); - - NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientnameIDFormat.setFormat(NameIDType.TRANSIENT); - - spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); - - NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - - AssertionConsumerService postassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - - //add SLO services - SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); - spSSODescriptor.getSingleLogoutServices().add(postBindingService); - - SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); - spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); - - SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); - spSSODescriptor.getSingleLogoutServices().add(soapBindingService); - - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - - spSSODescriptor.setWantAssertionsSigned(true); - spSSODescriptor.setAuthnRequestsSigned(true); - - AttributeConsumingService attributeService = - SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "de")); - attributeService.getNames().add(serviceName); - - attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); - out.marshall(spEntitiesDescriptor, document); - - Signer.signObject(entitiesSignature); - - Transformer transformer = TransformerFactory.newInstance().newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - byte[] metadataXML = sw.toString().getBytes("UTF-8"); - - response.setContentType("text/xml"); - response.setContentLength(metadataXML.length); - response.getOutputStream().write(metadataXML); - - - } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (KeyStoreException e) { - log.warn("Requested KeyStoreType is not implemented.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (CertificateException e) { - log.warn("KeyStore can not be opend or userd.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (SecurityException e) { - log.warn("KeyStore can not be opend or used", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (MarshallingException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (SignatureException e) { - log.warn("PVP2 Metadata can not be signed", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - } + private static final long serialVersionUID = 1L; + + private static final int VALIDUNTIL_IN_HOURS = 24; + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + + // config.initializePVP2Login(); + + final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + final DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + + final String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + final EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + final SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + log.debug("Set Metadata key information"); + // Set MetaData Signing key + final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + final Signature entitiesSignature = getSignature(signingcredential); + spEntitiesDescriptor.setSignature(entitiesSignature); + + // Set AuthRequest Signing certificate + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + final KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + // set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { + final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + final KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + final AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + // add SLO services + final SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); + spSSODescriptor.getSingleLogoutServices().add(postBindingService); + + final SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject( + SingleLogoutService.class); + redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); + spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); + + final SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); + spSSODescriptor.getSingleLogoutServices().add(soapBindingService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + spSSODescriptor.setWantAssertionsSigned(true); + spSSODescriptor.setAuthnRequestsSigned(true); + + final AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + DocumentBuilder builder; + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + final Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + final StringWriter sw = new StringWriter(); + final StreamResult sr = new StreamResult(sw); + final DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + final byte[] metadataXML = sw.toString().getBytes("UTF-8"); + + response.setContentType("text/xml"); + response.setContentLength(metadataXML.length); + response.getOutputStream().write(metadataXML); + + } catch (final ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final KeyStoreException e) { + log.warn("Requested KeyStoreType is not implemented.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final CertificateException e) { + log.warn("KeyStore can not be opend or userd.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final SecurityException e) { + log.warn("KeyStore can not be opend or used", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final MarshallingException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final SignatureException e) { + log.warn("PVP2 Metadata can not be signed", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (final Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java index f2c95f391..01bf39696 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java @@ -64,111 +64,116 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; */ public class SLOBackChannelServlet extends SLOBasicServlet { - private static final long serialVersionUID = 1481623547633064922L; - private static final Logger log = LoggerFactory - .getLogger(SLOBackChannelServlet.class); - - /** - * @throws ConfigurationException - */ - public SLOBackChannelServlet() throws ConfigurationException { - super(); - } - - - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - try { - HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); - - BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); - -// BasicSAMLMessageContext messageContext = + private static final long serialVersionUID = 1481623547633064922L; + private static final Logger log = LoggerFactory + .getLogger(SLOBackChannelServlet.class); + + /** + * @throws ConfigurationException + */ + public SLOBackChannelServlet() throws ConfigurationException { + super(); + } + + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + try { + final HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); + + final BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); + +// BasicSAMLMessageContext messageContext = // new BasicSAMLMessageContext(); - - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - //messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); - - //set trustPolicy + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + // messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + // set trustPolicy // BasicSecurityPolicy policy = new BasicSecurityPolicy(); // policy.getPolicyRules().add( // new PVPSOAPRequestSecurityPolicy( // PVP2Utils.getTrustEngine(getConfig()), -// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); // SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( -// policy); +// policy); // messageContext.setSecurityPolicyResolver(resolver); - - soapDecoder.decode(messageContext); - - Envelope inboundMessage = (Envelope) messageContext - .getInboundMessage(); - - LogoutResponse sloResp = null; - - if (inboundMessage.getBody() != null) { - List xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - - if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { - LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); - - //validate request signature - PVP2Utils.validateSignature(sloReq, getConfig()); - - sloResp = processLogOutRequest(sloReq, request); - - KeyStore keyStore = getConfig().getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - getConfig().getPVP2KeystoreAuthRequestKeyAlias(), - getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setOutboundSAMLMessage(sloResp); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); - - } else { - log.warn("Received request ist not of type LogOutRequest"); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - return; - - } - } - - } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (CertificateException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (KeyStoreException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (MessageEncodingException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } - - - - } - - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - response.setStatus(HttpServletResponse.SC_NOT_FOUND); - - } - + + soapDecoder.decode(messageContext); + + final Envelope inboundMessage = (Envelope) messageContext + .getInboundMessage(); + + LogoutResponse sloResp = null; + + if (inboundMessage.getBody() != null) { + final List xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); + + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { + final LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); + + // validate request signature + PVP2Utils.validateSignature(sloReq, getConfig()); + + sloResp = processLogOutRequest(sloReq, request); + + final KeyStore keyStore = getConfig().getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + getConfig().getPVP2KeystoreAuthRequestKeyAlias(), + getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setOutboundSAMLMessage(sloResp); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } else { + log.warn("Received request ist not of type LogOutRequest"); + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return; + + } + } + + } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException + | ValidationException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final CertificateException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final KeyStoreException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final MessageEncodingException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } + + } + + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + response.setStatus(HttpServletResponse.SC_NOT_FOUND); + + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index c70d34d7e..a880e800b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -62,217 +62,226 @@ import at.gv.egovernment.moa.util.MiscUtil; * */ public class SLOBasicServlet extends HttpServlet { - private static final long serialVersionUID = -4547240664871845098L; - private static final Logger log = LoggerFactory - .getLogger(SLOBasicServlet.class); - - private ConfigurationProvider config; - - public SLOBasicServlet() throws ConfigurationException { - config = ConfigurationProvider.getInstance(); - config.initializePVP2Login(); - } - - protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request) throws SLOException { - try { - LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloReq.setID(gen.generateIdentifier()); - sloReq.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloReq.setIssuer(issuer); - - NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); - sloReq.setNameID(userNameID); - userNameID.setFormat(nameIDFormat); - userNameID.setValue(nameID); - - return sloReq; - - } catch (NoSuchAlgorithmException e) { - log.warn("Single LogOut request createn FAILED. ", e); - throw new SLOException(); - - } - - } - - protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request) throws NoSuchAlgorithmException { - //check response destination - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = sloReq.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.startsWith(serviceURL)) { - log.warn("PVPResponse destination does not match requested destination"); - return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request); - } - - AuthenticationManager authManager = AuthenticationManager.getInstance(); - if (authManager.isActiveUser(sloReq.getNameID().getValue())) { - AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue()); - log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:" - + authUser.getNameID() + " get logged out by Single LogOut request."); - authManager.removeActiveUser(authUser); - HttpSession session = request.getSession(false); - if (session != null) - session.invalidate(); - return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); - - } else { - log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found."); - return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); - - } - - } - - protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { - LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloResp.setID(gen.generateIdentifier()); - sloResp.setInResponseTo(sloReq.getID()); - sloResp.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloResp.setIssuer(issuer); - - Status status = SAML2Utils.createSAMLObject(Status.class); - sloResp.setStatus(status); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - statusCode.setValue(statusCodeURI); - status.setStatusCode(statusCode ); - - return sloResp; - } - - protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request, HttpServletResponse response) throws PVP2Exception { - //ckeck InResponseTo matchs requestID - if (MiscUtil.isEmpty(reqID)) { - log.info("NO Sigle LogOut request ID"); - throw new PVP2Exception("NO Sigle LogOut request ID"); - } - - if (!reqID.equals(sloResp.getInResponseTo())) { - log.warn("SLORequestID does not match SLO Response ID!"); - throw new PVP2Exception("SLORequestID does not match SLO Response ID!"); - - } - - //check response destination - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = sloResp.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.startsWith(serviceURL)) { - log.warn("PVPResponse destination does not match requested destination"); - throw new PVP2Exception("SLO response destination does not match requested destination"); - } - - request.getSession().invalidate(); - - if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) { - log.warn("Single LogOut process is not completed."); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - - } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - if (sloResp.getStatus().getStatusCode().getStatusCode() != null && - !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) { - log.info("Single LogOut process complete."); - request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, - LanguageHelper.getErrorString("webpages.slo.success", request)); - - } else { - log.warn("Single LogOut process is not completed."); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - } - - } else { - log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue()); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - } - String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; - redirectURL = response.encodeRedirectURL(redirectURL); - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - - } - - protected SingleLogoutService findIDPFrontChannelSLOService() throws - ConfigurationException, SLOException { - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - try { - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) - redirectEndpoint = sss; - - else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && - redirectEndpoint == null) - redirectEndpoint = sss; - } - - if (redirectEndpoint == null) { - log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service."); - throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service."); - } - - return redirectEndpoint; - } catch (MetadataProviderException e) { - log.info("IDP EntityName is not found in IDP Metadata", e); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - - } - } - - protected ConfigurationProvider getConfig() { - return config; - } + private static final long serialVersionUID = -4547240664871845098L; + private static final Logger log = LoggerFactory + .getLogger(SLOBasicServlet.class); + + private final ConfigurationProvider config; + + public SLOBasicServlet() throws ConfigurationException { + config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + } + + protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request) + throws SLOException { + try { + final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloReq.setID(gen.generateIdentifier()); + sloReq.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloReq.setIssuer(issuer); + + final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); + sloReq.setNameID(userNameID); + userNameID.setFormat(nameIDFormat); + userNameID.setValue(nameID); + + return sloReq; + + } catch (final NoSuchAlgorithmException e) { + log.warn("Single LogOut request createn FAILED. ", e); + throw new SLOException(); + + } + + } + + protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request) + throws NoSuchAlgorithmException { + // check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = sloReq.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.startsWith(serviceURL)) { + log.warn("PVPResponse destination does not match requested destination"); + return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request); + } + + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + if (authManager.isActiveUser(sloReq.getNameID().getValue())) { + final AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue()); + log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:" + + authUser.getNameID() + " get logged out by Single LogOut request."); + authManager.removeActiveUser(authUser); + final HttpSession session = request.getSession(false); + if (session != null) { + session.invalidate(); + } + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); + + } else { + log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + + " is not found."); + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); + + } + + } + + protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, + HttpServletRequest request) throws NoSuchAlgorithmException { + final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloResp.setID(gen.generateIdentifier()); + sloResp.setInResponseTo(sloReq.getID()); + sloResp.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloResp.setIssuer(issuer); + + final Status status = SAML2Utils.createSAMLObject(Status.class); + sloResp.setStatus(status); + final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(statusCodeURI); + status.setStatusCode(statusCode); + + return sloResp; + } + + protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request, + HttpServletResponse response) throws PVP2Exception { + // ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(reqID)) { + log.info("NO Sigle LogOut request ID"); + throw new PVP2Exception("NO Sigle LogOut request ID"); + } + + if (!reqID.equals(sloResp.getInResponseTo())) { + log.warn("SLORequestID does not match SLO Response ID!"); + throw new PVP2Exception("SLORequestID does not match SLO Response ID!"); + + } + + // check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = sloResp.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.startsWith(serviceURL)) { + log.warn("PVPResponse destination does not match requested destination"); + throw new PVP2Exception("SLO response destination does not match requested destination"); + } + + request.getSession().invalidate(); + + if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) { + log.warn("Single LogOut process is not completed."); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + if (sloResp.getStatus().getStatusCode().getStatusCode() != null && + !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) { + log.info("Single LogOut process complete."); + request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, + LanguageHelper.getErrorString("webpages.slo.success", request)); + + } else { + log.warn("Single LogOut process is not completed."); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } + + } else { + log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode() + .getValue()); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } + String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; + redirectURL = response.encodeRedirectURL(redirectURL); + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", redirectURL); + + } + + protected SingleLogoutService findIDPFrontChannelSLOService() throws ConfigurationException, SLOException { + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + try { + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && + redirectEndpoint == null) { + redirectEndpoint = sss; + } + } + + if (redirectEndpoint == null) { + log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service."); + throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service."); + } + + return redirectEndpoint; + } catch (final MetadataProviderException e) { + log.info("IDP EntityName is not found in IDP Metadata", e); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + + } + } + + protected ConfigurationProvider getConfig() { + return config; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java index 274aa21bf..ac9d65cbf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java @@ -77,221 +77,230 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class SLOFrontChannelServlet extends SLOBasicServlet { - private static final long serialVersionUID = -6280199681356977759L; - private static final Logger log = LoggerFactory - .getLogger(SLOFrontChannelServlet.class); - - /** - * @throws ConfigurationException - */ - public SLOFrontChannelServlet() throws ConfigurationException { - super(); - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { - //process user initiated single logout process - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - - if (authUserObj == null) { - log.warn("No user information found. Single Log-Out not possible"); - buildErrorMessage(request, response); - - } - - AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; - - String nameIDFormat = authUser.getNameIDFormat(); - String nameID = authUser.getNameID(); - - //remove user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.removeActiveUser(authUser); - - if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { - log.warn("No user information found. Single Log-Out not possible"); - buildErrorMessage(request, response); - - } else - log.info("Fount user information for user nameID: " + nameID - + " , nameIDFormat: " + nameIDFormat - + ". Build Single Log-Out request ..."); - - //build SLO request to IDP - LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request); - - request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); - - //send message - sendMessage(request, response, sloReq, null); - - } else { - //process PVP 2.1 single logout process - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - PVP2Utils.getTrustEngine(getConfig())); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setSecurityPolicyResolver(resolver); - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - - decode.decode(messageContext); - - signatureRule.evaluate(messageContext); - - - processMessage(request, response, - messageContext.getInboundMessage(), messageContext.getRelayState()); - - } - - } catch (SLOException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ConfigurationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (PVP2Exception e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityPolicyException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (MessageDecodingException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (NoSuchAlgorithmException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - decode.decode(messageContext); - - PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig()); - - processMessage(request, response, - messageContext.getInboundMessage(), messageContext.getRelayState()); - - - } catch (MessageDecodingException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ValidationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ConfigurationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (PVP2Exception e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (NoSuchAlgorithmException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } - } - - private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) { - - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - //check response destination - String serviceURL = getConfig().getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; - redirectURL = response.encodeRedirectURL(redirectURL); - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - } - - private void processMessage(HttpServletRequest request, HttpServletResponse response, - XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, NoSuchAlgorithmException { - if (xmlObject instanceof LogoutRequest) { - LogoutResponse sloResp = - processLogOutRequest((LogoutRequest) xmlObject, request); - sendMessage(request, response, sloResp, relayState); - - } else if (xmlObject instanceof LogoutResponse) { - LogoutResponse sloResp = (LogoutResponse) xmlObject; - - String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID); - request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null); - validateLogOutResponse(sloResp, reqID, request, response); - - } - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception { - SingleLogoutService sloService = findIDPFrontChannelSLOService(); - sloReq.setDestination(sloService.getLocation()); - sendMessage(request, response, sloReq, sloService, relayState); - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception { - SingleLogoutService sloService = findIDPFrontChannelSLOService(); - sloReq.setDestination(sloService.getLocation()); - sendMessage(request, response, sloReq, sloService, relayState); - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) throws ConfigurationException, PVP2Exception { - X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, getConfig()); - if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) - PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState); - - else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) - PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState); - } - + private static final long serialVersionUID = -6280199681356977759L; + private static final Logger log = LoggerFactory + .getLogger(SLOFrontChannelServlet.class); + + /** + * @throws ConfigurationException + */ + public SLOFrontChannelServlet() throws ConfigurationException { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { + // process user initiated single logout process + final Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj == null) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } + + final AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; + + final String nameIDFormat = authUser.getNameIDFormat(); + final String nameID = authUser.getNameID(); + + // remove user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.removeActiveUser(authUser); + + if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } else { + log.info("Fount user information for user nameID: " + nameID + + " , nameIDFormat: " + nameIDFormat + + ". Build Single Log-Out request ..."); + } + + // build SLO request to IDP + final LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request); + + request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); + + // send message + sendMessage(request, response, sloReq, null); + + } else { + // process PVP 2.1 single logout process + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + PVP2Utils.getTrustEngine(getConfig())); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setSecurityPolicyResolver(resolver); + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + decode.decode(messageContext); + + signatureRule.evaluate(messageContext); + + processMessage(request, response, + messageContext.getInboundMessage(), messageContext.getRelayState()); + + } + + } catch (final SLOException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ConfigurationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final PVP2Exception e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityPolicyException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final MessageDecodingException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final NoSuchAlgorithmException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + decode.decode(messageContext); + + PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig()); + + processMessage(request, response, + messageContext.getInboundMessage(), messageContext.getRelayState()); + + } catch (final MessageDecodingException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ValidationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ConfigurationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final PVP2Exception e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final NoSuchAlgorithmException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } + } + + private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) { + + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + // check response destination + String serviceURL = getConfig().getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; + redirectURL = response.encodeRedirectURL(redirectURL); + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", redirectURL); + } + + private void processMessage(HttpServletRequest request, HttpServletResponse response, + XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, + NoSuchAlgorithmException { + if (xmlObject instanceof LogoutRequest) { + final LogoutResponse sloResp = + processLogOutRequest((LogoutRequest) xmlObject, request); + sendMessage(request, response, sloResp, relayState); + + } else if (xmlObject instanceof LogoutResponse) { + final LogoutResponse sloResp = (LogoutResponse) xmlObject; + + final String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID); + request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null); + validateLogOutResponse(sloResp, reqID, request, response); + + } + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception { + final SingleLogoutService sloService = findIDPFrontChannelSLOService(); + sloReq.setDestination(sloService.getLocation()); + sendMessage(request, response, sloReq, sloService, relayState); + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception { + final SingleLogoutService sloService = findIDPFrontChannelSLOService(); + sloReq.setDestination(sloService.getLocation()); + sendMessage(request, response, sloReq, sloService, relayState); + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) + throws ConfigurationException, PVP2Exception { + final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, + getConfig()); + if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), + relayState); + } else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), + relayState); + } + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index ef6c951c2..8eb4db4a2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -44,7 +44,6 @@ import java.util.jar.Manifest; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; -import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.xml.parse.BasicParserPool; @@ -68,649 +67,635 @@ import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.MiscUtil; import iaik.asn1.structures.AlgorithmID; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class ConfigurationProvider { - public static final String HTMLTEMPLATE_DIR = "/htmlTemplates"; - public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html"; - - private static final Logger log = Logger.getLogger(ConfigurationProvider.class); - - private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; - - private static ConfigurationProvider instance; - private Properties props; - private String configFileName; - private String configRootDir; - - private HTTPMetadataProvider idpMetadataProvider = null; - private KeyStore keyStore = null; - - private String publicURLPreFix = null; - - private boolean pvp2logininitialzied = false; - - private ClassPathXmlApplicationContext context = null; - private MOAIDConfigurationModul configModule = null; - private NewConfigurationDBRead deprecatedDBRead = null; - private FileBasedUserConfiguration userManagement = null; - - private ArrayList activeProfiles = new ArrayList(); - - public static ConfigurationProvider getInstance() throws ConfigurationException { - - if (instance == null) { - instance = new ConfigurationProvider(); - instance.inizialize(); - - } - - return instance; - } - - private void inizialize() throws ConfigurationException { - - log.info("Set SystemProperty for UTF-8 file.encoding as default"); - System.setProperty("file.encoding", "UTF-8"); - - configFileName = System.getProperty(SYSTEM_PROP_CONFIG); - - if (configFileName == null) { - throw new ConfigurationException("config.05"); - } - try { - URI fileURI = new URI(configFileName); - File propertiesFile = new File(fileURI); - - // determine the directory of the root config file - String rootConfigFileDir = propertiesFile.getParent(); - configRootDir = new File(rootConfigFileDir).toURI().toURL().toString();; - - log.info("Loading MOA-ID-AUTH configuration " + configFileName); - - //Initial Hibernate Framework - log.trace("Initializing Hibernate framework."); - - //Load MOAID-2.0 properties file - - - FileInputStream fis; - props = new Properties(); - - fis = new FileInputStream(propertiesFile); - props.load(fis); - fis.close(); + public static final String HTMLTEMPLATE_DIR = "/htmlTemplates"; + public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html"; + + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + + private static ConfigurationProvider instance; + private Properties props; + private String configFileName; + private String configRootDir; + + private HTTPMetadataProvider idpMetadataProvider = null; + private KeyStore keyStore = null; + + private String publicURLPreFix = null; + + private boolean pvp2logininitialzied = false; + + private ClassPathXmlApplicationContext context = null; + private MOAIDConfigurationModul configModule = null; + private NewConfigurationDBRead deprecatedDBRead = null; + private FileBasedUserConfiguration userManagement = null; + + private final ArrayList activeProfiles = new ArrayList<>(); + + public static ConfigurationProvider getInstance() throws ConfigurationException { + + if (instance == null) { + instance = new ConfigurationProvider(); + instance.inizialize(); + + } + + return instance; + } + + private void inizialize() throws ConfigurationException { + + log.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); + + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + + if (configFileName == null) { + throw new ConfigurationException("config.05"); + } + try { + final URI fileURI = new URI(configFileName); + final File propertiesFile = new File(fileURI); + + // determine the directory of the root config file + final String rootConfigFileDir = propertiesFile.getParent(); + configRootDir = new File(rootConfigFileDir).toURI().toURL().toString(); + + log.info("Loading MOA-ID-AUTH configuration " + configFileName); + + // Initial Hibernate Framework + log.trace("Initializing Hibernate framework."); + + // Load MOAID-2.0 properties file + + FileInputStream fis; + props = new Properties(); + + fis = new FileInputStream(propertiesFile); + props.load(fis); + fis.close(); // //Workaround -> can be removed in next version // if (MiscUtil.isEmpty(System.getProperty("spring.profiles.active"))) { // log.info("Set System-Property to activate 'byteBased' config values"); // System.setProperty("spring.profiles.active", "byteBasedConfig"); -// +// // } - - //initialize generic SpringContext to set profiles - GenericApplicationContext rootContext = new GenericApplicationContext(); + + // initialize generic SpringContext to set profiles + final GenericApplicationContext rootContext = new GenericApplicationContext(); // if (Boolean.valueOf(props.getProperty("configuration.database.byteBasedValues", "false"))) -// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG); +// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG); // for (String el: activeProfiles) // rootContext.getEnvironment().addActiveProfile(el); - //refresh generic context - rootContext.refresh(); - - //initialize SpringContext - context = new ClassPathXmlApplicationContext( - new String[] { "configuration.beans.xml", - "moaid.webgui.beans.xml", - "moaid.migration.beans.xml", - "moaid.configurationtool.beans.xml" - }, rootContext); - - - log.info("Spring-context was initialized with active profiles: " - + Arrays.asList(context.getEnvironment().getActiveProfiles())); - - //Autowire beans in these context - AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); - acbFactory.autowireBean(this); - - - log.info("Hibernate initialization finished."); - - DefaultBootstrap.bootstrap(); - log.info("OPENSAML initialized"); - - UserRequestCleaner.start(); - - fixJava8_141ProblemWithSSLAlgorithms(); - - log.info("MOA-ID-Configuration initialization completed"); - - - } catch (FileNotFoundException e) { - throw new ConfigurationException("config.01", new Object[]{configFileName}, e); - - } catch (IOException e) { - throw new ConfigurationException("config.02", new Object[]{configFileName}, e); - - } catch (org.opensaml.xml.ConfigurationException e) { - throw new ConfigurationException("config.04", e); - - } catch (URISyntaxException e) { - throw new ConfigurationException("config.01", new Object[]{configFileName}, e); - } - - } - - private static void fixJava8_141ProblemWithSSLAlgorithms() { - log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); - //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", - new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", - new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", - new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", - new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", - new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); - - log.info("Change AlgorithmIDs finished"); + // refresh generic context + rootContext.refresh(); + + // initialize SpringContext + context = new ClassPathXmlApplicationContext( + new String[] { "configuration.beans.xml", + "moaid.webgui.beans.xml", + "moaid.migration.beans.xml", + "moaid.configurationtool.beans.xml" + }, rootContext); + + log.info("Spring-context was initialized with active profiles: " + + Arrays.asList(context.getEnvironment().getActiveProfiles())); + + // Autowire beans in these context + final AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); + acbFactory.autowireBean(this); + + log.info("Hibernate initialization finished."); + + DefaultBootstrap.bootstrap(); + log.info("OPENSAML initialized"); + + UserRequestCleaner.start(); + + fixJava8_141ProblemWithSSLAlgorithms(); + + log.info("MOA-ID-Configuration initialization completed"); + + } catch (final FileNotFoundException e) { + throw new ConfigurationException("config.01", new Object[] { configFileName }, e); + + } catch (final IOException e) { + throw new ConfigurationException("config.02", new Object[] { configFileName }, e); + + } catch (final org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); + + } catch (final URISyntaxException e) { + throw new ConfigurationException("config.01", new Object[] { configFileName }, e); } - - @Autowired(required = true) - public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { - this.configModule = module; - } - - - - /** - * @param dbRead the dbRead to set - */ - @Autowired(required = true) - public void setDbRead(NewConfigurationDBRead dbRead) { - this.deprecatedDBRead = dbRead; - } - - - - /** - * @return the props - */ - public Properties getConfigurationProperties() { - return props; - } - - /** - * @return the deprecatedDBWrite - */ - public FileBasedUserConfiguration getUserManagement() { - return userManagement; - } - - /** - * @param deprecatedDBWrite the deprecatedDBWrite to set - */ - @Autowired(required = true) - public void setUserManagement(FileBasedUserConfiguration userManagement) { - this.userManagement = userManagement; - } - - - public String getPublicUrlPreFix(HttpServletRequest request) { - publicURLPreFix = props.getProperty("general.publicURLContext"); - - if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { - String url = request.getRequestURL().toString(); - String contextpath = request.getContextPath(); - int index = url.indexOf(contextpath); - publicURLPreFix = url.substring(0, index + contextpath.length() + 1); - } - - return publicURLPreFix; - } - - public int getUserRequestCleanUpDelay() { - String delay = props.getProperty("general.userrequests.cleanup.delay"); - return Integer.getInteger(delay, 12); - } - + + } + + private static void fixJava8_141ProblemWithSSLAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] + // { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } + + @Autowired(required = true) + public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { + this.configModule = module; + } + + /** + * @param dbRead the dbRead to set + */ + @Autowired(required = true) + public void setDbRead(NewConfigurationDBRead dbRead) { + this.deprecatedDBRead = dbRead; + } + + /** + * @return the props + */ + public Properties getConfigurationProperties() { + return props; + } + + /** + * @return the deprecatedDBWrite + */ + public FileBasedUserConfiguration getUserManagement() { + return userManagement; + } + + /** + * @param deprecatedDBWrite the deprecatedDBWrite to set + */ + @Autowired(required = true) + public void setUserManagement(FileBasedUserConfiguration userManagement) { + this.userManagement = userManagement; + } + + public String getPublicUrlPreFix(HttpServletRequest request) { + publicURLPreFix = props.getProperty("general.publicURLContext"); + + if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { + final String url = request.getRequestURL().toString(); + final String contextpath = request.getContextPath(); + final int index = url.indexOf(contextpath); + publicURLPreFix = url.substring(0, index + contextpath.length() + 1); + } + + return publicURLPreFix; + } + + public int getUserRequestCleanUpDelay() { + final String delay = props.getProperty("general.userrequests.cleanup.delay"); + return Integer.getInteger(delay, 12); + } + // public String getContactMailAddress() { // return props.getProperty("general.contact.mail"); // } - - public String getSSOLogOutURL() { - return props.getProperty("general.login.pvp2.idp.sso.logout.url"); - } - - public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { - if (keyStore == null) { - String keystoretype = getPVP2MetadataKeystoreType(); - if (MiscUtil.isEmpty(keystoretype)) { - log.debug("No KeyStoreType defined. Using default KeyStoreType."); - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - } else { - log.debug("Using " + keystoretype + " KeyStoreType."); - keyStore = KeyStore.getInstance(keystoretype); - - } - - - String fileURL = getPVP2MetadataKeystoreURL(); - log.debug("Load KeyStore from URL " + fileURL); - if (MiscUtil.isEmpty(fileURL)) { - log.info("Metadata KeyStoreURL is empty"); - throw new ConfigurationException("Metadata KeyStoreURL is empty"); - } - - URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir()))); - InputStream inputStream = keystoreURL.openStream(); - keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); - inputStream.close(); - } - - return keyStore; - - } - - public String getConfigFile() { - return configFileName; - } - - public String getConfigRootDir() { - return configRootDir; - } - - public boolean isMOAIDMode() { - String result = props.getProperty("general.moaidmode.active", "true"); - return Boolean.parseBoolean(result); - } - - public String getMOAIDInstanceURL() { - return props.getProperty("general.moaid.instance.url"); - } - - public boolean isLoginDeaktivated() { - String result = props.getProperty("general.login.deaktivate", "false"); - return Boolean.parseBoolean(result); - } - - public boolean isOATargetVerificationDeaktivated() { - String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); - return Boolean.parseBoolean(result); - } - - //PVP2 Login configuration - - public void initializePVP2Login() throws ConfigurationException { - if (!pvp2logininitialzied) - initalPVP2Login(); - } - - public boolean isPVP2LoginActive() { - - return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false")); - } - - public boolean isPVP2LoginBusinessService() { - String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); - return Boolean.parseBoolean(result); - } - - public String getPVP2LoginTarget() { - return props.getProperty("general.login.pvp2.target"); - } - - public String getPVP2LoginIdenificationValue() { - return props.getProperty("general.login.pvp2.identificationvalue"); - } - - public String getPVP2MetadataEntitiesName() { - return props.getProperty("general.login.pvp2.metadata.entities.name"); - } - - public String getPVP2MetadataKeystoreURL() { - return props.getProperty("general.login.pvp2.keystore.url"); - } - - public String getPVP2MetadataKeystorePassword() { - return props.getProperty("general.login.pvp2.keystore.password"); - } - - public String getPVP2MetadataKeystoreType() { - return props.getProperty("general.login.pvp2.keystore.type"); - } - - public String getPVP2KeystoreMetadataKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); - } - - public String getPVP2KeystoreMetadataKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); - } - - public String getPVP2KeystoreAuthRequestKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); - } - - public String getPVP2KeystoreAuthRequestKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); - } - - public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias"); - } - - public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password"); - } - - public String getPVP2IDPMetadataURL() { - return props.getProperty("general.login.pvp2.idp.metadata.url"); - } - - public String getPVP2IDPMetadataCertificate() { - return props.getProperty("general.login.pvp2.idp.metadata.certificate"); - } - - public String getPVP2IDPMetadataEntityName() { - return props.getProperty("general.login.pvp2.idp.metadata.entityID"); - } - - public HTTPMetadataProvider getMetaDataProvier() { - return idpMetadataProvider; - } - - - //SMTP Server - public String getSMTPMailHost() { - return props.getProperty("general.mail.host"); - } - - public String getSMTPMailPort() { - return props.getProperty("general.mail.host.port"); - } - - public String getSMTPMailUsername() { - return props.getProperty("general.mail.host.username"); - } - - public String getSMTPMailPassword() { - return props.getProperty("general.mail.host.password"); - } - - //Mail Configuration - public String getMailFromName() { - return props.getProperty("general.mail.from.name"); - } - - public String getMailFromAddress() { - return props.getProperty("general.mail.from.address"); - } - - public String getMailUserAcountVerificationSubject() { - return props.getProperty("general.mail.useraccountrequest.verification.subject"); - } - - public String getMailUserAcountVerificationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.verification.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); - - } - } - - public String getMailUserAcountActivationSubject() { - return props.getProperty("general.mail.useraccountrequest.isactive.subject"); - } - - public String getMailUserAcountActivationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountActivationTemplate is empty"); - throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); - - } - - } - - public String getMailOAActivationSubject() { - return props.getProperty("general.mail.createOArequest.isactive.subject"); - } - - public String getDefaultLanguage() { + + public String getSSOLogOutURL() { + return props.getProperty("general.login.pvp2.idp.sso.logout.url"); + } + + public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, + CertificateException, KeyStoreException { + if (keyStore == null) { + final String keystoretype = getPVP2MetadataKeystoreType(); + if (MiscUtil.isEmpty(keystoretype)) { + log.debug("No KeyStoreType defined. Using default KeyStoreType."); + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + } else { + log.debug("Using " + keystoretype + " KeyStoreType."); + keyStore = KeyStore.getInstance(keystoretype); + + } + + final String fileURL = getPVP2MetadataKeystoreURL(); + log.debug("Load KeyStore from URL " + fileURL); + if (MiscUtil.isEmpty(fileURL)) { + log.info("Metadata KeyStoreURL is empty"); + throw new ConfigurationException("Metadata KeyStoreURL is empty"); + } + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir())); + final InputStream inputStream = keystoreURL.openStream(); + keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); + inputStream.close(); + } + + return keyStore; + + } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + + public boolean isMOAIDMode() { + final String result = props.getProperty("general.moaidmode.active", "true"); + return Boolean.parseBoolean(result); + } + + public String getMOAIDInstanceURL() { + return props.getProperty("general.moaid.instance.url"); + } + + public boolean isLoginDeaktivated() { + final String result = props.getProperty("general.login.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + public boolean isOATargetVerificationDeaktivated() { + final String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + // PVP2 Login configuration + + public void initializePVP2Login() throws ConfigurationException { + if (!pvp2logininitialzied) { + initalPVP2Login(); + } + } + + public boolean isPVP2LoginActive() { + + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false")); + } + + public boolean isPVP2LoginBusinessService() { + final String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); + return Boolean.parseBoolean(result); + } + + public String getPVP2LoginTarget() { + return props.getProperty("general.login.pvp2.target"); + } + + public String getPVP2LoginIdenificationValue() { + return props.getProperty("general.login.pvp2.identificationvalue"); + } + + public String getPVP2MetadataEntitiesName() { + return props.getProperty("general.login.pvp2.metadata.entities.name"); + } + + public String getPVP2MetadataKeystoreURL() { + return props.getProperty("general.login.pvp2.keystore.url"); + } + + public String getPVP2MetadataKeystorePassword() { + return props.getProperty("general.login.pvp2.keystore.password"); + } + + public String getPVP2MetadataKeystoreType() { + return props.getProperty("general.login.pvp2.keystore.type"); + } + + public String getPVP2KeystoreMetadataKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); + } + + public String getPVP2KeystoreMetadataKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); + } + + public String getPVP2KeystoreAuthRequestKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); + } + + public String getPVP2KeystoreAuthRequestKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password"); + } + + public String getPVP2IDPMetadataURL() { + return props.getProperty("general.login.pvp2.idp.metadata.url"); + } + + public String getPVP2IDPMetadataCertificate() { + return props.getProperty("general.login.pvp2.idp.metadata.certificate"); + } + + public String getPVP2IDPMetadataEntityName() { + return props.getProperty("general.login.pvp2.idp.metadata.entityID"); + } + + public HTTPMetadataProvider getMetaDataProvier() { + return idpMetadataProvider; + } + + // SMTP Server + public String getSMTPMailHost() { + return props.getProperty("general.mail.host"); + } + + public String getSMTPMailPort() { + return props.getProperty("general.mail.host.port"); + } + + public String getSMTPMailUsername() { + return props.getProperty("general.mail.host.username"); + } + + public String getSMTPMailPassword() { + return props.getProperty("general.mail.host.password"); + } + + // Mail Configuration + public String getMailFromName() { + return props.getProperty("general.mail.from.name"); + } + + public String getMailFromAddress() { + return props.getProperty("general.mail.from.address"); + } + + public String getMailUserAcountVerificationSubject() { + return props.getProperty("general.mail.useraccountrequest.verification.subject"); + } + + public String getMailUserAcountVerificationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.verification.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); + + } + } + + public String getMailUserAcountActivationSubject() { + return props.getProperty("general.mail.useraccountrequest.isactive.subject"); + } + + public String getMailUserAcountActivationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountActivationTemplate is empty"); + throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); + + } + + } + + public String getMailOAActivationSubject() { + return props.getProperty("general.mail.createOArequest.isactive.subject"); + } + + public String getDefaultLanguage() { + try { + return props.getProperty("general.defaultlanguage", "de").toLowerCase(); + } catch (final Exception ex) { + return "de"; + } + } + + public String getMailOAActivationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.createOArequest.isactive.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailOAActivationTemplate is empty"); + throw new ConfigurationException("MailOAActivationTemplate is empty"); + + } + + } + + public String getMailUserAcountRevocationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); + + } + } + + public String getMailAdminSubject() { + return props.getProperty("general.mail.admin.subject"); + } + + public String getMailAdminTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.admin.adresses.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailAdminTemplate is empty"); + + } + } + + public String getMailAdminAddress() { + return props.getProperty("general.mail.admin.adress"); + } + + public String getConfigToolVersion() { + return parseVersionFromManifest(); + } + + public String getCertStoreDirectory() throws ConfigurationException { + final String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) { + return FileUtils.makeAbsoluteURL(dir, configRootDir); + } else { + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); + } + + } + + public String getTrustStoreDirectory() throws ConfigurationException { + final String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) { + return FileUtils.makeAbsoluteURL(dir, configRootDir); + } else { + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); + } + + } + + public String getConfigurationEncryptionKey() { + return props.getProperty("general.moaconfig.key"); + + } + + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + + /** + * @return + */ + private boolean isHostNameValidationEnabled() { + return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true")); + + } + + /** + * @return the context + */ + public ApplicationContext getContext() { + return context; + } + + /** + * @return the configModule + */ + public MOAIDConfigurationModul getConfigModule() { + return configModule; + } + + /** + * @return the dbRead + */ + public NewConfigurationDBRead getDbRead() { + return deprecatedDBRead; + } + + private void initalPVP2Login() throws ConfigurationException { + try { + + final String metadataCert = getPVP2IDPMetadataCertificate(); + if (MiscUtil.isEmpty(metadataCert)) { + log.info("NO IDP Certificate to verify IDP Metadata"); + throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); + } + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir())); + final InputStream certstream = keystoreURL.openStream(); + final X509Certificate cert = new X509Certificate(certstream); + final BasicX509Credential idpCredential = new BasicX509Credential(); + idpCredential.setEntityCertificate(cert); + + log.debug("IDP Certificate loading finished"); + + final String metadataurl = getPVP2IDPMetadataURL(); + if (MiscUtil.isEmpty(metadataurl)) { + log.info("NO IDP Metadata URL."); + throw new ConfigurationException("NO IDP Metadata URL."); + } + + final MOAHttpClient httpClient = new MOAHttpClient(); + + if (metadataurl.startsWith("https:")) { try { - return props.getProperty("general.defaultlanguage", "de").toLowerCase(); - } catch (Exception ex) { - return "de"; + final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + true, + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[] { "crl" }, + ConfigurationProvider.getInstance().isHostNameValidationEnabled()); + + httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); + + } catch (final MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + } + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl); + idpMetadataProvider.setRequireValidMetadata(true); + idpMetadataProvider.setParserPool(new BasicParserPool()); + idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); + idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12); // refresh Metadata every 12h + idpMetadataProvider.initialize(); + + pvp2logininitialzied = true; + + } catch (final Exception e) { + log.warn("PVP2 authentification can not be initialized."); + throw new ConfigurationException("error.initialization.pvplogin", e); } - - public String getMailOAActivationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.createOArequest.isactive.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailOAActivationTemplate is empty"); - throw new ConfigurationException("MailOAActivationTemplate is empty"); - - } - - } - - public String getMailUserAcountRevocationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); - - } - } - - public String getMailAdminSubject() { - return props.getProperty("general.mail.admin.subject"); - } - - public String getMailAdminTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.admin.adresses.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailAdminTemplate is empty"); - - } - } - - public String getMailAdminAddress() { - return props.getProperty("general.mail.admin.adress"); - } - - public String getConfigToolVersion() { - return parseVersionFromManifest(); - } - - public String getCertStoreDirectory() throws ConfigurationException { - String dir = props.getProperty("general.ssl.certstore"); - if (MiscUtil.isNotEmpty(dir)) - return FileUtils.makeAbsoluteURL(dir, configRootDir); - - else - throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); - - } - - public String getTrustStoreDirectory() throws ConfigurationException { - String dir = props.getProperty("general.ssl.truststore"); - if (MiscUtil.isNotEmpty(dir)) - return FileUtils.makeAbsoluteURL(dir, configRootDir); - - else - throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); - - } - - public String getConfigurationEncryptionKey() { - return props.getProperty("general.moaconfig.key"); - - } - - public boolean isPVPMetadataSchemaValidationActive() { - return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); - - } - - /** - * @return - */ - private boolean isHostNameValidationEnabled() { - return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true")); - - } - - /** - * @return the context - */ - public ApplicationContext getContext() { - return context; - } - - /** - * @return the configModule - */ - public MOAIDConfigurationModul getConfigModule() { - return configModule; - } - - - - /** - * @return the dbRead - */ - public NewConfigurationDBRead getDbRead() { - return deprecatedDBRead; - } - - private void initalPVP2Login() throws ConfigurationException { - try { - - String metadataCert = getPVP2IDPMetadataCertificate(); - if (MiscUtil.isEmpty(metadataCert)) { - log.info("NO IDP Certificate to verify IDP Metadata"); - throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); - } - - URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir()))); - InputStream certstream = keystoreURL.openStream(); - X509Certificate cert = new X509Certificate(certstream); - BasicX509Credential idpCredential = new BasicX509Credential(); - idpCredential.setEntityCertificate(cert); - - log.debug("IDP Certificate loading finished"); - - String metadataurl = getPVP2IDPMetadataURL(); - if (MiscUtil.isEmpty(metadataurl)) { - log.info("NO IDP Metadata URL."); - throw new ConfigurationException("NO IDP Metadata URL."); - } - - MOAHttpClient httpClient = new MOAHttpClient(); - - if (metadataurl.startsWith("https:")) { - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - true, - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - ConfigurationProvider.getInstance().isHostNameValidationEnabled()); - - httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); - - } - } - - idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl); - idpMetadataProvider.setRequireValidMetadata(true); - idpMetadataProvider.setParserPool(new BasicParserPool()); - idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); - idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h - idpMetadataProvider.initialize(); - - pvp2logininitialzied = true; - - } catch (Exception e) { - log.warn("PVP2 authentification can not be initialized."); - throw new ConfigurationException("error.initialization.pvplogin", e); - } - } - - private String parseVersionFromManifest() { - - - - try { - Class clazz = ConfigurationProvider.class; - String className = clazz.getSimpleName() + ".class"; - String classPath = clazz.getResource(className).toString(); - - if (classPath.startsWith("jar")) { - log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version"); - return Constants.DEFAULT_VERSION; - - } - - String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/") + "WEB-INF/classes/".length()) + - "../../META-INF/MANIFEST.MF"; - - Manifest manifest = new Manifest(new URL(manifestPath).openStream());; - - Attributes attributes = manifest.getMainAttributes(); - String version = attributes.getValue("version"); - - if (MiscUtil.isNotEmpty(version)) - return version; - - else { - log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version"); - return Constants.DEFAULT_VERSION; - - } - - } catch (Throwable e) { - log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version"); - - return Constants.DEFAULT_VERSION; - } - - - } + } + + private String parseVersionFromManifest() { + + try { + final Class clazz = ConfigurationProvider.class; + final String className = clazz.getSimpleName() + ".class"; + final String classPath = clazz.getResource(className).toString(); + + if (classPath.startsWith("jar")) { + log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version"); + return Constants.DEFAULT_VERSION; + + } + + final String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/") + + "WEB-INF/classes/".length()) + + "../../META-INF/MANIFEST.MF"; + + final Manifest manifest = new Manifest(new URL(manifestPath).openStream()); + + final Attributes attributes = manifest.getMainAttributes(); + final String version = attributes.getValue("version"); + + if (MiscUtil.isNotEmpty(version)) { + return version; + } else { + log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version"); + return Constants.DEFAULT_VERSION; + + } + + } catch (final Throwable e) { + log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version"); + + return Constants.DEFAULT_VERSION; + } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index ca0bb8ac4..a45bec654 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -34,8 +34,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -52,821 +50,815 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class FormularCustomization implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(FormularCustomization.class); - - private boolean showMandateLoginButton = true; - private boolean onlyMandateAllowed = false; - - private String fontType = null; - - private String frontColor = null; - private String backGroundColor = null; - private String header_FrontColor = null; - private String header_BackGroundColor = null; - private String header_text = null; - private String button_BackGroundColor = null; - private String button_BackGroundColorFocus = null; - private String button_FrontColor = null; - private String applet_height = null; - private String applet_width = null; - - private Map map = null; - - private String appletRedirectTarget = null; - public static List appletRedirectTargetList = null; - - public static List fontTypeList = null; - public String fontTypeListValue = null; - - private Map sendAssertionForm = new HashMap(); - private Map bkuSelectionForm = new HashMap(); - - private List bkuSelectionFileUpload = null; - private List bkuSelectionFileUploadContentType = null; - private List bkuSelectionFileUploadFileName = new ArrayList(); - private boolean deleteBKUTemplate = false; - - private List sendAssertionFileUpload = null; - private List sendAssertionFileUploadContentType = null; - private List sendAssertionFileUploadFileName = new ArrayList();; - private boolean deleteSendAssertionTemplate = false; - - private String aditionalAuthBlockText = null; - private boolean isHideBPKAuthBlock = false; - - private String saml2PostBindingTemplate = null; - private String mandateServiceSelectionTemplate = null; - - public FormularCustomization() { - new FormularCustomization(null); - } - - public FormularCustomization(Map map) { - appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top"); - fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman"); - Collections.sort(fontTypeList); - - if (map == null) - this.map = FormBuildUtils.getDefaultMap(); - else - this.map = map; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAFormularCustomization"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA auth = dbOA.getAuthComponentOA(); - - mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL(); - saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL(); - - if (dbOA.getAuthComponentOA() != null) - isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); - - if (auth != null) { - TemplatesType templates = auth.getTemplates(); - - if (templates != null) { - aditionalAuthBlockText = templates.getAditionalAuthBlockText(); - - TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); - if (bkuSelectTemplate != null - && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename()) - && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) - && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { - bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); - } - - TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); - if (sendAssertionTemplate != null - && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename()) - && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) - && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { - sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); - } - - BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); - if (formcustom != null) { - - if (formcustom.isMandateLoginButton() != null) { - showMandateLoginButton = formcustom.isMandateLoginButton(); - } - - if (formcustom.isOnlyMandateLoginAllowed() != null) { - onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); - } - - if (formcustom.getAppletHeight() != null) { - applet_height = formcustom.getAppletHeight(); - } - - if (formcustom.getAppletHeight() != null) { - applet_width = formcustom.getAppletWidth(); - } - - if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) - appletRedirectTarget = formcustom.getAppletRedirectTarget(); - - if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { - backGroundColor = formcustom.getBackGroundColor(); - map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { - button_BackGroundColor = formcustom.getButtonBackGroundColor(); - map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { - button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); - map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { - button_FrontColor = formcustom.getButtonFontColor(); - map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getFontType())) { - fontType = formcustom.getFontType(); - map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType()); - } - - if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { - frontColor = formcustom.getFrontColor(); - map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { - header_BackGroundColor = formcustom.getHeaderBackGroundColor(); - map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { - header_FrontColor = formcustom.getHeaderFrontColor(); - map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { - header_text = formcustom.getHeaderText(); - map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText()); - } - } - } - } - - request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); - - dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate); - dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate); - - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - - templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); - - //store BKU-selection and send-assertion templates - if (authUser.isAdmin()) { - - if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) { - //templates.setBKUSelectionTemplate(null); - templates.getBKUSelectionTemplate().setDelete(true); - } - - if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) { - //templates.setSendAssertionTemplate(null); - templates.getSendAssertionTemplate().setDelete(true); - } - - - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = bkuSelectionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(bkuSelectionForm.get( - template.getFilename())); - - templates.setBKUSelectionTemplate(template); - } - - if (sendAssertionForm != null && sendAssertionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = sendAssertionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(sendAssertionForm.get( - template.getFilename())); - - templates.setSendAssertionTemplate(template); - } + private boolean showMandateLoginButton = true; + private boolean onlyMandateAllowed = false; + + private String fontType = null; + + private String frontColor = null; + private String backGroundColor = null; + private String header_FrontColor = null; + private String header_BackGroundColor = null; + private String header_text = null; + private String button_BackGroundColor = null; + private String button_BackGroundColorFocus = null; + private String button_FrontColor = null; + private String applet_height = null; + private String applet_width = null; + + private Map map = null; + + private String appletRedirectTarget = null; + public static List appletRedirectTargetList = null; + + public static List fontTypeList = null; + public String fontTypeListValue = null; + + private Map sendAssertionForm = new HashMap<>(); + private Map bkuSelectionForm = new HashMap<>(); + + private List bkuSelectionFileUpload = null; + private List bkuSelectionFileUploadContentType = null; + private List bkuSelectionFileUploadFileName = new ArrayList<>(); + private boolean deleteBKUTemplate = false; + + private List sendAssertionFileUpload = null; + private List sendAssertionFileUploadContentType = null; + private List sendAssertionFileUploadFileName = new ArrayList<>(); + private boolean deleteSendAssertionTemplate = false; + + private String aditionalAuthBlockText = null; + private boolean isHideBPKAuthBlock = false; + + private String saml2PostBindingTemplate = null; + private String mandateServiceSelectionTemplate = null; + + public FormularCustomization() { + new FormularCustomization(null); + } + + public FormularCustomization(Map map) { + appletRedirectTargetList = Arrays.asList("", "_blank", "_self", "_parent", "_top"); + fontTypeList = Arrays.asList("", "Verdana", "Geneva", "Arial", "Helvetica", "sans-serif", + "Times New Roman"); + Collections.sort(fontTypeList); + + if (map == null) { + this.map = FormBuildUtils.getDefaultMap(); + } else { + this.map = map; + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAFormularCustomization"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA auth = dbOA.getAuthComponentOA(); + + mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL(); + saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL(); + + if (dbOA.getAuthComponentOA() != null) { + isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); + } + + if (auth != null) { + final TemplatesType templates = auth.getTemplates(); + + if (templates != null) { + aditionalAuthBlockText = templates.getAditionalAuthBlockText(); + + final TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); + if (bkuSelectTemplate != null + && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename()) + && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) + && !bkuSelectTemplate.getFilename().equals( + MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { + bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); } - - BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); - if (bkuselectioncustom == null) { - bkuselectioncustom = new BKUSelectionCustomizationType(); - templates.setBKUSelectionCustomization(bkuselectioncustom); + + final TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); + if (sendAssertionTemplate != null + && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename()) + && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) + && !sendAssertionTemplate.getFilename().equals( + MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { + sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); } - - if (authoa.getMandates() != null && - ((authoa.getMandates().getProfileName() != null - && authoa.getMandates().getProfileName().size() > 0) - || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) - - bkuselectioncustom.setMandateLoginButton(true); - else - bkuselectioncustom.setMandateLoginButton(false); - - bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); - - bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); - bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); - - bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); - bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); - bkuselectioncustom.setHeaderText(getHeader_text()); - - bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); - bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); - bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); - - if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) - bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); - - bkuselectioncustom.setFontType(getFontType()); - - bkuselectioncustom.setAppletHeight(getApplet_height()); - bkuselectioncustom.setAppletWidth(getApplet_width()); - - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - HttpSession session = request.getSession(); - List errors = new ArrayList(); - - String check = null; - if (authUser.isAdmin()) { - //validate aditionalAuthBlockText - check = getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - } - - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - //validate BKU-selection template - List templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName() - , getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); - if (templateError != null && templateError.size() == 0) { - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) - session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); - - else - bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - - } else { - errors.addAll(templateError); + final BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); + if (formcustom != null) { + + if (formcustom.isMandateLoginButton() != null) { + showMandateLoginButton = formcustom.isMandateLoginButton(); + } + + if (formcustom.isOnlyMandateLoginAllowed() != null) { + onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); + } + + if (formcustom.getAppletHeight() != null) { + applet_height = formcustom.getAppletHeight(); + } + + if (formcustom.getAppletHeight() != null) { + applet_width = formcustom.getAppletWidth(); + } + + if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) { + appletRedirectTarget = formcustom.getAppletRedirectTarget(); + } + + if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { + backGroundColor = formcustom.getBackGroundColor(); + map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { + button_BackGroundColor = formcustom.getButtonBackGroundColor(); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { + button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom + .getButtonBackGroundColorFocus()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { + button_FrontColor = formcustom.getButtonFontColor(); + map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFontType())) { + fontType = formcustom.getFontType(); + map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { + frontColor = formcustom.getFrontColor(); + map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { + header_BackGroundColor = formcustom.getHeaderBackGroundColor(); + map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { + header_FrontColor = formcustom.getHeaderFrontColor(); + map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { + header_text = formcustom.getHeaderText(); + map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText()); + } } + } + } + + request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } - //validate send-assertion template - templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName() - , getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); - if (templateError != null && templateError.size() == 0) { - if (sendAssertionForm != null && sendAssertionForm.size() > 0) - session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); - else - sendAssertionForm = (Map) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate); + dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate); - } else { - errors.addAll(templateError); + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } - } - - check = getSaml2PostBindingTemplate(); - if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("URL to SAML2 POST-Binding template is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", request)); - - } - - check = getMandateServiceSelectionTemplate(); - if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("URL to mandate-service selection-template is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", request)); - - } - - - //validate BKUFormCustomization - errors.addAll(new FormularCustomizationValitator().validate(this, request)); - - return errors; - } - - private String parseColor(String color) { - String value = ""; - - if (MiscUtil.isNotEmpty(color)) { - if (!color.startsWith("#")) - value = "#" + color; - else - value = color; - } - return value; + templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); + + // store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) { + // templates.setBKUSelectionTemplate(null); + templates.getBKUSelectionTemplate().setDelete(true); + } + + if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) { + // templates.setSendAssertionTemplate(null); + templates.getSendAssertionTemplate().setDelete(true); + } + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + final TransformsInfoType template = new TransformsInfoType(); + + final Iterator interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + final TransformsInfoType template = new TransformsInfoType(); + + final Iterator interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } } - /** - * @return the showMandateLoginButton - */ - public boolean isShowMandateLoginButton() { - return showMandateLoginButton; - } + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + if (authoa.getMandates() != null && + (authoa.getMandates().getProfileName() != null + && authoa.getMandates().getProfileName().size() > 0 + || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) { + bkuselectioncustom.setMandateLoginButton(true); + } else { + bkuselectioncustom.setMandateLoginButton(false); + } + bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); - /** - * @param showMandateLoginButton the showMandateLoginButton to set - */ - public void setShowMandateLoginButton(boolean showMandateLoginButton) { - this.showMandateLoginButton = showMandateLoginButton; - } + bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); + bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(getHeader_text()); - /** - * @return the onlyMandateAllowed - */ - public boolean isOnlyMandateAllowed() { - return onlyMandateAllowed; - } + bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); + if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) { + bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); + } + + bkuselectioncustom.setFontType(getFontType()); + + bkuselectioncustom.setAppletHeight(getApplet_height()); + bkuselectioncustom.setAppletWidth(getApplet_width()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final HttpSession session = request.getSession(); + final List errors = new ArrayList<>(); + + String check = null; + if (authUser.isAdmin()) { + // validate aditionalAuthBlockText + check = getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + } - /** - * @param onlyMandateAllowed the onlyMandateAllowed to set - */ - public void setOnlyMandateAllowed(boolean onlyMandateAllowed) { - this.onlyMandateAllowed = onlyMandateAllowed; - } + final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + // validate BKU-selection template + List templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName(), + getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + } else { + bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + } + } else { + errors.addAll(templateError); - /** - * @return the fontType - */ - public String getFontType() { - return fontType; - } + } + // validate send-assertion template + templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName(), + getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + } else { + sendAssertionForm = (Map) session.getAttribute( + Constants.SESSION_SENDASSERTIONTEMPLATE); + } - /** - * @param fontType the fontType to set - */ - public void setFontType(String fontType) { - this.fontType = fontType; - } + } else { + errors.addAll(templateError); + } - /** - * @return the frontColor - */ - public String getFrontColor() { - return frontColor; - } + check = getSaml2PostBindingTemplate(); + if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("URL to SAML2 POST-Binding template is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", + request)); + } - /** - * @param frontColor the frontColor to set - */ - public void setFrontColor(String frontColor) { - this.frontColor = frontColor; - } + check = getMandateServiceSelectionTemplate(); + if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("URL to mandate-service selection-template is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", + request)); + } - /** - * @return the backGroundColor - */ - public String getBackGroundColor() { - return backGroundColor; - } + // validate BKUFormCustomization + errors.addAll(new FormularCustomizationValitator().validate(this, request)); + return errors; + } - /** - * @param backGroundColor the backGroundColor to set - */ - public void setBackGroundColor(String backGroundColor) { - this.backGroundColor = backGroundColor; - } + private String parseColor(String color) { + String value = ""; + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) { + value = "#" + color; + } else { + value = color; + } + } + return value; + } + + /** + * @return the showMandateLoginButton + */ + public boolean isShowMandateLoginButton() { + return showMandateLoginButton; + } + + /** + * @param showMandateLoginButton the showMandateLoginButton to set + */ + public void setShowMandateLoginButton(boolean showMandateLoginButton) { + this.showMandateLoginButton = showMandateLoginButton; + } + + /** + * @return the onlyMandateAllowed + */ + public boolean isOnlyMandateAllowed() { + return onlyMandateAllowed; + } + + /** + * @param onlyMandateAllowed the onlyMandateAllowed to set + */ + public void setOnlyMandateAllowed(boolean onlyMandateAllowed) { + this.onlyMandateAllowed = onlyMandateAllowed; + } + + /** + * @return the fontType + */ + public String getFontType() { + return fontType; + } + + /** + * @param fontType the fontType to set + */ + public void setFontType(String fontType) { + this.fontType = fontType; + } + + /** + * @return the frontColor + */ + public String getFrontColor() { + return frontColor; + } + + /** + * @param frontColor the frontColor to set + */ + public void setFrontColor(String frontColor) { + this.frontColor = frontColor; + } + + /** + * @return the backGroundColor + */ + public String getBackGroundColor() { + return backGroundColor; + } + + /** + * @param backGroundColor the backGroundColor to set + */ + public void setBackGroundColor(String backGroundColor) { + this.backGroundColor = backGroundColor; + } + + /** + * @return the header_FrontColor + */ + public String getHeader_FrontColor() { + return header_FrontColor; + } + + /** + * @param header_FrontColor the header_FrontColor to set + */ + public void setHeader_FrontColor(String header_FrontColor) { + this.header_FrontColor = header_FrontColor; + } + + /** + * @return the header_BackGroundColor + */ + public String getHeader_BackGroundColor() { + return header_BackGroundColor; + } + + /** + * @param header_BackGroundColor the header_BackGroundColor to set + */ + public void setHeader_BackGroundColor(String header_BackGroundColor) { + this.header_BackGroundColor = header_BackGroundColor; + } + + /** + * @return the header_text + */ + public String getHeader_text() { + return header_text; + } + + /** + * @param header_text the header_text to set + */ + public void setHeader_text(String header_text) { + this.header_text = header_text; + } + + /** + * @return the button_BackGroundColor + */ + public String getButton_BackGroundColor() { + return button_BackGroundColor; + } + + /** + * @param button_BackGroundColor the button_BackGroundColor to set + */ + public void setButton_BackGroundColor(String button_BackGroundColor) { + this.button_BackGroundColor = button_BackGroundColor; + } + + /** + * @return the button_BackGroundColorFocus + */ + public String getButton_BackGroundColorFocus() { + return button_BackGroundColorFocus; + } + + /** + * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set + */ + public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) { + this.button_BackGroundColorFocus = button_BackGroundColorFocus; + } + + /** + * @return the button_FrontColor + */ + public String getButton_FrontColor() { + return button_FrontColor; + } + + /** + * @param button_FrontColor the button_FrontColor to set + */ + public void setButton_FrontColor(String button_FrontColor) { + this.button_FrontColor = button_FrontColor; + } + + /** + * @return the appletRedirectTarget + */ + public String getAppletRedirectTarget() { + return appletRedirectTarget; + } + + /** + * @param appletRedirectTarget the appletRedirectTarget to set + */ + public void setAppletRedirectTarget(String appletRedirectTarget) { + this.appletRedirectTarget = appletRedirectTarget; + } + + /** + * @return the appletredirecttargetlist + */ + public List getAppletRedirectTargetList() { + return appletRedirectTargetList; + } + + /** + * @return the fontTypeList + */ + public List getFontTypeList() { + return fontTypeList; + } + + /** + * @return the fontTypeListValue + */ + public String getFontTypeListValue() { + return fontTypeListValue; + } + + /** + * @param fontTypeListValue the fontTypeListValue to set + */ + public void setFontTypeListValue(String fontTypeListValue) { + this.fontTypeListValue = fontTypeListValue; + } + + /** + * @return the applet_height + */ + public String getApplet_height() { + return applet_height; + } + + /** + * @param applet_height the applet_height to set + */ + public void setApplet_height(String applet_height) { + this.applet_height = applet_height; + } + + /** + * @return the applet_width + */ + public String getApplet_width() { + return applet_width; + } + + /** + * @param applet_width the applet_width to set + */ + public void setApplet_width(String applet_width) { + this.applet_width = applet_width; + } + + /** + * @return the bkuSelectionFileUpload + */ + public List getBkuSelectionFileUpload() { + return bkuSelectionFileUpload; + } + + /** + * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set + */ + public void setBkuSelectionFileUpload(List bkuSelectionFileUpload) { + this.bkuSelectionFileUpload = bkuSelectionFileUpload; + } + + /** + * @return the bkuSelectionFileUploadContentType + */ + public List getBkuSelectionFileUploadContentType() { + return bkuSelectionFileUploadContentType; + } + + /** + * @param bkuSelectionFileUploadContentType the + * bkuSelectionFileUploadContentType to + * set + */ + public void setBkuSelectionFileUploadContentType( + List bkuSelectionFileUploadContentType) { + this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; + } + + /** + * @return the bkuSelectionFileUploadFileName + */ + public List getBkuSelectionFileUploadFileName() { + return bkuSelectionFileUploadFileName; + } + + /** + * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to + * set + */ + public void setBkuSelectionFileUploadFileName( + List bkuSelectionFileUploadFileName) { + this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; + } + + /** + * @return the sendAssertionFileUpload + */ + public List getSendAssertionFileUpload() { + return sendAssertionFileUpload; + } + + /** + * @param sendAssertionFileUpload the sendAssertionFileUpload to set + */ + public void setSendAssertionFileUpload(List sendAssertionFileUpload) { + this.sendAssertionFileUpload = sendAssertionFileUpload; + } + + /** + * @return the sendAssertionFileUploadContentType + */ + public List getSendAssertionFileUploadContentType() { + return sendAssertionFileUploadContentType; + } + + /** + * @param sendAssertionFileUploadContentType the + * sendAssertionFileUploadContentType + * to set + */ + public void setSendAssertionFileUploadContentType( + List sendAssertionFileUploadContentType) { + this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; + } + + /** + * @return the sendAssertionFileUploadFileName + */ + public List getSendAssertionFileUploadFileName() { + return sendAssertionFileUploadFileName; + } + + /** + * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to + * set + */ + public void setSendAssertionFileUploadFileName( + List sendAssertionFileUploadFileName) { + this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; + } + + /** + * @return the deleteBKUTemplate + */ + public boolean isDeleteBKUTemplate() { + return deleteBKUTemplate; + } + + /** + * @param deleteBKUTemplate the deleteBKUTemplate to set + */ + public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { + this.deleteBKUTemplate = deleteBKUTemplate; + } + + /** + * @return the deleteSendAssertionTemplate + */ + public boolean isDeleteSendAssertionTemplate() { + return deleteSendAssertionTemplate; + } + + /** + * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set + */ + public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { + this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; + } + + /** + * @return the aditionalAuthBlockText + */ + public String getAditionalAuthBlockText() { + return aditionalAuthBlockText; + } + + /** + * @param aditionalAuthBlockText the aditionalAuthBlockText to set + */ + public void setAditionalAuthBlockText(String aditionalAuthBlockText) { + this.aditionalAuthBlockText = aditionalAuthBlockText; + } + + /** + * @return the isHideBPKAuthBlock + */ + public boolean isHideBPKAuthBlock() { + return isHideBPKAuthBlock; + } + + /** + * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set + */ + public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { + this.isHideBPKAuthBlock = isHideBPKAuthBlock; + } + + /** + * @return the map + */ + public Map getFormMap() { + return map; + } + + /** + * @return the saml2PostBindingTemplate + */ + public String getSaml2PostBindingTemplate() { + return saml2PostBindingTemplate; + } + + /** + * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set + */ + public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) { + this.saml2PostBindingTemplate = saml2PostBindingTemplate; + } + + /** + * @return the mandateServiceSelectionTemplate + */ + public String getMandateServiceSelectionTemplate() { + return mandateServiceSelectionTemplate; + } + + /** + * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to + * set + */ + public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) { + this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate; + } - /** - * @return the header_FrontColor - */ - public String getHeader_FrontColor() { - return header_FrontColor; - } - - - /** - * @param header_FrontColor the header_FrontColor to set - */ - public void setHeader_FrontColor(String header_FrontColor) { - this.header_FrontColor = header_FrontColor; - } - - - /** - * @return the header_BackGroundColor - */ - public String getHeader_BackGroundColor() { - return header_BackGroundColor; - } - - - /** - * @param header_BackGroundColor the header_BackGroundColor to set - */ - public void setHeader_BackGroundColor(String header_BackGroundColor) { - this.header_BackGroundColor = header_BackGroundColor; - } - - - /** - * @return the header_text - */ - public String getHeader_text() { - return header_text; - } - - - /** - * @param header_text the header_text to set - */ - public void setHeader_text(String header_text) { - this.header_text = header_text; - } - - - /** - * @return the button_BackGroundColor - */ - public String getButton_BackGroundColor() { - return button_BackGroundColor; - } - - - /** - * @param button_BackGroundColor the button_BackGroundColor to set - */ - public void setButton_BackGroundColor(String button_BackGroundColor) { - this.button_BackGroundColor = button_BackGroundColor; - } - - - /** - * @return the button_BackGroundColorFocus - */ - public String getButton_BackGroundColorFocus() { - return button_BackGroundColorFocus; - } - - - /** - * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set - */ - public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) { - this.button_BackGroundColorFocus = button_BackGroundColorFocus; - } - - - /** - * @return the button_FrontColor - */ - public String getButton_FrontColor() { - return button_FrontColor; - } - - - /** - * @param button_FrontColor the button_FrontColor to set - */ - public void setButton_FrontColor(String button_FrontColor) { - this.button_FrontColor = button_FrontColor; - } - - - /** - * @return the appletRedirectTarget - */ - public String getAppletRedirectTarget() { - return appletRedirectTarget; - } - - /** - * @param appletRedirectTarget the appletRedirectTarget to set - */ - public void setAppletRedirectTarget(String appletRedirectTarget) { - this.appletRedirectTarget = appletRedirectTarget; - } - - - /** - * @return the appletredirecttargetlist - */ - public List getAppletRedirectTargetList() { - return appletRedirectTargetList; - } - - /** - * @return the fontTypeList - */ - public List getFontTypeList() { - return fontTypeList; - } - - /** - * @return the fontTypeListValue - */ - public String getFontTypeListValue() { - return fontTypeListValue; - } - - /** - * @param fontTypeListValue the fontTypeListValue to set - */ - public void setFontTypeListValue(String fontTypeListValue) { - this.fontTypeListValue = fontTypeListValue; - } - - /** - * @return the applet_height - */ - public String getApplet_height() { - return applet_height; - } - - /** - * @param applet_height the applet_height to set - */ - public void setApplet_height(String applet_height) { - this.applet_height = applet_height; - } - - /** - * @return the applet_width - */ - public String getApplet_width() { - return applet_width; - } - - /** - * @param applet_width the applet_width to set - */ - public void setApplet_width(String applet_width) { - this.applet_width = applet_width; - } - - - - /** - * @return the bkuSelectionFileUpload - */ - public List getBkuSelectionFileUpload() { - return bkuSelectionFileUpload; - } - - - /** - * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set - */ - public void setBkuSelectionFileUpload(List bkuSelectionFileUpload) { - this.bkuSelectionFileUpload = bkuSelectionFileUpload; - } - - - /** - * @return the bkuSelectionFileUploadContentType - */ - public List getBkuSelectionFileUploadContentType() { - return bkuSelectionFileUploadContentType; - } - - - /** - * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set - */ - public void setBkuSelectionFileUploadContentType( - List bkuSelectionFileUploadContentType) { - this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; - } - - - /** - * @return the bkuSelectionFileUploadFileName - */ - public List getBkuSelectionFileUploadFileName() { - return bkuSelectionFileUploadFileName; - } - - - /** - * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set - */ - public void setBkuSelectionFileUploadFileName( - List bkuSelectionFileUploadFileName) { - this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; - } - - - /** - * @return the sendAssertionFileUpload - */ - public List getSendAssertionFileUpload() { - return sendAssertionFileUpload; - } - - - /** - * @param sendAssertionFileUpload the sendAssertionFileUpload to set - */ - public void setSendAssertionFileUpload(List sendAssertionFileUpload) { - this.sendAssertionFileUpload = sendAssertionFileUpload; - } - - - /** - * @return the sendAssertionFileUploadContentType - */ - public List getSendAssertionFileUploadContentType() { - return sendAssertionFileUploadContentType; - } - - - /** - * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set - */ - public void setSendAssertionFileUploadContentType( - List sendAssertionFileUploadContentType) { - this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; - } - - - /** - * @return the sendAssertionFileUploadFileName - */ - public List getSendAssertionFileUploadFileName() { - return sendAssertionFileUploadFileName; - } - - - /** - * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set - */ - public void setSendAssertionFileUploadFileName( - List sendAssertionFileUploadFileName) { - this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; - } - - - /** - * @return the deleteBKUTemplate - */ - public boolean isDeleteBKUTemplate() { - return deleteBKUTemplate; - } - - - /** - * @param deleteBKUTemplate the deleteBKUTemplate to set - */ - public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { - this.deleteBKUTemplate = deleteBKUTemplate; - } - - - /** - * @return the deleteSendAssertionTemplate - */ - public boolean isDeleteSendAssertionTemplate() { - return deleteSendAssertionTemplate; - } - - - /** - * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set - */ - public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { - this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; - } - - /** - * @return the aditionalAuthBlockText - */ - public String getAditionalAuthBlockText() { - return aditionalAuthBlockText; - } - - /** - * @param aditionalAuthBlockText the aditionalAuthBlockText to set - */ - public void setAditionalAuthBlockText(String aditionalAuthBlockText) { - this.aditionalAuthBlockText = aditionalAuthBlockText; - } - - /** - * @return the isHideBPKAuthBlock - */ - public boolean isHideBPKAuthBlock() { - return isHideBPKAuthBlock; - } - - /** - * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set - */ - public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { - this.isHideBPKAuthBlock = isHideBPKAuthBlock; - } - - /** - * @return the map - */ - public Map getFormMap() { - return map; - } - - /** - * @return the saml2PostBindingTemplate - */ - public String getSaml2PostBindingTemplate() { - return saml2PostBindingTemplate; - } - - /** - * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set - */ - public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) { - this.saml2PostBindingTemplate = saml2PostBindingTemplate; - } - - /** - * @return the mandateServiceSelectionTemplate - */ - public String getMandateServiceSelectionTemplate() { - return mandateServiceSelectionTemplate; - } - - /** - * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to set - */ - public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) { - this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 3929238f6..e7b4bfa3b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -63,434 +63,444 @@ import at.gv.egovernment.moa.util.MiscUtil; public class GeneralMOAIDConfig { - public static final long DEFAULTTIMEOUTASSERTION = 120; //sec - public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; //sec - public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; //sec - - public static final String LINE_DELIMITER = ";"; - - private String alternativeSourceID = null; + public static final long DEFAULTTIMEOUTASSERTION = 120; // sec + public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; // sec + public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; // sec + + public static final String LINE_DELIMITER = ";"; + + private String alternativeSourceID = null; // private String certStoreDirectory = null; - private boolean trustmanagerrevocationcheck = true; - - private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); - private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); - private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); - - private String moaspssURL = null; - private String moaspssAuthTrustProfile = null; - private String moaspssAuthTransformations = ""; - private List authTransformList = null; - private String moaspssIdlTrustProfile = null; - - private String moaspssIdlTrustProfileTest = null; - private String moaspssAuthTrustProfileTest = null; - - private String mandateURL = null; - private String szrgwURL = null; - private String elgaMandateServiceURL = null; - private String eidSystemServiceURL = null; - - private boolean protocolActiveSAML1 = false; - private boolean protocolActivePVP21 = true; - private boolean protocolActiveOAuth = true; - - private boolean legacy_saml1 = false; - private boolean legacy_pvp2 = false; - - private String saml1SourceID = null; - - private String pvp2IssuerName = null; - private String pvp2OrgName = null; - private String pvp2OrgDisplayName = null; - private String pvp2OrgURL = null; - private ContactForm pvp2Contact = null; - - private List fileUpload = null; - private List fileUploadContentType; - private List fileUploadFileName = new ArrayList(); - private Map secLayerTransformation = null; - - private String ssoTarget = null; - private String ssoFriendlyName = null; - private String ssoSpecialText = null; - private String ssoIdentificationNumber = null; - - private String defaultchainigmode = null; - private static Map chainigmodelist; - - private String trustedCACerts = null; - - - private String defaultBKUOnline = ""; - private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; - private String defaultBKUHandy = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; - - private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html"; - private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html"; - private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; - - private String publicURLPrefix = null; - private boolean virtualPublicURLPrefixEnabled = false; - - private boolean moaidMode = false; - - public GeneralMOAIDConfig() { - try { - this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - e.printStackTrace(); - - } - - chainigmodelist = new HashMap(); - ChainingModeType[] values = ChainingModeType.values(); - for (int i=0; i authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo(); - - if (authBlockTrans != null && !authBlockTrans.isEmpty()) { - if (secLayerTransformation == null) - secLayerTransformation = new HashMap(); - for (TransformsInfoType el : authBlockTrans) - secLayerTransformation.put(el.getFilename(), el.getTransformation()); - - } - } - - } catch (Exception e) { - - } - - } - - public void parse(MOAIDConfiguration config) { - - if (config != null) { - AuthComponentGeneral auth = config.getAuthComponentGeneral(); - - //get ELGA mandate service URLs from configuration - if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) { - if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs())) - eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs()); - - else { - if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0, - config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - eidSystemServiceURL = config.getEidSystemServiceURLs(); - - } - } - - - //get ELGA mandate service URLs from configuration - if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) { - if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) - elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs()); - - else { - if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0, - config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - elgaMandateServiceURL = config.getElgaMandateServiceURLs(); - - } - } - - - - if (auth != null) { - - GeneralConfiguration authgen = auth.getGeneralConfiguration(); - if (authgen != null) { - alternativeSourceID = authgen.getAlternativeSourceID(); - //certStoreDirectory = authgen.getCertStoreDirectory(); - if (authgen.isTrustManagerRevocationChecking() != null) - trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); - - virtualPublicURLPrefixEnabled = - KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); - - if (virtualPublicURLPrefixEnabled) { - //format CSV values with newlines - publicURLPrefix = KeyValueUtils.normalizeCSVValueString( - authgen.getPublicURLPreFix()); - - } else { - String tmp = authgen.getPublicURLPreFix(); - if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - publicURLPrefix = tmp.substring(0, - tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - publicURLPrefix = tmp; - } - - TimeOuts timeouts = authgen.getTimeOuts(); - if (timeouts != null) { - - if(timeouts.getAssertion() != null) - timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue()); - if(timeouts.getMOASessionCreated() != null) - timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue()); - if(timeouts.getMOASessionUpdated() != null) - timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue()); - - } - - - //deactive STORK - if (isMoaidMode()) { - ForeignIdentities foreign = auth.getForeignIdentities(); - if (foreign != null) { - ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); - if (connect_foreign != null) { - if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { - if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) - szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); - - else { - if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - szrgwURL = connect_foreign.getURL().substring(0, - connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - szrgwURL = connect_foreign.getURL(); - - } - - } - } - - STORK stork = foreign.getSTORK(); - if (stork != null) { - //TODO: add Stork config - - } - } - } - - } - - if (isMoaidMode()) { - MOASP moaspss = auth.getMOASP(); - if (moaspss != null) { - ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); - if (con != null) - moaspssURL = con.getURL(); - - VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); - if (authblock != null) { - moaspssAuthTrustProfile = authblock.getTrustProfileID(); - moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); - - List list = authblock.getVerifyTransformsInfoProfileID(); - if (list.size() == 1) - moaspssAuthTransformations += list.get(0); - else { - for (String el : list) - moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; - } - } - - VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); - if (idl != null) { - moaspssIdlTrustProfile = idl.getTrustProfileID(); - moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); - } - } - - OnlineMandates mandates = auth.getOnlineMandates(); - if (mandates != null) { - ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); - if (con != null) { - if (MiscUtil.isNotEmpty(con.getURL())) { - if (KeyValueUtils.isCSVValueString(con.getURL())) - mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); - - else { - if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - mandateURL = con.getURL().substring(0, - con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - mandateURL = con.getURL(); - - } - - } - - } - } - } - - Protocols protocols = auth.getProtocols(); - if (protocols != null) { - LegacyAllowed legacy = protocols.getLegacyAllowed(); - - if (legacy != null) { - List list = legacy.getProtocolName(); - if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) - legacy_saml1 = true; - - if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) - legacy_pvp2 = true; - } - - SAML1 saml1 = protocols.getSAML1(); - if (saml1 != null) { - protocolActiveSAML1 = saml1.isIsActive(); - saml1SourceID = saml1.getSourceID(); - - //TODO: could removed in a later version - if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) - saml1SourceID = alternativeSourceID; - - } - - if (isMoaidMode()) { - OAuth oauth = protocols.getOAuth(); - if (oauth != null) { - protocolActiveOAuth = oauth.isIsActive(); - - } - - } - - PVP2 pvp2 = protocols.getPVP2(); - if (pvp2 != null) { - - protocolActivePVP21 = pvp2.isIsActive(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = pvp2.getPublicURLPrefix(); - - pvp2IssuerName = pvp2.getIssuerName(); - - List con = pvp2.getContact(); - - //TODO: change to support more contacts - if (con != null && con.size() > 0) { - pvp2Contact = new ContactForm(con.get(0)); - - } - - Organization org = pvp2.getOrganization(); - if (org != null) { - pvp2OrgDisplayName = org.getDisplayName(); - pvp2OrgName = org.getName(); - pvp2OrgURL = org.getURL(); - } - } - - } - - if (isMoaidMode()) { - SecurityLayer seclayer = auth.getSecurityLayer(); - if (seclayer != null) { - List list = seclayer.getTransformsInfo(); - - for (TransformsInfoType el : list) { - fileUploadFileName.add(el.getFilename()); - } - } - - SSO sso = auth.getSSO(); - if (sso != null) { - ssoFriendlyName = sso.getFriendlyName(); - - // IdentificationNumber idl = sso.getIdentificationNumber(); - // if (idl != null) - // ssoIdentificationNumber = idl.getValue(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = sso.getPublicURL(); - - ssoSpecialText = sso.getSpecialText(); - - if (MiscUtil.isNotEmpty(sso.getTarget()) && - sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { - ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). - replace("+", ""); - - } else - ssoTarget = sso.getTarget(); - - } - } - - ChainingModes modes = config.getChainingModes(); - if (modes != null) { - ChainingModeType defaultmode = modes.getSystemDefaultMode(); - if (defaultmode != null) { - - defaultchainigmode = defaultmode.value(); - - } - - List trustanchor = modes.getTrustAnchor(); - if (trustanchor != null) { - //TODO: set addional trust anchors!!!! - } - } - - DefaultBKUs defaultbkus = config.getDefaultBKUs(); - if (defaultbkus != null) { - defaultBKUHandy = defaultbkus.getHandyBKU(); - defaultBKULocal = defaultbkus.getLocalBKU(); - defaultBKUOnline = defaultbkus.getOnlineBKU(); - } - - SLRequestTemplates slreq = config.getSLRequestTemplates(); - if (slreq != null) { - SLRequestTemplateHandy = slreq.getHandyBKU(); - SLRequestTemplateLocal = slreq.getLocalBKU(); - SLRequestTemplateOnline = slreq.getOnlineBKU(); - } - - } - - trustedCACerts = config.getTrustedCACertificates(); - - - - } - } - - /** - * @return the szrgwURL - */ - public String getSzrgwURL() { - return szrgwURL; - } - - /** - * @param szrgwURL the szrgwURL to set - */ - public void setSzrgwURL(String szrgwURL) { - if (MiscUtil.isNotEmpty(szrgwURL)) - this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL); - else - this.szrgwURL = szrgwURL; - } + private boolean trustmanagerrevocationcheck = true; + + private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); + private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); + private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); + + private String moaspssURL = null; + private String moaspssAuthTrustProfile = null; + private String moaspssAuthTransformations = ""; + private List authTransformList = null; + private String moaspssIdlTrustProfile = null; + + private String moaspssIdlTrustProfileTest = null; + private String moaspssAuthTrustProfileTest = null; + + private String mandateURL = null; + private String szrgwURL = null; + private String elgaMandateServiceURL = null; + private String eidSystemServiceURL = null; + + private boolean protocolActiveSAML1 = false; + private boolean protocolActivePVP21 = true; + private boolean protocolActiveOAuth = true; + + private boolean legacy_saml1 = false; + private boolean legacy_pvp2 = false; + + private String saml1SourceID = null; + + private String pvp2IssuerName = null; + private String pvp2OrgName = null; + private String pvp2OrgDisplayName = null; + private String pvp2OrgURL = null; + private ContactForm pvp2Contact = null; + + private List fileUpload = null; + private List fileUploadContentType; + private List fileUploadFileName = new ArrayList<>(); + private Map secLayerTransformation = null; + + private String ssoTarget = null; + private String ssoFriendlyName = null; + private String ssoSpecialText = null; + private String ssoIdentificationNumber = null; + + private String defaultchainigmode = null; + private static Map chainigmodelist; + + private String trustedCACerts = null; + + private String defaultBKUOnline = ""; + private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; + private String defaultBKUHandy = + "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; + + private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html"; + private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html"; + private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; + + private String publicURLPrefix = null; + private boolean virtualPublicURLPrefixEnabled = false; + + private boolean moaidMode = false; + + public GeneralMOAIDConfig() { + try { + this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + e.printStackTrace(); + + } + + chainigmodelist = new HashMap<>(); + final ChainingModeType[] values = ChainingModeType.values(); + for (final ChainingModeType value : values) { + chainigmodelist.put(value.value(), value.value()); + } + + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + if (config != null) { + final MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration(); + final List authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer() + .getTransformsInfo(); + + if (authBlockTrans != null && !authBlockTrans.isEmpty()) { + if (secLayerTransformation == null) { + secLayerTransformation = new HashMap<>(); + } + for (final TransformsInfoType el : authBlockTrans) { + secLayerTransformation.put(el.getFilename(), el.getTransformation()); + } + + } + } + + } catch (final Exception e) { + + } + + } + + public void parse(MOAIDConfiguration config) { + + if (config != null) { + final AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + // get ELGA mandate service URLs from configuration + if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) { + if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs())) { + eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs()); + } else { + if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0, + config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + eidSystemServiceURL = config.getEidSystemServiceURLs(); + } + + } + } + + // get ELGA mandate service URLs from configuration + if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) { + if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) { + elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs()); + } else { + if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0, + config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + elgaMandateServiceURL = config.getElgaMandateServiceURLs(); + } + + } + } + + if (auth != null) { + + final GeneralConfiguration authgen = auth.getGeneralConfiguration(); + if (authgen != null) { + alternativeSourceID = authgen.getAlternativeSourceID(); + // certStoreDirectory = authgen.getCertStoreDirectory(); + if (authgen.isTrustManagerRevocationChecking() != null) { + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + } + + virtualPublicURLPrefixEnabled = + KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); + + if (virtualPublicURLPrefixEnabled) { + // format CSV values with newlines + publicURLPrefix = KeyValueUtils.normalizeCSVValueString( + authgen.getPublicURLPreFix()); + + } else { + final String tmp = authgen.getPublicURLPreFix(); + if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + publicURLPrefix = tmp.substring(0, + tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + publicURLPrefix = tmp; + } + } + + final TimeOuts timeouts = authgen.getTimeOuts(); + if (timeouts != null) { + + if (timeouts.getAssertion() != null) { + timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue()); + } + if (timeouts.getMOASessionCreated() != null) { + timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue()); + } + if (timeouts.getMOASessionUpdated() != null) { + timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue()); + } + + } + + // deactive STORK + if (isMoaidMode()) { + final ForeignIdentities foreign = auth.getForeignIdentities(); + if (foreign != null) { + final ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); + if (connect_foreign != null) { + if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { + if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) { + szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); + } else { + if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + szrgwURL = connect_foreign.getURL().substring(0, + connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + szrgwURL = connect_foreign.getURL(); + } + + } + + } + } + + final STORK stork = foreign.getSTORK(); + if (stork != null) { + // TODO: add Stork config + + } + } + } + + } + + if (isMoaidMode()) { + final MOASP moaspss = auth.getMOASP(); + if (moaspss != null) { + final ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); + if (con != null) { + moaspssURL = con.getURL(); + } + + final VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); + if (authblock != null) { + moaspssAuthTrustProfile = authblock.getTrustProfileID(); + moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); + + final List list = authblock.getVerifyTransformsInfoProfileID(); + if (list.size() == 1) { + moaspssAuthTransformations += list.get(0); + } else { + for (final String el : list) { + moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; + } + } + } + + final VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); + if (idl != null) { + moaspssIdlTrustProfile = idl.getTrustProfileID(); + moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); + } + } + + final OnlineMandates mandates = auth.getOnlineMandates(); + if (mandates != null) { + final ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); + if (con != null) { + if (MiscUtil.isNotEmpty(con.getURL())) { + if (KeyValueUtils.isCSVValueString(con.getURL())) { + mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + } else { + if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + mandateURL = con.getURL().substring(0, + con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + mandateURL = con.getURL(); + } + + } + + } + + } + } + } + + final Protocols protocols = auth.getProtocols(); + if (protocols != null) { + final LegacyAllowed legacy = protocols.getLegacyAllowed(); + + if (legacy != null) { + final List list = legacy.getProtocolName(); + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { + legacy_saml1 = true; + } + + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { + legacy_pvp2 = true; + } + } + + final SAML1 saml1 = protocols.getSAML1(); + if (saml1 != null) { + protocolActiveSAML1 = saml1.isIsActive(); + saml1SourceID = saml1.getSourceID(); + + // TODO: could removed in a later version + if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) { + saml1SourceID = alternativeSourceID; + } + + } + + if (isMoaidMode()) { + final OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = oauth.isIsActive(); + + } + + } + + final PVP2 pvp2 = protocols.getPVP2(); + if (pvp2 != null) { + + protocolActivePVP21 = pvp2.isIsActive(); + + // INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) { + publicURLPrefix = pvp2.getPublicURLPrefix(); + } + + pvp2IssuerName = pvp2.getIssuerName(); + + final List con = pvp2.getContact(); + + // TODO: change to support more contacts + if (con != null && con.size() > 0) { + pvp2Contact = new ContactForm(con.get(0)); + + } + + final Organization org = pvp2.getOrganization(); + if (org != null) { + pvp2OrgDisplayName = org.getDisplayName(); + pvp2OrgName = org.getName(); + pvp2OrgURL = org.getURL(); + } + } + + } + + if (isMoaidMode()) { + final SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer != null) { + final List list = seclayer.getTransformsInfo(); + + for (final TransformsInfoType el : list) { + fileUploadFileName.add(el.getFilename()); + } + } + + final SSO sso = auth.getSSO(); + if (sso != null) { + ssoFriendlyName = sso.getFriendlyName(); + + // IdentificationNumber idl = sso.getIdentificationNumber(); + // if (idl != null) + // ssoIdentificationNumber = idl.getValue(); + + // INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) { + publicURLPrefix = sso.getPublicURL(); + } + + ssoSpecialText = sso.getSpecialText(); + + if (MiscUtil.isNotEmpty(sso.getTarget()) && + sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { + ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()).replace("+", ""); + + } else { + ssoTarget = sso.getTarget(); + } + + } + } + + final ChainingModes modes = config.getChainingModes(); + if (modes != null) { + final ChainingModeType defaultmode = modes.getSystemDefaultMode(); + if (defaultmode != null) { + + defaultchainigmode = defaultmode.value(); + + } + + final List trustanchor = modes.getTrustAnchor(); + if (trustanchor != null) { + // TODO: set addional trust anchors!!!! + } + } + + final DefaultBKUs defaultbkus = config.getDefaultBKUs(); + if (defaultbkus != null) { + defaultBKUHandy = defaultbkus.getHandyBKU(); + defaultBKULocal = defaultbkus.getLocalBKU(); + defaultBKUOnline = defaultbkus.getOnlineBKU(); + } + + final SLRequestTemplates slreq = config.getSLRequestTemplates(); + if (slreq != null) { + SLRequestTemplateHandy = slreq.getHandyBKU(); + SLRequestTemplateLocal = slreq.getLocalBKU(); + SLRequestTemplateOnline = slreq.getOnlineBKU(); + } + + } + + trustedCACerts = config.getTrustedCACertificates(); + + } + } + + /** + * @return the szrgwURL + */ + public String getSzrgwURL() { + return szrgwURL; + } + + /** + * @param szrgwURL the szrgwURL to set + */ + public void setSzrgwURL(String szrgwURL) { + if (MiscUtil.isNotEmpty(szrgwURL)) { + this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL); + } else { + this.szrgwURL = szrgwURL; + } + } // /** // * @return the certStoreDirectory @@ -506,662 +516,665 @@ public class GeneralMOAIDConfig { // this.certStoreDirectory = certStoreDirectory; // } - /** - * @return the timeoutAssertion - */ - public String getTimeoutAssertion() { - return timeoutAssertion; - } - - /** - * @param timeoutAssertion the timeoutAssertion to set - */ - public void setTimeoutAssertion(String timeoutAssertion) { - this.timeoutAssertion = timeoutAssertion; - } - - /** - * @return the timeoutMOASessionCreated - */ - public String getTimeoutMOASessionCreated() { - return timeoutMOASessionCreated; - } - - /** - * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set - */ - public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) { - this.timeoutMOASessionCreated = timeoutMOASessionCreated; - } - - /** - * @return the timeoutMOASessionUpdated - */ - public String getTimeoutMOASessionUpdated() { - return timeoutMOASessionUpdated; - } - - /** - * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set - */ - public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) { - this.timeoutMOASessionUpdated = timeoutMOASessionUpdated; - } - - /** - * @return the moaspssURL - */ - public String getMoaspssURL() { - return moaspssURL; - } - - /** - * @param moaspssURL the moaspssURL to set - */ - public void setMoaspssURL(String moaspssURL) { - this.moaspssURL = moaspssURL; - } - - /** - * @return the moaspssAuthTrustProfile - */ - public String getMoaspssAuthTrustProfile() { - return moaspssAuthTrustProfile; - } - - /** - * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set - */ - public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) { - this.moaspssAuthTrustProfile = moaspssAuthTrustProfile; - } - - /** - * @return the moaspssAuthTransformations - */ - public String getMoaspssAuthTransformations() { - return moaspssAuthTransformations; - } - - /** - * @param moaspssAuthTransformations the moaspssAuthTransformations to set - */ - public void setMoaspssAuthTransformations(String moaspssAuthTransformations) { - this.moaspssAuthTransformations = moaspssAuthTransformations; - } - - /** - * @return the moaspssIdlTrustProfile - */ - public String getMoaspssIdlTrustProfile() { - return moaspssIdlTrustProfile; - } - - /** - * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set - */ - public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) { - this.moaspssIdlTrustProfile = moaspssIdlTrustProfile; - } - - /** - * @return the mandateURL - */ - public String getMandateURL() { - return mandateURL; - } - - /** - * @param mandateURL the mandateURL to set - */ - public void setMandateURL(String mandateURL) { - if (MiscUtil.isNotEmpty(mandateURL)) - this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL); - else - this.mandateURL = mandateURL; - } - - /** - * @return the legacy_saml1 - */ - public boolean isLegacy_saml1() { - return legacy_saml1; - } - - /** - * @param legacy_saml1 the legacy_saml1 to set - */ - public void setLegacy_saml1(boolean legacy_saml1) { - this.legacy_saml1 = legacy_saml1; - } - - /** - * @return the legacy_pvp2 - */ - public boolean isLegacy_pvp2() { - return legacy_pvp2; - } - - /** - * @param legacy_pvp2 the legacy_pvp2 to set - */ - public void setLegacy_pvp2(boolean legacy_pvp2) { - this.legacy_pvp2 = legacy_pvp2; - } - - /** - * @return the pvp2IssuerName - */ - public String getPvp2IssuerName() { - return pvp2IssuerName; - } - - /** - * @param pvp2IssuerName the pvp2IssuerName to set - */ - public void setPvp2IssuerName(String pvp2IssuerName) { - this.pvp2IssuerName = pvp2IssuerName; - } - - /** - * @return the pvp2OrgName - */ - public String getPvp2OrgName() { - return pvp2OrgName; - } - - /** - * @param pvp2OrgName the pvp2OrgName to set - */ - public void setPvp2OrgName(String pvp2OrgName) { - this.pvp2OrgName = pvp2OrgName; - } - - /** - * @return the pvp2OrgDisplayName - */ - public String getPvp2OrgDisplayName() { - return pvp2OrgDisplayName; - } - - /** - * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set - */ - public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) { - this.pvp2OrgDisplayName = pvp2OrgDisplayName; - } - - /** - * @return the pvp2OrgURL - */ - public String getPvp2OrgURL() { - return pvp2OrgURL; - } - - /** - * @param pvp2OrgURL the pvp2OrgURL to set - */ - public void setPvp2OrgURL(String pvp2OrgURL) { - this.pvp2OrgURL = pvp2OrgURL; - } - - /** - * @return the pvp2Contact - */ - public ContactForm getPvp2Contact() { - return pvp2Contact; - } - - /** - * @param pvp2Contact the pvp2Contact to set - */ - public void setPvp2Contact(ContactForm pvp2Contact) { - this.pvp2Contact = pvp2Contact; - } - - /** - * @return the fileUpload - */ - public List getFileUpload() { - return fileUpload; - } - - /** - * @param fileUpload the fileUpload to set - */ - public void setFileUpload(List fileUpload) { - this.fileUpload = fileUpload; - } - - /** - * @return the fileUploadContentType - */ - public List getFileUploadContentType() { - return fileUploadContentType; - } - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(List fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - /** - * @return the fileUploadFileName - */ - public List getFileUploadFileName() { - return fileUploadFileName; - } - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(List fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - /** - * @return the ssoTarget - */ - public String getSsoTarget() { - return ssoTarget; - } - - /** - * @param ssoTarget the ssoTarget to set - */ - public void setSsoTarget(String ssoTarget) { - this.ssoTarget = ssoTarget; - } - - /** - * @return the ssoFriendlyName - */ - public String getSsoFriendlyName() { - return ssoFriendlyName; - } - - /** - * @param ssoFriendlyName the ssoFriendlyName to set - */ - public void setSsoFriendlyName(String ssoFriendlyName) { - this.ssoFriendlyName = ssoFriendlyName; - } - - /** - * @return the ssoSpecialText - */ - public String getSsoSpecialText() { - return ssoSpecialText; - } - - /** - * @param ssoSpecialText the ssoSpecialText to set - */ - public void setSsoSpecialText(String ssoSpecialText) { - this.ssoSpecialText = ssoSpecialText; - } - - /** - * @return the ssoIdentificationNumber - */ - public String getSsoIdentificationNumber() { - return ssoIdentificationNumber; - } - - /** - * @param ssoIdentificationNumber the ssoIdentificationNumber to set - */ - public void setSsoIdentificationNumber(String ssoIdentificationNumber) { - this.ssoIdentificationNumber = ssoIdentificationNumber; - } - - /** - * @return the defaultchainigmode - */ - public String getDefaultchainigmode() { - return defaultchainigmode; - } - - /** - * @param defaultchainigmode the defaultchainigmode to set - */ - public void setDefaultchainigmode(String defaultchainigmode) { - this.defaultchainigmode = defaultchainigmode; - } - - /** - * @return the defaultBKUOnline - */ - public String getDefaultBKUOnline() { - return defaultBKUOnline; - } - - /** - * @param defaultBKUOnline the defaultBKUOnline to set - */ - public void setDefaultBKUOnline(String defaultBKUOnline) { - this.defaultBKUOnline = defaultBKUOnline; - } - - /** - * @return the defaultBKULocal - */ - public String getDefaultBKULocal() { - return defaultBKULocal; - } - - /** - * @param defaultBKULocal the defaultBKULocal to set - */ - public void setDefaultBKULocal(String defaultBKULocal) { - this.defaultBKULocal = defaultBKULocal; - } - - /** - * @return the defaultBKUHandy - */ - public String getDefaultBKUHandy() { - return defaultBKUHandy; - } - - /** - * @param defaultBKUHandy the defaultBKUHandy to set - */ - public void setDefaultBKUHandy(String defaultBKUHandy) { - this.defaultBKUHandy = defaultBKUHandy; - } - - /** - * @return the sLRequestTemplateOnline - */ - public String getSLRequestTemplateOnline() { - return SLRequestTemplateOnline; - } - - /** - * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set - */ - public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) { - SLRequestTemplateOnline = sLRequestTemplateOnline; - } - - /** - * @return the sLRequestTemplateLocal - */ - public String getSLRequestTemplateLocal() { - return SLRequestTemplateLocal; - } - - /** - * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set - */ - public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) { - SLRequestTemplateLocal = sLRequestTemplateLocal; - } - - /** - * @return the sLRequestTemplateHandy - */ - public String getSLRequestTemplateHandy() { - return SLRequestTemplateHandy; - } - - /** - * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set - */ - public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) { - SLRequestTemplateHandy = sLRequestTemplateHandy; - } - - /** - * @return the trustmanagerrevocationcheck - */ - public boolean isTrustmanagerrevocationcheck() { - return trustmanagerrevocationcheck; - } - - /** - * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set - */ - public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) { - this.trustmanagerrevocationcheck = trustmanagerrevocationcheck; - } - - /** - * @return the trustedCACerts - */ - public String getTrustedCACerts() { - return trustedCACerts; - } - - /** - * @param trustedCACerts the trustedCACerts to set - */ - public void setTrustedCACerts(String trustedCACerts) { - this.trustedCACerts = trustedCACerts; - } - - /** - * @return the chainigmodelist - */ - public Map getChainigmodelist() { - return chainigmodelist; - } - - /** - * @param chainigmodelist the chainigmodelist to set - */ - public void setChainigmodelist(Map chainigmodelist) { - GeneralMOAIDConfig.chainigmodelist = chainigmodelist; - } - - /** - * @return the secLayerTransformation - */ - public Map getSecLayerTransformation() { - - return secLayerTransformation; - } - - /** - * @param secLayerTransformation the secLayerTransformation to set - */ - public void setSecLayerTransformation(Map secLayerTransformation) { - this.secLayerTransformation = secLayerTransformation; - } - - /** - * @return the authTransformList - */ - public List getAuthTransformList() { - return authTransformList; - } - - /** - * @param authTransformList the authTransformList to set - */ - public void setAuthTransformList(List authTransformList) { - this.authTransformList = authTransformList; - } - - - - - public void setFileUpload(File fileUpload) { - if (this.fileUpload == null) - this.fileUpload = new ArrayList(); - this.fileUpload.add(fileUpload); - } - - public void setFileUploadContentType(String fileUploadContentType) { - if (this.fileUploadContentType == null) - this.fileUploadContentType = new ArrayList(); - this.fileUploadContentType.add(fileUploadContentType); - } - - public void setFileUploadFileName(String fileUploadFileName) { - if (this.fileUploadFileName == null) - this.fileUploadFileName = new ArrayList(); - this.fileUploadFileName.add(fileUploadFileName); - } - - /** - * @return the protocolActiveSAML1 - */ - public boolean isProtocolActiveSAML1() { - return protocolActiveSAML1; - } - - /** - * @param protocolActiveSAML1 the protocolActiveSAML1 to set - */ - public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { - this.protocolActiveSAML1 = protocolActiveSAML1; - } - - /** - * @return the protocolActivePVP21 - */ - public boolean isProtocolActivePVP21() { - return protocolActivePVP21; - } - - /** - * @param protocolActivePVP21 the protocolActivePVP21 to set - */ - public void setProtocolActivePVP21(boolean protocolActivePVP21) { - this.protocolActivePVP21 = protocolActivePVP21; - } - - /** - * @return the protocolActiveOAuth - */ - public boolean isProtocolActiveOAuth() { - return protocolActiveOAuth; - } - - /** - * @param protocolActiveOAuth the protocolActiveOAuth to set - */ - public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { - this.protocolActiveOAuth = protocolActiveOAuth; - } - - /** - * @return the saml1SourceID - */ - public String getSaml1SourceID() { - return saml1SourceID; - } - - /** - * @param saml1SourceID the saml1SourceID to set - */ - public void setSaml1SourceID(String saml1SourceID) { - this.saml1SourceID = saml1SourceID; - } - - /** - * @return the publicURLPrefix - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - /** - * @param publicURLPrefix the publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - if (MiscUtil.isNotEmpty(publicURLPrefix)) - this.publicURLPrefix = - KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); - else - this.publicURLPrefix = publicURLPrefix; - - } - - /** - * @return the moaspssIdlTrustProfileTest - */ - public String getMoaspssIdlTrustProfileTest() { - return moaspssIdlTrustProfileTest; - } - - /** - * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set - */ - public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) { - this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest; - } - - /** - * @return the moaspssAuthTrustProfileTest - */ - public String getMoaspssAuthTrustProfileTest() { - return moaspssAuthTrustProfileTest; - } - - /** - * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set - */ - public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { - this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; - } - - /** - * @return the virtualPublicURLPrefixEnabled - */ - public boolean isVirtualPublicURLPrefixEnabled() { - return virtualPublicURLPrefixEnabled; - } - - /** - * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set - */ - public void setVirtualPublicURLPrefixEnabled( - boolean virtualPublicURLPrefixEnabled) { - this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; - } - - /** - * @return the elgaMandateServiceURL - */ - public String getElgaMandateServiceURL() { - return elgaMandateServiceURL; - } - - /** - * @param elgaMandateServiceURL the elgaMandateServiceURL to set - */ - public void setElgaMandateServiceURL(String elgaMandateServiceURL) { - if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) - this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL); - else - this.elgaMandateServiceURL = elgaMandateServiceURL; - } - - /** - * @return the eidSystemServiceURL - */ - public String getEidSystemServiceURL() { - return eidSystemServiceURL; - } - - public boolean isMoaidMode() { - return moaidMode; - } - - /** - * @param eidSystemServiceURL the E-ID Service URL to set - */ - public void setEidSystemServiceURL(String eidSystemServiceURL) { - if (MiscUtil.isNotEmpty(eidSystemServiceURL)) - this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); - else - this.eidSystemServiceURL = eidSystemServiceURL; - } - - + /** + * @return the timeoutAssertion + */ + public String getTimeoutAssertion() { + return timeoutAssertion; + } + + /** + * @param timeoutAssertion the timeoutAssertion to set + */ + public void setTimeoutAssertion(String timeoutAssertion) { + this.timeoutAssertion = timeoutAssertion; + } + + /** + * @return the timeoutMOASessionCreated + */ + public String getTimeoutMOASessionCreated() { + return timeoutMOASessionCreated; + } + + /** + * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set + */ + public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) { + this.timeoutMOASessionCreated = timeoutMOASessionCreated; + } + + /** + * @return the timeoutMOASessionUpdated + */ + public String getTimeoutMOASessionUpdated() { + return timeoutMOASessionUpdated; + } + + /** + * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set + */ + public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) { + this.timeoutMOASessionUpdated = timeoutMOASessionUpdated; + } + + /** + * @return the moaspssURL + */ + public String getMoaspssURL() { + return moaspssURL; + } + + /** + * @param moaspssURL the moaspssURL to set + */ + public void setMoaspssURL(String moaspssURL) { + this.moaspssURL = moaspssURL; + } + + /** + * @return the moaspssAuthTrustProfile + */ + public String getMoaspssAuthTrustProfile() { + return moaspssAuthTrustProfile; + } + + /** + * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set + */ + public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) { + this.moaspssAuthTrustProfile = moaspssAuthTrustProfile; + } + + /** + * @return the moaspssAuthTransformations + */ + public String getMoaspssAuthTransformations() { + return moaspssAuthTransformations; + } + + /** + * @param moaspssAuthTransformations the moaspssAuthTransformations to set + */ + public void setMoaspssAuthTransformations(String moaspssAuthTransformations) { + this.moaspssAuthTransformations = moaspssAuthTransformations; + } + + /** + * @return the moaspssIdlTrustProfile + */ + public String getMoaspssIdlTrustProfile() { + return moaspssIdlTrustProfile; + } + + /** + * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set + */ + public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) { + this.moaspssIdlTrustProfile = moaspssIdlTrustProfile; + } + + /** + * @return the mandateURL + */ + public String getMandateURL() { + return mandateURL; + } + + /** + * @param mandateURL the mandateURL to set + */ + public void setMandateURL(String mandateURL) { + if (MiscUtil.isNotEmpty(mandateURL)) { + this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL); + } else { + this.mandateURL = mandateURL; + } + } + + /** + * @return the legacy_saml1 + */ + public boolean isLegacy_saml1() { + return legacy_saml1; + } + + /** + * @param legacy_saml1 the legacy_saml1 to set + */ + public void setLegacy_saml1(boolean legacy_saml1) { + this.legacy_saml1 = legacy_saml1; + } + + /** + * @return the legacy_pvp2 + */ + public boolean isLegacy_pvp2() { + return legacy_pvp2; + } + + /** + * @param legacy_pvp2 the legacy_pvp2 to set + */ + public void setLegacy_pvp2(boolean legacy_pvp2) { + this.legacy_pvp2 = legacy_pvp2; + } + + /** + * @return the pvp2IssuerName + */ + public String getPvp2IssuerName() { + return pvp2IssuerName; + } + + /** + * @param pvp2IssuerName the pvp2IssuerName to set + */ + public void setPvp2IssuerName(String pvp2IssuerName) { + this.pvp2IssuerName = pvp2IssuerName; + } + + /** + * @return the pvp2OrgName + */ + public String getPvp2OrgName() { + return pvp2OrgName; + } + + /** + * @param pvp2OrgName the pvp2OrgName to set + */ + public void setPvp2OrgName(String pvp2OrgName) { + this.pvp2OrgName = pvp2OrgName; + } + + /** + * @return the pvp2OrgDisplayName + */ + public String getPvp2OrgDisplayName() { + return pvp2OrgDisplayName; + } + + /** + * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set + */ + public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) { + this.pvp2OrgDisplayName = pvp2OrgDisplayName; + } + + /** + * @return the pvp2OrgURL + */ + public String getPvp2OrgURL() { + return pvp2OrgURL; + } + + /** + * @param pvp2OrgURL the pvp2OrgURL to set + */ + public void setPvp2OrgURL(String pvp2OrgURL) { + this.pvp2OrgURL = pvp2OrgURL; + } + + /** + * @return the pvp2Contact + */ + public ContactForm getPvp2Contact() { + return pvp2Contact; + } + + /** + * @param pvp2Contact the pvp2Contact to set + */ + public void setPvp2Contact(ContactForm pvp2Contact) { + this.pvp2Contact = pvp2Contact; + } + + /** + * @return the fileUpload + */ + public List getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(List fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public List getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(List fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public List getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(List fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the ssoTarget + */ + public String getSsoTarget() { + return ssoTarget; + } + + /** + * @param ssoTarget the ssoTarget to set + */ + public void setSsoTarget(String ssoTarget) { + this.ssoTarget = ssoTarget; + } + + /** + * @return the ssoFriendlyName + */ + public String getSsoFriendlyName() { + return ssoFriendlyName; + } + + /** + * @param ssoFriendlyName the ssoFriendlyName to set + */ + public void setSsoFriendlyName(String ssoFriendlyName) { + this.ssoFriendlyName = ssoFriendlyName; + } + + /** + * @return the ssoSpecialText + */ + public String getSsoSpecialText() { + return ssoSpecialText; + } + + /** + * @param ssoSpecialText the ssoSpecialText to set + */ + public void setSsoSpecialText(String ssoSpecialText) { + this.ssoSpecialText = ssoSpecialText; + } + + /** + * @return the ssoIdentificationNumber + */ + public String getSsoIdentificationNumber() { + return ssoIdentificationNumber; + } + + /** + * @param ssoIdentificationNumber the ssoIdentificationNumber to set + */ + public void setSsoIdentificationNumber(String ssoIdentificationNumber) { + this.ssoIdentificationNumber = ssoIdentificationNumber; + } + + /** + * @return the defaultchainigmode + */ + public String getDefaultchainigmode() { + return defaultchainigmode; + } + + /** + * @param defaultchainigmode the defaultchainigmode to set + */ + public void setDefaultchainigmode(String defaultchainigmode) { + this.defaultchainigmode = defaultchainigmode; + } + + /** + * @return the defaultBKUOnline + */ + public String getDefaultBKUOnline() { + return defaultBKUOnline; + } + + /** + * @param defaultBKUOnline the defaultBKUOnline to set + */ + public void setDefaultBKUOnline(String defaultBKUOnline) { + this.defaultBKUOnline = defaultBKUOnline; + } + + /** + * @return the defaultBKULocal + */ + public String getDefaultBKULocal() { + return defaultBKULocal; + } + + /** + * @param defaultBKULocal the defaultBKULocal to set + */ + public void setDefaultBKULocal(String defaultBKULocal) { + this.defaultBKULocal = defaultBKULocal; + } + + /** + * @return the defaultBKUHandy + */ + public String getDefaultBKUHandy() { + return defaultBKUHandy; + } + + /** + * @param defaultBKUHandy the defaultBKUHandy to set + */ + public void setDefaultBKUHandy(String defaultBKUHandy) { + this.defaultBKUHandy = defaultBKUHandy; + } + + /** + * @return the sLRequestTemplateOnline + */ + public String getSLRequestTemplateOnline() { + return SLRequestTemplateOnline; + } + + /** + * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set + */ + public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) { + SLRequestTemplateOnline = sLRequestTemplateOnline; + } + + /** + * @return the sLRequestTemplateLocal + */ + public String getSLRequestTemplateLocal() { + return SLRequestTemplateLocal; + } + + /** + * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set + */ + public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) { + SLRequestTemplateLocal = sLRequestTemplateLocal; + } + + /** + * @return the sLRequestTemplateHandy + */ + public String getSLRequestTemplateHandy() { + return SLRequestTemplateHandy; + } + + /** + * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set + */ + public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) { + SLRequestTemplateHandy = sLRequestTemplateHandy; + } + + /** + * @return the trustmanagerrevocationcheck + */ + public boolean isTrustmanagerrevocationcheck() { + return trustmanagerrevocationcheck; + } + + /** + * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set + */ + public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) { + this.trustmanagerrevocationcheck = trustmanagerrevocationcheck; + } + + /** + * @return the trustedCACerts + */ + public String getTrustedCACerts() { + return trustedCACerts; + } + + /** + * @param trustedCACerts the trustedCACerts to set + */ + public void setTrustedCACerts(String trustedCACerts) { + this.trustedCACerts = trustedCACerts; + } + + /** + * @return the chainigmodelist + */ + public Map getChainigmodelist() { + return chainigmodelist; + } + + /** + * @param chainigmodelist the chainigmodelist to set + */ + public void setChainigmodelist(Map chainigmodelist) { + GeneralMOAIDConfig.chainigmodelist = chainigmodelist; + } + + /** + * @return the secLayerTransformation + */ + public Map getSecLayerTransformation() { + + return secLayerTransformation; + } + + /** + * @param secLayerTransformation the secLayerTransformation to set + */ + public void setSecLayerTransformation(Map secLayerTransformation) { + this.secLayerTransformation = secLayerTransformation; + } + + /** + * @return the authTransformList + */ + public List getAuthTransformList() { + return authTransformList; + } + + /** + * @param authTransformList the authTransformList to set + */ + public void setAuthTransformList(List authTransformList) { + this.authTransformList = authTransformList; + } + + public void setFileUpload(File fileUpload) { + if (this.fileUpload == null) { + this.fileUpload = new ArrayList<>(); + } + this.fileUpload.add(fileUpload); + } + + public void setFileUploadContentType(String fileUploadContentType) { + if (this.fileUploadContentType == null) { + this.fileUploadContentType = new ArrayList<>(); + } + this.fileUploadContentType.add(fileUploadContentType); + } + + public void setFileUploadFileName(String fileUploadFileName) { + if (this.fileUploadFileName == null) { + this.fileUploadFileName = new ArrayList<>(); + } + this.fileUploadFileName.add(fileUploadFileName); + } + + /** + * @return the protocolActiveSAML1 + */ + public boolean isProtocolActiveSAML1() { + return protocolActiveSAML1; + } + + /** + * @param protocolActiveSAML1 the protocolActiveSAML1 to set + */ + public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { + this.protocolActiveSAML1 = protocolActiveSAML1; + } + + /** + * @return the protocolActivePVP21 + */ + public boolean isProtocolActivePVP21() { + return protocolActivePVP21; + } + + /** + * @param protocolActivePVP21 the protocolActivePVP21 to set + */ + public void setProtocolActivePVP21(boolean protocolActivePVP21) { + this.protocolActivePVP21 = protocolActivePVP21; + } + + /** + * @return the protocolActiveOAuth + */ + public boolean isProtocolActiveOAuth() { + return protocolActiveOAuth; + } + + /** + * @param protocolActiveOAuth the protocolActiveOAuth to set + */ + public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { + this.protocolActiveOAuth = protocolActiveOAuth; + } + + /** + * @return the saml1SourceID + */ + public String getSaml1SourceID() { + return saml1SourceID; + } + + /** + * @param saml1SourceID the saml1SourceID to set + */ + public void setSaml1SourceID(String saml1SourceID) { + this.saml1SourceID = saml1SourceID; + } + + /** + * @return the publicURLPrefix + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * @param publicURLPrefix the publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + if (MiscUtil.isNotEmpty(publicURLPrefix)) { + this.publicURLPrefix = + KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); + } else { + this.publicURLPrefix = publicURLPrefix; + } + + } + + /** + * @return the moaspssIdlTrustProfileTest + */ + public String getMoaspssIdlTrustProfileTest() { + return moaspssIdlTrustProfileTest; + } + + /** + * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set + */ + public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) { + this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest; + } + + /** + * @return the moaspssAuthTrustProfileTest + */ + public String getMoaspssAuthTrustProfileTest() { + return moaspssAuthTrustProfileTest; + } + + /** + * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set + */ + public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { + this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; + } + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + /** + * @return the elgaMandateServiceURL + */ + public String getElgaMandateServiceURL() { + return elgaMandateServiceURL; + } + + /** + * @param elgaMandateServiceURL the elgaMandateServiceURL to set + */ + public void setElgaMandateServiceURL(String elgaMandateServiceURL) { + if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) { + this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL); + } else { + this.elgaMandateServiceURL = elgaMandateServiceURL; + } + } + + /** + * @return the eidSystemServiceURL + */ + public String getEidSystemServiceURL() { + return eidSystemServiceURL; + } + + public boolean isMoaidMode() { + return moaidMode; + } + + /** + * @param eidSystemServiceURL the E-ID Service URL to set + */ + public void setEidSystemServiceURL(String eidSystemServiceURL) { + if (MiscUtil.isNotEmpty(eidSystemServiceURL)) { + this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); + } else { + this.eidSystemServiceURL = eidSystemServiceURL; + } + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index b5c996c72..c833372c9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; @@ -36,141 +34,147 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class GeneralStorkConfig { - private List cpepslist; - private List attributes; - private String qaa; - private static final Logger log = Logger.getLogger(GeneralStorkConfig.class); - - private MOAIDConfiguration dbconfig = null; - - /** - * - */ - public GeneralStorkConfig() { - try { - dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - - } - - public void parse(MOAIDConfiguration config) { - log.info("Initializing general Stork config"); - - cpepslist = new ArrayList(); - attributes = new ArrayList(); - - if (config != null) { - AuthComponentGeneral auth = config.getAuthComponentGeneral(); - - if (auth != null) { - ForeignIdentities foreign = auth.getForeignIdentities(); - - if (foreign != null) { - STORK stork = foreign.getSTORK(); - - if (stork != null) { - // deep clone all the things - // to foreclose lazyloading session timeouts - if (stork.getCPEPS() != null) { - for(CPEPS current : stork.getCPEPS()) { - cpepslist.add(current); - } - } - - List tmp = stork.getAttributes(); - if(null != tmp) { - - for(StorkAttribute current : tmp) - attributes.add(current); - } - - try { - qaa = stork.getGeneral_eIDAS_LOA(); - - } catch(NullPointerException e) { - qaa = MOAIDConstants.eIDAS_LOA_HIGH; - } - } - - } - } - } - - if (cpepslist.isEmpty()) { - CPEPS defaultCPEPS = new CPEPS(); - defaultCPEPS.setCountryCode("CC"); - defaultCPEPS.setURL("http://"); - defaultCPEPS.setSupportsXMLSignature(true); - cpepslist.add(defaultCPEPS ); - - } - if(attributes.isEmpty()) - attributes.add(new StorkAttribute()); - } - - public List getAllowedLoALevels() { - return MOAIDConstants.ALLOWED_eIDAS_LOA; - } - - public List getRawCPEPSList() { - return cpepslist; + private List cpepslist; + private List attributes; + private String qaa; + + private MOAIDConfiguration dbconfig = null; + + /** + * + */ + public GeneralStorkConfig() { + try { + dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + + } + + public void parse(MOAIDConfiguration config) { + log.info("Initializing general Stork config"); + + cpepslist = new ArrayList<>(); + attributes = new ArrayList<>(); + + if (config != null) { + final AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + if (auth != null) { + final ForeignIdentities foreign = auth.getForeignIdentities(); + + if (foreign != null) { + final STORK stork = foreign.getSTORK(); + + if (stork != null) { + // deep clone all the things + // to foreclose lazyloading session timeouts + if (stork.getCPEPS() != null) { + for (final CPEPS current : stork.getCPEPS()) { + cpepslist.add(current); + } + } + + final List tmp = stork.getAttributes(); + if (null != tmp) { + + for (final StorkAttribute current : tmp) { + attributes.add(current); + } + } + + try { + qaa = stork.getGeneral_eIDAS_LOA(); + + } catch (final NullPointerException e) { + qaa = MOAIDConstants.eIDAS_LOA_HIGH; + } + } + + } + } } - - public List getCpepslist() { - if (null == cpepslist) - return null; - - //MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - try { - List cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); - - if (cpepss != null) { - // make CountryCode "readonly" - for (CPEPS newone : cpepslist) { - for (CPEPS current : cpepss) { - if (null != newone) - if (current.getHjid().equals(newone.getHjid())) { - newone.setCountryCode(current.getCountryCode()); - break; - } - } - } - } - - return cpepslist; - - } catch (NullPointerException e) { - return null; - - } - - } - - public void setCpepslist(List list) { - cpepslist = list; - } - - public List getAttributes() { - return attributes; - } - - public void setAttributes(List attributes) { - this.attributes = attributes; - } - - public String getDefaultQaa() { - return qaa; - } - - public void setDefaultQaa(String qaa) { - this.qaa = qaa; - } + + if (cpepslist.isEmpty()) { + final CPEPS defaultCPEPS = new CPEPS(); + defaultCPEPS.setCountryCode("CC"); + defaultCPEPS.setURL("http://"); + defaultCPEPS.setSupportsXMLSignature(true); + cpepslist.add(defaultCPEPS); + + } + if (attributes.isEmpty()) { + attributes.add(new StorkAttribute()); + } + } + + public List getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + + public List getRawCPEPSList() { + return cpepslist; + } + + public List getCpepslist() { + if (null == cpepslist) { + return null; + } + + // MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + try { + final List cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS(); + + if (cpepss != null) { + // make CountryCode "readonly" + for (final CPEPS newone : cpepslist) { + for (final CPEPS current : cpepss) { + if (null != newone) { + if (current.getHjid().equals(newone.getHjid())) { + newone.setCountryCode(current.getCountryCode()); + break; + } + } + } + } + } + + return cpepslist; + + } catch (final NullPointerException e) { + return null; + + } + + } + + public void setCpepslist(List list) { + cpepslist = list; + } + + public List getAttributes() { + return attributes; + } + + public void setAttributes(List attributes) { + this.attributes = attributes; + } + + public String getDefaultQaa() { + return qaa; + } + + public void setDefaultQaa(String qaa) { + this.qaa = qaa; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java index 28eba9f34..c7de7e369 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java @@ -23,92 +23,103 @@ package at.gv.egovernment.moa.id.configuration.data; public class OAListElement { - - public enum ServiceType {OA, VIDP, IDP, GWAY} - - private long dataBaseID; - private String oaIdentifier; - private String oaFriendlyName; - private String oaType; - private boolean isActive; - private ServiceType serviceType; - - /** - * - */ - public OAListElement(ServiceType type) { - this.serviceType = type; - } - - - /** - * @return the dataBaseID - */ - public long getDataBaseID() { - return dataBaseID; - } - /** - * @param dataBaseID the dataBaseID to set - */ - public void setDataBaseID(long dataBaseID) { - this.dataBaseID = dataBaseID; - } - /** - * @return the oaIdentifier - */ - public String getOaIdentifier() { - return oaIdentifier; - } - /** - * @param oaIdentifier the oaIdentifier to set - */ - public void setOaIdentifier(String oaIdentifier) { - this.oaIdentifier = oaIdentifier; - } - /** - * @return the oaFriendlyName - */ - public String getOaFriendlyName() { - return oaFriendlyName; - } - /** - * @param oaFriendlyName the oaFriendlyName to set - */ - public void setOaFriendlyName(String oaFriendlyName) { - this.oaFriendlyName = oaFriendlyName; - } - /** - * @return the oaType - */ - public String getOaType() { - return oaType; - } - /** - * @param oaType the oaType to set - */ - public void setOaType(String oaType) { - this.oaType = oaType; - } - /** - * @return the isActive - */ - public boolean isActive() { - return isActive; - } - /** - * @param isActive the isActive to set - */ - public void setActive(boolean isActive) { - this.isActive = isActive; - } - - public String getIsActive(){ - return String.valueOf(isActive); - } - /** - * @return the serviceType - */ - public String getServiceType() { - return serviceType.name(); - } + + public enum ServiceType { + OA, VIDP, IDP, GWAY + } + + private long dataBaseID; + private String oaIdentifier; + private String oaFriendlyName; + private String oaType; + private boolean isActive; + private final ServiceType serviceType; + + /** + * + */ + public OAListElement(ServiceType type) { + this.serviceType = type; + } + + /** + * @return the dataBaseID + */ + public long getDataBaseID() { + return dataBaseID; + } + + /** + * @param dataBaseID the dataBaseID to set + */ + public void setDataBaseID(long dataBaseID) { + this.dataBaseID = dataBaseID; + } + + /** + * @return the oaIdentifier + */ + public String getOaIdentifier() { + return oaIdentifier; + } + + /** + * @param oaIdentifier the oaIdentifier to set + */ + public void setOaIdentifier(String oaIdentifier) { + this.oaIdentifier = oaIdentifier; + } + + /** + * @return the oaFriendlyName + */ + public String getOaFriendlyName() { + return oaFriendlyName; + } + + /** + * @param oaFriendlyName the oaFriendlyName to set + */ + public void setOaFriendlyName(String oaFriendlyName) { + this.oaFriendlyName = oaFriendlyName; + } + + /** + * @return the oaType + */ + public String getOaType() { + return oaType; + } + + /** + * @param oaType the oaType to set + */ + public void setOaType(String oaType) { + this.oaType = oaType; + } + + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + public String getIsActive() { + return String.valueOf(isActive); + } + + /** + * @return the serviceType + */ + public String getServiceType() { + return serviceType.name(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java index a1bcf4aa4..af4548779 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java @@ -24,27 +24,25 @@ package at.gv.egovernment.moa.id.configuration.data; public class StorkAttributes { + public AttributValues eIdentifier; - public AttributValues eIdentifier; - - - public void parse() { - eIdentifier = AttributValues.MANDATORY; - } - - - public enum AttributValues { - MANDATORY, OPTIONAL, NOT; - - public String getValue() { - if (this == MANDATORY) - return MANDATORY.name(); - if (this == OPTIONAL) - return OPTIONAL.name(); - else - return NOT.name(); - } - } - -} + public void parse() { + eIdentifier = AttributValues.MANDATORY; + } + + public enum AttributValues { + MANDATORY, OPTIONAL, NOT; + public String getValue() { + if (this == MANDATORY) { + return MANDATORY.name(); + } + if (this == OPTIONAL) { + return OPTIONAL.name(); + } else { + return NOT.name(); + } + } + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java index 8f4746d69..8f94fa642 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java @@ -26,328 +26,310 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.util.MiscUtil; public class UserDatabaseFrom { - - private String bpk; - private String familyName; - private String givenName; - private String institut; - private String mail; - private String phone; - private String username; - private String password; - private String password_second; - private boolean active = false; - private boolean admin = false; - private boolean passwordActive; - private boolean isusernamepasswordallowed = false; - private boolean isadminrequest = true; - private boolean ismandateuser = false; - private boolean isPVPGenerated; - private String userID = null; - - public UserDatabaseFrom() { - - } - - public UserDatabaseFrom(UserDatabase db) { - bpk = db.getBpk(); - familyName = db.getFamilyname(); - givenName = db.getGivenname(); - institut = db.getInstitut(); - mail = db.getMail(); - phone = db.getPhone(); - username = db.getUsername(); - - if (MiscUtil.isNotEmpty(db.getPassword())) - passwordActive = true; - else - passwordActive = false; - - active = db.isIsActive(); - admin = db.isIsAdmin(); - - if (db.isIsUsernamePasswordAllowed() != null) - isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); - else - isusernamepasswordallowed = true; - - if (db.isIsAdminRequest() != null) - isadminrequest = db.isIsAdminRequest(); - else - isadminrequest = false; - - if (db.isIsMandateUser() != null) - ismandateuser = db.isIsMandateUser(); - else - ismandateuser = false; - - if (db.isIsPVP2Generated() != null) - isPVPGenerated = db.isIsPVP2Generated(); - else - isPVPGenerated = false; - - userID = String.valueOf(db.getHjid()); - } - - - /** - * @return the bpk - */ - public String getBpk() { - return bpk; - } - - - /** - * @param bpk the bpk to set - */ - public void setBpk(String bpk) { - this.bpk = bpk; - } - - - /** - * @return the familyName - */ - public String getFamilyName() { - return familyName; - } - - - /** - * @param familyName the familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - - /** - * @return the givenName - */ - public String getGivenName() { - return givenName; - } - - - /** - * @param givenName the givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - - /** - * @return the institut - */ - public String getInstitut() { - return institut; - } - - - /** - * @param institut the institut to set - */ - public void setInstitut(String institut) { - this.institut = institut; - } - - - /** - * @return the mail - */ - public String getMail() { - return mail; - } - - - /** - * @param mail the mail to set - */ - public void setMail(String mail) { - this.mail = mail; - } - - - /** - * @return the phone - */ - public String getPhone() { - return phone; - } - - - /** - * @param phone the phone to set - */ - public void setPhone(String phone) { - this.phone = phone; - } - - - /** - * @return the username - */ - public String getUsername() { - return username; - } - - - /** - * @param username the username to set - */ - public void setUsername(String username) { - this.username = username; - } - - - /** - * @return the password - */ - public String getPassword() { - return password; - } - - - /** - * @param password the password to set - */ - public void setPassword(String password) { - this.password = password; - } - - - /** - * @return the active - */ - public boolean isActive() { - return active; - } - - - /** - * @param active the active to set - */ - public void setActive(boolean active) { - this.active = active; - } - - - /** - * @return the admin - */ - public boolean isAdmin() { - return admin; - } - - - /** - * @param admin the admin to set - */ - public void setAdmin(boolean admin) { - this.admin = admin; - } - - - /** - * @return the passwordActive - */ - public boolean isPasswordActive() { - return passwordActive; - } - - - /** - * @param passwordActive the passwordActive to set - */ - public void setPasswordActive(boolean passwordActive) { - this.passwordActive = passwordActive; - } - - /** - * @return the userID - */ - public String getUserID() { - return userID; - } - - /** - * @param userID the userID to set - */ - public void setUserID(String userID) { - this.userID = userID; - } - - /** - * @return the password_second - */ - public String getPassword_second() { - return password_second; - } - - /** - * @param password_second the password_second to set - */ - public void setPassword_second(String password_second) { - this.password_second = password_second; - } - - /** - * @return the isusernamepasswordallowed - */ - public boolean isIsusernamepasswordallowed() { - return isusernamepasswordallowed; - } - - /** - * @param isusernamepasswordallowed the isusernamepasswordallowed to set - */ - public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { - this.isusernamepasswordallowed = isusernamepasswordallowed; - } - - /** - * @return the ismandateuser - */ - public boolean isIsmandateuser() { - return ismandateuser; - } - - - /** - * @param ismandateuser the ismandateuser to set - */ - public void setIsmandateuser(boolean ismandateuser) { - this.ismandateuser = ismandateuser; - } - - /** - * @return the isadminrequest - */ - public boolean isIsadminrequest() { - return isadminrequest; - } - - /** - * @param isadminrequest the isadminrequest to set - */ - public void setIsadminrequest(boolean isadminrequest) { - this.isadminrequest = isadminrequest; - } - - /** - * @return the isPVPGenerated - */ - public boolean isPVPGenerated() { - return isPVPGenerated; - } - - /** - * @param isPVPGenerated the isPVPGenerated to set - */ - public void setPVPGenerated(boolean isPVPGenerated) { - this.isPVPGenerated = isPVPGenerated; - } - + + private String bpk; + private String familyName; + private String givenName; + private String institut; + private String mail; + private String phone; + private String username; + private String password; + private String password_second; + private boolean active = false; + private boolean admin = false; + private boolean passwordActive; + private boolean isusernamepasswordallowed = false; + private boolean isadminrequest = true; + private boolean ismandateuser = false; + private boolean isPVPGenerated; + private String userID = null; + + public UserDatabaseFrom() { + + } + + public UserDatabaseFrom(UserDatabase db) { + bpk = db.getBpk(); + familyName = db.getFamilyname(); + givenName = db.getGivenname(); + institut = db.getInstitut(); + mail = db.getMail(); + phone = db.getPhone(); + username = db.getUsername(); + + if (MiscUtil.isNotEmpty(db.getPassword())) { + passwordActive = true; + } else { + passwordActive = false; + } + + active = db.isIsActive(); + admin = db.isIsAdmin(); + + if (db.isIsUsernamePasswordAllowed() != null) { + isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); + } else { + isusernamepasswordallowed = true; + } + + if (db.isIsAdminRequest() != null) { + isadminrequest = db.isIsAdminRequest(); + } else { + isadminrequest = false; + } + + if (db.isIsMandateUser() != null) { + ismandateuser = db.isIsMandateUser(); + } else { + ismandateuser = false; + } + + if (db.isIsPVP2Generated() != null) { + isPVPGenerated = db.isIsPVP2Generated(); + } else { + isPVPGenerated = false; + } + + userID = String.valueOf(db.getHjid()); + } + + /** + * @return the bpk + */ + public String getBpk() { + return bpk; + } + + /** + * @param bpk the bpk to set + */ + public void setBpk(String bpk) { + this.bpk = bpk; + } + + /** + * @return the familyName + */ + public String getFamilyName() { + return familyName; + } + + /** + * @param familyName the familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * @return the givenName + */ + public String getGivenName() { + return givenName; + } + + /** + * @param givenName the givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * @return the institut + */ + public String getInstitut() { + return institut; + } + + /** + * @param institut the institut to set + */ + public void setInstitut(String institut) { + this.institut = institut; + } + + /** + * @return the mail + */ + public String getMail() { + return mail; + } + + /** + * @param mail the mail to set + */ + public void setMail(String mail) { + this.mail = mail; + } + + /** + * @return the phone + */ + public String getPhone() { + return phone; + } + + /** + * @param phone the phone to set + */ + public void setPhone(String phone) { + this.phone = phone; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the active + */ + public boolean isActive() { + return active; + } + + /** + * @param active the active to set + */ + public void setActive(boolean active) { + this.active = active; + } + + /** + * @return the admin + */ + public boolean isAdmin() { + return admin; + } + + /** + * @param admin the admin to set + */ + public void setAdmin(boolean admin) { + this.admin = admin; + } + + /** + * @return the passwordActive + */ + public boolean isPasswordActive() { + return passwordActive; + } + + /** + * @param passwordActive the passwordActive to set + */ + public void setPasswordActive(boolean passwordActive) { + this.passwordActive = passwordActive; + } + + /** + * @return the userID + */ + public String getUserID() { + return userID; + } + + /** + * @param userID the userID to set + */ + public void setUserID(String userID) { + this.userID = userID; + } + + /** + * @return the password_second + */ + public String getPassword_second() { + return password_second; + } + + /** + * @param password_second the password_second to set + */ + public void setPassword_second(String password_second) { + this.password_second = password_second; + } + + /** + * @return the isusernamepasswordallowed + */ + public boolean isIsusernamepasswordallowed() { + return isusernamepasswordallowed; + } + + /** + * @param isusernamepasswordallowed the isusernamepasswordallowed to set + */ + public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { + this.isusernamepasswordallowed = isusernamepasswordallowed; + } + + /** + * @return the ismandateuser + */ + public boolean isIsmandateuser() { + return ismandateuser; + } + + /** + * @param ismandateuser the ismandateuser to set + */ + public void setIsmandateuser(boolean ismandateuser) { + this.ismandateuser = ismandateuser; + } + + /** + * @return the isadminrequest + */ + public boolean isIsadminrequest() { + return isadminrequest; + } + + /** + * @param isadminrequest the isadminrequest to set + */ + public void setIsadminrequest(boolean isadminrequest) { + this.isadminrequest = isadminrequest; + } + + /** + * @return the isPVPGenerated + */ + public boolean isPVPGenerated() { + return isPVPGenerated; + } + + /** + * @param isPVPGenerated the isPVPGenerated to set + */ + public void setPVPGenerated(boolean isPVPGenerated) { + this.isPVPGenerated = isPVPGenerated; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java index 63c82037f..c2344e059 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java @@ -4,61 +4,61 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAStorkAttribut import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; public class AttributeHelper { - private boolean isUsed = false; - private String name; - private boolean mandatory; - private boolean readonly; + private boolean isUsed = false; + private String name; + private boolean mandatory; + private boolean readonly; - public AttributeHelper() { - // TODO Auto-generated constructor stub - } + public AttributeHelper() { + // TODO Auto-generated constructor stub + } - public AttributeHelper(OAStorkAttribute attribute) { - isUsed = true; - name = attribute.getName(); - mandatory = attribute.isMandatory(); - } + public AttributeHelper(OAStorkAttribute attribute) { + isUsed = true; + name = attribute.getName(); + mandatory = attribute.isMandatory(); + } - public AttributeHelper(StorkAttribute attribute) { - name = attribute.getName(); - mandatory = false; - if (attribute.isMandatory()==null) { // TODO check details - attribute.setMandatory(false); - } else { - readonly = attribute.isMandatory(); - } - isUsed = readonly; - } + public AttributeHelper(StorkAttribute attribute) { + name = attribute.getName(); + mandatory = false; + if (attribute.isMandatory() == null) { // TODO check details + attribute.setMandatory(false); + } else { + readonly = attribute.isMandatory(); + } + isUsed = readonly; + } - public boolean isUsed() { - return isUsed; - } + public boolean isUsed() { + return isUsed; + } - public void setUsed(boolean used) { - isUsed = used; - } + public void setUsed(boolean used) { + isUsed = used; + } - public String getName() { - return name; - } + public String getName() { + return name; + } - public void setName(String newname) { - name = newname; - } + public void setName(String newname) { + name = newname; + } - public boolean isMandatory() { - return mandatory; - } + public boolean isMandatory() { + return mandatory; + } - public void setMandatory(boolean value) { - mandatory = value; - } + public void setMandatory(boolean value) { + mandatory = value; + } - public boolean isReadOnly() { - return readonly; - } + public boolean isReadOnly() { + return readonly; + } - public void setReadOnly(boolean value) { - // we do not allow setting the readonly field - } + public void setReadOnly(boolean value) { + // we do not allow setting the readonly field + } } \ No newline at end of file diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java index 8195c993d..0ba3ed36c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java @@ -34,31 +34,34 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; * */ public interface IOnlineApplicationData { - - public String getName(); - - /** - * Parse OnlineApplication database object to formData - * @param dbOAConfig - * @return List of Errors - */ - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); - - /** - * Store formData to OnlineApplication database object - * @param dboa: Database data object - * @param authUser - * @param request: - * @return Error description - */ - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); - - /** - * Validate formData - * @param general - * @param request - * @return - */ - public List validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); + + String getName(); + + /** + * Parse OnlineApplication database object to formData + * + * @param dbOAConfig + * @return List of Errors + */ + List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Store formData to OnlineApplication database object + * + * @param dboa: Database data object + * @param authUser + * @param request: + * @return Error description + */ + String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Validate formData + * + * @param general + * @param request + * @return + */ + List validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index b3db074a2..b3f0620f0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -29,8 +29,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; @@ -47,105 +45,105 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAAuthenticationData implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OAAuthenticationData.class); - - private String bkuOnlineURL = null; - private String bkuHandyURL = null; - private String bkuLocalURL = null; - - private String mandateProfiles = null; - private boolean useMandates = false; - - private List misServicesList = new ArrayList(); - private List elgaServicesList = new ArrayList(); - private List szrgwServicesList = new ArrayList(); - private List eidServicesList = new ArrayList(); - private String misServiceSelected = null; - private String elgaServiceSelected = null; - private String szrgwServiceSelected = null; - private String eidServiceSelected = null; - - private boolean calculateHPI = false; - - private String keyBoxIdentifier = null; - private static Map keyBoxIdentifierList; - - private boolean legacy = false; - List SLTemplates = null; - - private Map transformations; - - private boolean enableTestCredentials = false; - private List testCredentialOIDs = null; - private boolean useTestIDLValidationTrustStore = false; - private boolean useTestAuthblockValidationTrustStore = false; - - - //SL2.0 - private boolean sl20Active = false; - private String sl20EndPoints = null; - - private boolean isMoaidMode = false; - - /** - * @param isMoaidMode - * - */ - public OAAuthenticationData() { - try { - this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - e.printStackTrace(); - - } - - keyBoxIdentifierList = new HashMap(); - MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); - for (int i=0; i misServicesList = new ArrayList<>(); + private List elgaServicesList = new ArrayList<>(); + private List szrgwServicesList = new ArrayList<>(); + private List eidServicesList = new ArrayList<>(); + private String misServiceSelected = null; + private String elgaServiceSelected = null; + private String szrgwServiceSelected = null; + private String eidServiceSelected = null; + + private boolean calculateHPI = false; + + private String keyBoxIdentifier = null; + private static Map keyBoxIdentifierList; + + private boolean legacy = false; + List SLTemplates = null; + + private Map transformations; + + private boolean enableTestCredentials = false; + private List testCredentialOIDs = null; + private boolean useTestIDLValidationTrustStore = false; + private boolean useTestAuthblockValidationTrustStore = false; + + // SL2.0 + private boolean sl20Active = false; + private String sl20EndPoints = null; + + private boolean isMoaidMode = false; + + /** + * @param isMoaidMode + * + */ + public OAAuthenticationData() { + try { + this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + e.printStackTrace(); + + } + + keyBoxIdentifierList = new HashMap<>(); + final MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); + for (final MOAKeyBoxSelector value : values) { + keyBoxIdentifierList.put(value.value(), value.value()); + } + + keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); + + try { + final MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead() + .getMOAIDConfiguration(); + + if (this.isMoaidMode) { + try { + elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); + misServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL()); + } catch (final NullPointerException e) { + } + + try { + szrgwServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL()); + } catch (final NullPointerException e) { + } + + } + + try { + eidServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getEidSystemServiceURLs()); + } catch (final NullPointerException e) { + } + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + // bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; // bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; -// +// // MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); // if (moaidconfig != null) { // DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); @@ -155,34 +153,43 @@ public class OAAuthenticationData implements IOnlineApplicationData { // setBkuOnlineURL(defaultbkus.getOnlineBKU()); // } // } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAAuthenticationData"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); - - szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); - eidServiceSelected = dbOA.getSelectedEIDServiceURL(); - - AuthComponentOA oaauth = dbOA.getAuthComponentOA(); - if (oaauth != null) { - BKUURLS bkuurls = oaauth.getBKUURLS(); - - String defaulthandy = ""; - String defaultlocal = ""; - String defaultonline = ""; - + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAAuthenticationData"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); + + szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + eidServiceSelected = dbOA.getSelectedEIDServiceURL(); + + final AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + final BKUURLS bkuurls = oaauth.getBKUURLS(); + + final String defaulthandy = ""; + final String defaultlocal = ""; + final String defaultonline = ""; + // MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); // if (dbconfig != null) { // DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); @@ -192,674 +199,685 @@ public class OAAuthenticationData implements IOnlineApplicationData { // defaultonline = defaultbkus.getOnlineBKU(); // } // } - - if (bkuurls != null) { - - if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) - bkuHandyURL = defaulthandy; - else - bkuHandyURL = bkuurls.getHandyBKU(); - - if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) - bkuLocalURL = defaultlocal; - else - bkuLocalURL = bkuurls.getLocalBKU(); - - if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) - bkuOnlineURL = defaultonline; - else - bkuOnlineURL = bkuurls.getOnlineBKU(); - } - - Mandates mandates = oaauth.getMandates(); - if (mandates != null) { - - mandateProfiles = null; - - List profileList = mandates.getProfileName(); - for (String el : profileList) { - if (mandateProfiles == null) - mandateProfiles = el; - - else - mandateProfiles += "," + el; - } - - //TODO: only for RC1 - if (MiscUtil.isNotEmpty(mandates.getProfiles())) { - if (mandateProfiles == null) - mandateProfiles = mandates.getProfiles(); - - else - mandateProfiles += "," + mandates.getProfiles(); - - } - - if (mandateProfiles != null) - useMandates = true; - - else - useMandates = false; - - misServiceSelected = mandates.getSelectedMISServiceURL(); - elgaServiceSelected = mandates.getSelecteELGAServiceURL(); - - } - - TemplatesType templates = oaauth.getTemplates(); - if (templates != null) { - List templatetype = templates.getTemplate(); - - if (templatetype != null) { - if (SLTemplates == null) { - SLTemplates = new ArrayList(); - } - - for (TemplateType el : templatetype) { - SLTemplates.add(el.getURL()); - } - } - } - - if (SLTemplates != null && SLTemplates.size() > 0) - legacy = true; - - List transforminfos = oaauth.getTransformsInfo(); - transformations = new HashMap(); - for (TransformsInfoType el : transforminfos) { - transformations.put(el.getFilename(), el.getTransformation()); - } - } - - if (oaauth.getTestCredentials() != null) { - enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); - testCredentialOIDs = new ArrayList(); - testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); - - useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore(); - useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); - } - - //parse SL2.0 information - if (oaauth.isSl20Active()) { - //parse SL2.0 endpoint information - if (oaauth.getSl20EndPoints() != null) { - if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) - sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); - - else { - if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - sl20EndPoints = oaauth.getSl20EndPoints().substring(0, - oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - sl20EndPoints = oaauth.getSl20EndPoints(); - - } - } - sl20Active = oaauth.isSl20Active(); - - } - - - return null; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + + if (bkuurls != null) { + + if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) { + bkuHandyURL = defaulthandy; + } else { + bkuHandyURL = bkuurls.getHandyBKU(); + } + + if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) { + bkuLocalURL = defaultlocal; + } else { + bkuLocalURL = bkuurls.getLocalBKU(); + } + + if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) { + bkuOnlineURL = defaultonline; + } else { + bkuOnlineURL = bkuurls.getOnlineBKU(); + } + } + + final Mandates mandates = oaauth.getMandates(); + if (mandates != null) { + + mandateProfiles = null; + + final List profileList = mandates.getProfileName(); + for (final String el : profileList) { + if (mandateProfiles == null) { + mandateProfiles = el; + } else { + mandateProfiles += "," + el; + } + } + + // TODO: only for RC1 + if (MiscUtil.isNotEmpty(mandates.getProfiles())) { + if (mandateProfiles == null) { + mandateProfiles = mandates.getProfiles(); + } else { + mandateProfiles += "," + mandates.getProfiles(); + } + + } + + if (mandateProfiles != null) { + useMandates = true; + } else { + useMandates = false; + } + + misServiceSelected = mandates.getSelectedMISServiceURL(); + elgaServiceSelected = mandates.getSelecteELGAServiceURL(); + + } + + final TemplatesType templates = oaauth.getTemplates(); + if (templates != null) { + final List templatetype = templates.getTemplate(); + + if (templatetype != null) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + + for (final TemplateType el : templatetype) { + SLTemplates.add(el.getURL()); + } } - - dbOA.setCalculateHPI(isCalculateHPI()); - - if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) - dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); - - - if (MiscUtil.isNotEmpty(getEidServiceSelected())) - dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); - - if (authUser.isAdmin()) { - - //store BKU-URLs - BKUURLS bkuruls = new BKUURLS(); - authoa.setBKUURLS(bkuruls); - bkuruls.setHandyBKU(getBkuHandyURL()); - bkuruls.setLocalBKU(getBkuLocalURL()); - bkuruls.setOnlineBKU(getBkuOnlineURL()); - - //store SecurtiyLayerTemplates - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - List template = templates.getTemplate(); - if (isLegacy()) { - - if (template == null) - template = new ArrayList(); - else - template.clear(); - - if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL1()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL2()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL3()); - template.add(el); - } else - template.add(new TemplateType()); - - } else { - if (template != null && template.size() > 0) template.clear(); - } - - - //store keyBox Identifier - dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } + + if (SLTemplates != null && SLTemplates.size() > 0) { + legacy = true; + } + + final List transforminfos = oaauth.getTransformsInfo(); + transformations = new HashMap<>(); + for (final TransformsInfoType el : transforminfos) { + transformations.put(el.getFilename(), el.getTransformation()); + } + } + + if (oaauth.getTestCredentials() != null) { + enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); + testCredentialOIDs = new ArrayList<>(); + testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); + + useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore(); + useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); + } + + // parse SL2.0 information + if (oaauth.isSl20Active()) { + // parse SL2.0 endpoint information + if (oaauth.getSl20EndPoints() != null) { + if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) { + sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); } else { - if (dbOA.isIsNew()) dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + sl20EndPoints = oaauth.getSl20EndPoints().substring(0, + oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + sl20EndPoints = oaauth.getSl20EndPoints(); + } + } - - Mandates mandates = new Mandates(); - if (isUseMandates()) { - - String[] profileList = getMandateProfiles().split(","); - - List dbProfiles = mandates.getProfileName(); - if (dbProfiles == null) { - dbProfiles = new ArrayList(); - mandates.setProfileName(dbProfiles); - - } - - for (String el: profileList) - dbProfiles.add(el.trim()); - - mandates.setProfiles(null); - - if (MiscUtil.isNotEmpty(getMisServiceSelected())) - mandates.setSelectedMISServiceURL(getMisServiceSelected()); - - if (MiscUtil.isNotEmpty(getElgaServiceSelected())) - mandates.setSelecteELGAServiceURL(getElgaServiceSelected()); - + } + sl20Active = oaauth.isSl20Active(); + + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + dbOA.setCalculateHPI(isCalculateHPI()); + + if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) { + dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); + } + + if (MiscUtil.isNotEmpty(getEidServiceSelected())) { + dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); + } + + if (authUser.isAdmin()) { + + // store BKU-URLs + final BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + bkuruls.setHandyBKU(getBkuHandyURL()); + bkuruls.setLocalBKU(getBkuLocalURL()); + bkuruls.setOnlineBKU(getBkuOnlineURL()); + + // store SecurtiyLayerTemplates + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + List template = templates.getTemplate(); + if (isLegacy()) { + + if (template == null) { + template = new ArrayList<>(); } else { - mandates.setProfiles(null); - mandates.getProfileName().clear(); - + template.clear(); } - authoa.setMandates(mandates); - // set default transformation if it is empty - List transformsInfo = authoa.getTransformsInfo(); - if (transformsInfo == null) { - // TODO: set OA specific transformation if it is required + if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL1()); + template.add(el); + } else { + template.add(new TemplateType()); + } + if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL2()); + template.add(el); + } else { + template.add(new TemplateType()); + } + if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL3()); + template.add(el); + } else { + template.add(new TemplateType()); + } + } else { + if (template != null && template.size() > 0) { + template.clear(); } - - if (enableTestCredentials) { - TestCredentials testing = authoa.getTestCredentials(); + } + + // store keyBox Identifier + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } else { + if (dbOA.isIsNew()) { + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + } + + final Mandates mandates = new Mandates(); + if (isUseMandates()) { + + final String[] profileList = getMandateProfiles().split(","); + + List dbProfiles = mandates.getProfileName(); + if (dbProfiles == null) { + dbProfiles = new ArrayList<>(); + mandates.setProfileName(dbProfiles); + + } + + for (final String el : profileList) { + dbProfiles.add(el.trim()); + } + + mandates.setProfiles(null); + + if (MiscUtil.isNotEmpty(getMisServiceSelected())) { + mandates.setSelectedMISServiceURL(getMisServiceSelected()); + } + + if (MiscUtil.isNotEmpty(getElgaServiceSelected())) { + mandates.setSelecteELGAServiceURL(getElgaServiceSelected()); + } + + } else { + mandates.setProfiles(null); + mandates.getProfileName().clear(); + + } + authoa.setMandates(mandates); + + // set default transformation if it is empty + final List transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + // TODO: set OA specific transformation if it is required + + } + + if (enableTestCredentials) { + TestCredentials testing = authoa.getTestCredentials(); // if (testing != null) // ConfigurationDBUtils.delete(testing); - testing = new TestCredentials(); - authoa.setTestCredentials(testing); - testing.setEnableTestCredentials(enableTestCredentials); - testing.setCredentialOID(testCredentialOIDs); - + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + testing.setEnableTestCredentials(enableTestCredentials); + testing.setCredentialOID(testCredentialOIDs); + + } else { + final TestCredentials testing = authoa.getTestCredentials(); + if (testing != null) { + testing.setEnableTestCredentials(false); + } + + } + + TestCredentials testing = authoa.getTestCredentials(); + if (testing == null) { + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + + } + testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore); + testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); + + // store SL2.0 information + authoa.setSl20Active(isSl20Active()); + authoa.setSl20EndPoints(getSl20EndPoints()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); + } + + /** + * @return the bkuOnlineURL + */ + public String getBkuOnlineURL() { + return bkuOnlineURL; + } + + /** + * @param bkuOnlineURL the bkuOnlineURL to set + */ + public void setBkuOnlineURL(String bkuOnlineURL) { + this.bkuOnlineURL = bkuOnlineURL; + } + + /** + * @return the bkuHandyURL + */ + public String getBkuHandyURL() { + return bkuHandyURL; + } + + /** + * @param bkuHandyURL the bkuHandyURL to set + */ + public void setBkuHandyURL(String bkuHandyURL) { + this.bkuHandyURL = bkuHandyURL; + } + + /** + * @return the bkuLocalURL + */ + public String getBkuLocalURL() { + return bkuLocalURL; + } + + /** + * @param bkuLocalURL the bkuLocalURL to set + */ + public void setBkuLocalURL(String bkuLocalURL) { + this.bkuLocalURL = bkuLocalURL; + } + + /** + * @return the mandateProfiles + */ + public String getMandateProfiles() { + return mandateProfiles; + } + + /** + * @param mandateProfiles the mandateProfiles to set + */ + public void setMandateProfiles(String mandateProfiles) { + this.mandateProfiles = mandateProfiles; + } + + /** + * @return the useMandates + */ + public boolean isUseMandates() { + return useMandates; + } + + /** + * @param useMandates the useMandates to set + */ + public void setUseMandates(boolean useMandates) { + this.useMandates = useMandates; + } + + /** + * @return the calculateHPI + */ + public boolean isCalculateHPI() { + return calculateHPI; + } + + /** + * @param calculateHPI the calculateHPI to set + */ + public void setCalculateHPI(boolean calculateHPI) { + this.calculateHPI = calculateHPI; + } + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * @param keyBoxIdentifier the keyBoxIdentifier to set + */ + public void setKeyBoxIdentifier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * @return the keyBoxIdentifierList + */ + public Map getKeyBoxIdentifierList() { + return keyBoxIdentifierList; + } + + /** + * @return the legacy + */ + public boolean isLegacy() { + return legacy; + } + + /** + * @param legacy the legacy to set + */ + public void setLegacy(boolean legacy) { + this.legacy = legacy; + } + + /** + * @return the transformations + */ + public Map getTransformations() { + return transformations; + } + + /** + * @param transformations the transformations to set + */ + public void setTransformations(Map transformations) { + this.transformations = transformations; + } + + /** + * @return the sLTemplates + */ + public List getSLTemplates() { + return SLTemplates; + } + + /** + * @return the sLTemplateURL1 + */ + public String getSLTemplateURL1() { + if (SLTemplates != null && SLTemplates.size() > 0) { + return SLTemplates.get(0); + } else { + return null; + } + } + + /** + * @param sLTemplateURL1 the sLTemplateURL1 to set + */ + public void setSLTemplateURL1(String sLTemplateURL1) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL1); + } + + /** + * @return the sLTemplateURL2 + */ + public String getSLTemplateURL2() { + if (SLTemplates != null && SLTemplates.size() > 1) { + return SLTemplates.get(1); + } else { + return null; + } + } + + /** + * @param sLTemplateURL2 the sLTemplateURL2 to set + */ + public void setSLTemplateURL2(String sLTemplateURL2) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL2); + } + + /** + * @return the sLTemplateURL3 + */ + public String getSLTemplateURL3() { + if (SLTemplates != null && SLTemplates.size() > 2) { + return SLTemplates.get(2); + } else { + return null; + } + } + + /** + * @param sLTemplateURL3 the sLTemplateURL3 to set + */ + public void setSLTemplateURL3(String sLTemplateURL3) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL3); + } + + /** + * @return the enableTestCredentials + */ + public boolean isEnableTestCredentials() { + return enableTestCredentials; + } + + /** + * @param enableTestCredentials the enableTestCredentials to set + */ + public void setEnableTestCredentials(boolean enableTestCredentials) { + this.enableTestCredentials = enableTestCredentials; + } + + /** + * @return the testCredentialOIDs + */ + public String getTestCredentialOIDs() { + String value = null; + if (testCredentialOIDs != null) { + for (final String el : testCredentialOIDs) { + if (value == null) { + value = el; } else { - TestCredentials testing = authoa.getTestCredentials(); - if (testing != null) { - testing.setEnableTestCredentials(false); - } - + value += "," + el; } - - TestCredentials testing = authoa.getTestCredentials(); - if (testing == null) { - testing = new TestCredentials(); - authoa.setTestCredentials(testing); - - } - testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore); - testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); - - - //store SL2.0 information - authoa.setSl20Active(isSl20Active()); - authoa.setSl20EndPoints(getSl20EndPoints()); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); - } - - - /** - * @return the bkuOnlineURL - */ - public String getBkuOnlineURL() { - return bkuOnlineURL; - } - - - /** - * @param bkuOnlineURL the bkuOnlineURL to set - */ - public void setBkuOnlineURL(String bkuOnlineURL) { - this.bkuOnlineURL = bkuOnlineURL; - } - - - /** - * @return the bkuHandyURL - */ - public String getBkuHandyURL() { - return bkuHandyURL; - } - - - /** - * @param bkuHandyURL the bkuHandyURL to set - */ - public void setBkuHandyURL(String bkuHandyURL) { - this.bkuHandyURL = bkuHandyURL; - } - - - /** - * @return the bkuLocalURL - */ - public String getBkuLocalURL() { - return bkuLocalURL; - } - - - /** - * @param bkuLocalURL the bkuLocalURL to set - */ - public void setBkuLocalURL(String bkuLocalURL) { - this.bkuLocalURL = bkuLocalURL; - } - - - /** - * @return the mandateProfiles - */ - public String getMandateProfiles() { - return mandateProfiles; - } - - - /** - * @param mandateProfiles the mandateProfiles to set - */ - public void setMandateProfiles(String mandateProfiles) { - this.mandateProfiles = mandateProfiles; - } - - - /** - * @return the useMandates - */ - public boolean isUseMandates() { - return useMandates; - } - - - /** - * @param useMandates the useMandates to set - */ - public void setUseMandates(boolean useMandates) { - this.useMandates = useMandates; - } - - - /** - * @return the calculateHPI - */ - public boolean isCalculateHPI() { - return calculateHPI; - } - - - /** - * @param calculateHPI the calculateHPI to set - */ - public void setCalculateHPI(boolean calculateHPI) { - this.calculateHPI = calculateHPI; - } - - - /** - * @return the keyBoxIdentifier - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - - /** - * @param keyBoxIdentifier the keyBoxIdentifier to set - */ - public void setKeyBoxIdentifier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - - /** - * @return the keyBoxIdentifierList - */ - public Map getKeyBoxIdentifierList() { - return keyBoxIdentifierList; - } - - - /** - * @return the legacy - */ - public boolean isLegacy() { - return legacy; - } - - - /** - * @param legacy the legacy to set - */ - public void setLegacy(boolean legacy) { - this.legacy = legacy; - } - - - /** - * @return the transformations - */ - public Map getTransformations() { - return transformations; - } - - - /** - * @param transformations the transformations to set - */ - public void setTransformations(Map transformations) { - this.transformations = transformations; - } - - - /** - * @return the sLTemplates - */ - public List getSLTemplates() { - return SLTemplates; - } - - /** - * @return the sLTemplateURL1 - */ - public String getSLTemplateURL1() { - if (SLTemplates != null && SLTemplates.size() > 0) - return SLTemplates.get(0); - else - return null; - } - - - /** - * @param sLTemplateURL1 the sLTemplateURL1 to set - */ - public void setSLTemplateURL1(String sLTemplateURL1) { - if (SLTemplates == null) - SLTemplates = new ArrayList(); - SLTemplates.add(sLTemplateURL1); - } - - - /** - * @return the sLTemplateURL2 - */ - public String getSLTemplateURL2() { - if (SLTemplates != null && SLTemplates.size() > 1) - return SLTemplates.get(1); - else - return null; - } - - - /** - * @param sLTemplateURL2 the sLTemplateURL2 to set - */ - public void setSLTemplateURL2(String sLTemplateURL2) { - if (SLTemplates == null) - SLTemplates = new ArrayList(); - SLTemplates.add(sLTemplateURL2); - } - - - /** - * @return the sLTemplateURL3 - */ - public String getSLTemplateURL3() { - if (SLTemplates != null && SLTemplates.size() > 2) - return SLTemplates.get(2); - else - return null; - } - - - /** - * @param sLTemplateURL3 the sLTemplateURL3 to set - */ - public void setSLTemplateURL3(String sLTemplateURL3) { - if (SLTemplates == null) - SLTemplates = new ArrayList(); - SLTemplates.add(sLTemplateURL3); - } - - /** - * @return the enableTestCredentials - */ - public boolean isEnableTestCredentials() { - return enableTestCredentials; - } - - /** - * @param enableTestCredentials the enableTestCredentials to set - */ - public void setEnableTestCredentials(boolean enableTestCredentials) { - this.enableTestCredentials = enableTestCredentials; - } - - /** - * @return the testCredentialOIDs - */ - public String getTestCredentialOIDs() { - String value = null; - if (testCredentialOIDs != null) { - for (String el : testCredentialOIDs) { - if (value == null) - value = el; - else - value += "," + el; - - } - } - - return value; - } - - public List getTestCredialOIDList() { - return this.testCredentialOIDs; - } - - /** - * @param testCredentialOIDs the testCredentialOIDs to set - */ - public void setTestCredentialOIDs(String testCredentialOIDs) { - if (MiscUtil.isNotEmpty(testCredentialOIDs)) { - String[] oidList = testCredentialOIDs.split(","); - - this.testCredentialOIDs = new ArrayList(); - for (int i=0; i getMisServicesList() { - return misServicesList; - } - - /** - * @return the elgaServicesList - */ - public List getElgaServicesList() { - return elgaServicesList; - } - - /** - * @return the szrgwServicesList - */ - public List getSzrgwServicesList() { - return szrgwServicesList; - } - - public List getEidServicesList() { - return eidServicesList; - } - - public String getEidServiceSelected() { - return eidServiceSelected; - } - - public void setEidServiceSelected(String eidServiceSelected) { - this.eidServiceSelected = eidServiceSelected; - } - - public boolean isSl20Active() { - return sl20Active; - } - - public void setSl20Active(boolean sl20Active) { - this.sl20Active = sl20Active; - } - - public String getSl20EndPoints() { - return sl20EndPoints; - } - - public void setSl20EndPoints(String sl20EndPoints) { - if (MiscUtil.isNotEmpty(sl20EndPoints)) - this.sl20EndPoints = - KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); - else - this.sl20EndPoints = sl20EndPoints; - } - - public boolean isMoaidMode() { - return isMoaidMode; - } - + + } + } + + return value; + } + + public List getTestCredialOIDList() { + return this.testCredentialOIDs; + } + + /** + * @param testCredentialOIDs the testCredentialOIDs to set + */ + public void setTestCredentialOIDs(String testCredentialOIDs) { + if (MiscUtil.isNotEmpty(testCredentialOIDs)) { + final String[] oidList = testCredentialOIDs.split(","); + + this.testCredentialOIDs = new ArrayList<>(); + for (final String element : oidList) { + this.testCredentialOIDs.add(element.trim()); + } + } + } + + /** + * @return the useTestIDLValidationTrustStore + */ + public boolean isUseTestIDLValidationTrustStore() { + return useTestIDLValidationTrustStore; + } + + /** + * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to + * set + */ + public void setUseTestIDLValidationTrustStore( + boolean useTestIDLValidationTrustStore) { + this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore; + } + + /** + * @return the useTestAuthblockValidationTrustStore + */ + public boolean isUseTestAuthblockValidationTrustStore() { + return useTestAuthblockValidationTrustStore; + } + + /** + * @param useTestAuthblockValidationTrustStore the + * useTestAuthblockValidationTrustStore + * to set + */ + public void setUseTestAuthblockValidationTrustStore( + boolean useTestAuthblockValidationTrustStore) { + this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore; + } + + /** + * @return the misServiceSelected + */ + public String getMisServiceSelected() { + return misServiceSelected; + } + + /** + * @param misServiceSelected the misServiceSelected to set + */ + public void setMisServiceSelected(String misServiceSelected) { + this.misServiceSelected = misServiceSelected; + } + + /** + * @return the elgaServiceSelected + */ + public String getElgaServiceSelected() { + return elgaServiceSelected; + } + + /** + * @param elgaServiceSelected the elgaServiceSelected to set + */ + public void setElgaServiceSelected(String elgaServiceSelected) { + this.elgaServiceSelected = elgaServiceSelected; + } + + /** + * @return the szrgwServiceSelected + */ + public String getSzrgwServiceSelected() { + return szrgwServiceSelected; + } + + /** + * @param szrgwServiceSelected the szrgwServiceSelected to set + */ + public void setSzrgwServiceSelected(String szrgwServiceSelected) { + this.szrgwServiceSelected = szrgwServiceSelected; + } + + /** + * @return the misServicesList + */ + public List getMisServicesList() { + return misServicesList; + } + + /** + * @return the elgaServicesList + */ + public List getElgaServicesList() { + return elgaServicesList; + } + + /** + * @return the szrgwServicesList + */ + public List getSzrgwServicesList() { + return szrgwServicesList; + } + + public List getEidServicesList() { + return eidServicesList; + } + + public String getEidServiceSelected() { + return eidServiceSelected; + } + + public void setEidServiceSelected(String eidServiceSelected) { + this.eidServiceSelected = eidServiceSelected; + } + + public boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + if (MiscUtil.isNotEmpty(sl20EndPoints)) { + this.sl20EndPoints = + KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); + } else { + this.sl20EndPoints = sl20EndPoints; + } + } + + public boolean isMoaidMode() { + return isMoaidMode; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java index bac69cf34..1f4d842ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.SerializationUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; @@ -49,322 +48,342 @@ import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OABPKEncryption implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OABPKEncryption.class); - - private static final String MODULENAME = "bPKEncryptionDecryption"; - - private String keyStorePassword = null; - private String keyAlias = null; - private String keyPassword = null; - - private Map keyStoreForm = new HashMap(); - - private List keyStoreFileUpload = null; - private List keyStoreFileUploadContentType = null; - private List keyStoreFileUploadFileName = new ArrayList();; - private boolean deletekeyStore = false; - private boolean validationError = false; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - // TODO Auto-generated method stub - return MODULENAME; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth != null) { - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec != null) { - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec != null) { - keyAlias = bPKDec.getKeyAlias(); - if (bPKDec.getKeyStoreFileName() != null) - keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); - - } - } - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth == null) { - oaAuth = new AuthComponentOA(); - dbOA.setAuthComponentOA(oaAuth); - - } - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec == null) { - bPKEncDec = new EncBPKInformation(); - oaAuth.setEncBPKInformation(bPKEncDec); - - } - - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec == null) { - bPKDec = new BPKDecryption(); - bPKEncDec.setBPKDecryption(bPKDec); - } - - if (isDeletekeyStore()) { - bPKDec.setIv(null); - bPKDec.setKeyAlias(null); - bPKDec.setKeyInformation(null); - bPKDec.setKeyStoreFileName(null); - - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - if (keyStoreForm != null && keyStoreForm.size() > 0) { - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - - Iterator interator = keyStoreForm.keySet().iterator(); - bPKDec.setKeyStoreFileName(interator.next()); - bPKDec.setKeyAlias(keyAlias); - keyInfo.setKeyStore(keyStoreForm.get( - bPKDec.getKeyStoreFileName())); - - //encrypt key information - byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); - try { - EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); - bPKDec.setIv(encryptkeyInfo.getIv()); - bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); - - } catch (BuildException e) { - log.error("Configuration encryption FAILED.", e); - return LanguageHelper.getErrorString("error.general.text", request); - - } - } - - request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - HttpSession session = request.getSession(); - List errors = new ArrayList(); - - String check = null; - - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - //validate BKU-selection template - List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName() - , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); - if (templateError != null && templateError.size() == 0) { - if (keyStoreForm != null && keyStoreForm.size() > 0) { - session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); - - } else - keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); - - } else { - errors.addAll(templateError); + private static final String MODULENAME = "bPKEncryptionDecryption"; + + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + private Map keyStoreForm = new HashMap<>(); + + private List keyStoreFileUpload = null; + private List keyStoreFileUploadContentType = null; + private List keyStoreFileUploadFileName = new ArrayList<>(); + private boolean deletekeyStore = false; + private boolean validationError = false; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + // TODO Auto-generated method stub + return MODULENAME; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth != null) { + final EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec != null) { + final BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec != null) { + keyAlias = bPKDec.getKeyAlias(); + if (bPKDec.getKeyStoreFileName() != null) { + keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); + } } - - if (keyStoreForm != null && keyStoreForm.size() > 0) { - check = getKeyStorePassword(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption keystore password is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyAlias(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption key alias is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key alias contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyPassword(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - Iterator interator = keyStoreForm.keySet().iterator(); - String fileName = interator.next(); - keyInfo.setKeyStore(keyStoreForm.get(fileName)); - if (keyInfo.getPrivateKey() == null) { - log.info("Open keyStore FAILED."); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); - - } + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth == null) { + oaAuth = new AuthComponentOA(); + dbOA.setAuthComponentOA(oaAuth); + + } + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec == null) { + bPKEncDec = new EncBPKInformation(); + oaAuth.setEncBPKInformation(bPKEncDec); + + } + + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec == null) { + bPKDec = new BPKDecryption(); + bPKEncDec.setBPKDecryption(bPKDec); + } + + if (isDeletekeyStore()) { + bPKDec.setIv(null); + bPKDec.setKeyAlias(null); + bPKDec.setKeyInformation(null); + bPKDec.setKeyStoreFileName(null); + + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + if (keyStoreForm != null && keyStoreForm.size() > 0) { + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + + final Iterator interator = keyStoreForm.keySet().iterator(); + bPKDec.setKeyStoreFileName(interator.next()); + bPKDec.setKeyAlias(keyAlias); + keyInfo.setKeyStore(keyStoreForm.get( + bPKDec.getKeyStoreFileName())); + + // encrypt key information + final byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); + try { + final EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); + bPKDec.setIv(encryptkeyInfo.getIv()); + bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); + + } catch (final BuildException e) { + log.error("Configuration encryption FAILED.", e); + return LanguageHelper.getErrorString("error.general.text", request); + + } + } + + request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + final HttpSession session = request.getSession(); + final List errors = new ArrayList<>(); + + String check = null; + + final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + // validate BKU-selection template + final List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName(), + getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); + if (templateError != null && templateError.size() == 0) { + if (keyStoreForm != null && keyStoreForm.size() > 0) { + session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); + + } else { + keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); + } + + } else { + errors.addAll(templateError); + + } + + if (keyStoreForm != null && keyStoreForm.size() > 0) { + check = getKeyStorePassword(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption keystore password is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - if (errors.size() > 0) { - validationError = true; - + } + + check = getKeyAlias(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption key alias is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key alias contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - return errors; - - } - - /** - * @return the keyStorePassword - */ - public String getKeyStorePassword() { - return keyStorePassword; - } - - /** - * @param keyStorePassword the keyStorePassword to set - */ - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - - /** - * @return the keyAlias - */ - public String getKeyAlias() { - return keyAlias; - } - - /** - * @param keyAlias the keyAlias to set - */ - public void setKeyAlias(String keyAlias) { - this.keyAlias = keyAlias; - } - - /** - * @return the keyPassword - */ - public String getKeyPassword() { - return keyPassword; - } - - /** - * @param keyPassword the keyPassword to set - */ - public void setKeyPassword(String keyPassword) { - this.keyPassword = keyPassword; - } - - /** - * @return the keyStoreFileUpload - */ - public List getKeyStoreFileUpload() { - return keyStoreFileUpload; - } - - /** - * @param keyStoreFileUpload the keyStoreFileUpload to set - */ - public void setKeyStoreFileUpload(List keyStoreFileUpload) { - this.keyStoreFileUpload = keyStoreFileUpload; - } - - /** - * @return the keyStoreFileUploadContentType - */ - public List getKeyStoreFileUploadContentType() { - return keyStoreFileUploadContentType; - } - - /** - * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set - */ - public void setKeyStoreFileUploadContentType( - List keyStoreFileUploadContentType) { - this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; - } - - /** - * @return the keyStoreFileUploadFileName - */ - public List getKeyStoreFileUploadFileName() { - return keyStoreFileUploadFileName; - } - - /** - * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set - */ - public void setKeyStoreFileUploadFileName( - List keyStoreFileUploadFileName) { - this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; - } - - /** - * @return the deletekeyStore - */ - public boolean isDeletekeyStore() { - return deletekeyStore; - } - - /** - * @param deletekeyStore the deletekeyStore to set - */ - public void setDeletekeyStore(boolean deletekeyStore) { - this.deletekeyStore = deletekeyStore; - } - - /** - * @return the validationError - */ - public boolean isValidationError() { - return validationError; - } - - + } + + check = getKeyPassword(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + + } + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + final Iterator interator = keyStoreForm.keySet().iterator(); + final String fileName = interator.next(); + keyInfo.setKeyStore(keyStoreForm.get(fileName)); + if (keyInfo.getPrivateKey() == null) { + log.info("Open keyStore FAILED."); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); + + } + } + + if (errors.size() > 0) { + validationError = true; + + } + + return errors; + + } + + /** + * @return the keyStorePassword + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @return the keyAlias + */ + public String getKeyAlias() { + return keyAlias; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @return the keyPassword + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + /** + * @return the keyStoreFileUpload + */ + public List getKeyStoreFileUpload() { + return keyStoreFileUpload; + } + + /** + * @param keyStoreFileUpload the keyStoreFileUpload to set + */ + public void setKeyStoreFileUpload(List keyStoreFileUpload) { + this.keyStoreFileUpload = keyStoreFileUpload; + } + + /** + * @return the keyStoreFileUploadContentType + */ + public List getKeyStoreFileUploadContentType() { + return keyStoreFileUploadContentType; + } + + /** + * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set + */ + public void setKeyStoreFileUploadContentType( + List keyStoreFileUploadContentType) { + this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; + } + + /** + * @return the keyStoreFileUploadFileName + */ + public List getKeyStoreFileUploadFileName() { + return keyStoreFileUploadFileName; + } + + /** + * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set + */ + public void setKeyStoreFileUploadFileName( + List keyStoreFileUploadFileName) { + this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; + } + + /** + * @return the deletekeyStore + */ + public boolean isDeletekeyStore() { + return deletekeyStore; + } + + /** + * @param deletekeyStore the deletekeyStore to set + */ + public void setDeletekeyStore(boolean deletekeyStore) { + this.deletekeyStore = deletekeyStore; + } + + /** + * @return the validationError + */ + public boolean isValidationError() { + return validationError; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index c51513193..45a3dba1b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -36,130 +34,151 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; - - -public class OAGeneralConfig implements IOnlineApplicationData{ - private static final Logger log = Logger.getLogger(OAGeneralConfig.class); - - private boolean isActive = false; - - private String identifier = null; - private String friendlyName = null; - private boolean businessService = false; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAGeneralInformation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - isActive = dbOAConfig.isIsActive(); - - friendlyName = dbOAConfig.getFriendlyName(); - identifier = dbOAConfig.getPublicURLPrefix(); - - if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) - businessService = true; - else - businessService = false; - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - if (authUser.isAdmin()) dbOA.setIsActive(isActive()); - - dbOA.setPublicURLPrefix(getIdentifier()); - dbOA.setFriendlyName(getFriendlyName()); - - if (isBusinessService() || authUser.isOnlyBusinessService()) { - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - } else { - dbOA.setType(null); - } - - return null; - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - //check OA FriendlyName - check = getFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("OAFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.info("OA friendlyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - } - - return errors; - - } - - public boolean isBusinessService() { - return businessService; - } - - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - public String getIdentifier() { - return identifier; - } - - public void setIdentifier(String identifier) { - this.identifier = identifier; - } - - public String getFriendlyName() { - return friendlyName; - } - - public void setFriendlyName(String friendlyName) { - this.friendlyName = friendlyName; - } - - public boolean isActive() { - return isActive; - } - - public void setActive(boolean isActive) { - this.isActive = isActive; - } +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class OAGeneralConfig implements IOnlineApplicationData { + + private boolean isActive = false; + + private String identifier = null; + private String friendlyName = null; + private boolean businessService = false; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAGeneralInformation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + isActive = dbOAConfig.isIsActive(); + + friendlyName = dbOAConfig.getFriendlyName(); + identifier = dbOAConfig.getPublicURLPrefix(); + + if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) { + businessService = true; + } else { + businessService = false; + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) { + dbOA.setIsActive(isActive()); + } + + dbOA.setPublicURLPrefix(getIdentifier()); + dbOA.setFriendlyName(getFriendlyName()); + + if (isBusinessService() || authUser.isOnlyBusinessService()) { + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + } else { + dbOA.setType(null); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + // check OA FriendlyName + check = getFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.info("OA friendlyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + } + + return errors; + + } + + public boolean isBusinessService() { + return businessService; + } + + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + + public String getIdentifier() { + return identifier; + } + + public void setIdentifier(String identifier) { + this.identifier = identifier; + } + + public String getFriendlyName() { + return friendlyName; + } + + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + public boolean isActive() { + return isActive; + } + + public void setActive(boolean isActive) { + this.isActive = isActive; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java index a4d71f0ed..ef5658ca4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -27,194 +27,212 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OAMOAIDPInterfederationConfig.class); - - private String queryURL; - private Boolean inboundSSO = true; - private Boolean outboundSSO = true; - private Boolean storeSSOSession = true; - private Boolean passiveRequest = true; - private Boolean localAuthOnError = true; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "MOAIDPInterfederation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); - if (moaIDP != null) { - this.queryURL = moaIDP.getAttributeQueryURL(); - this.inboundSSO = moaIDP.isInboundSSO(); - this.outboundSSO = moaIDP.isOutboundSSO(); - this.storeSSOSession = moaIDP.isStoreSSOSession(); - this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError(); - this.passiveRequest = moaIDP.isPerformPassivRequest(); - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - if (authUser.isAdmin()) { - dbOA.setIsInterfederationIDP(true); - - InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); - if (moaIDP == null) { - moaIDP = new InterfederationIDPType(); - dbOA.setInterfederationIDP(moaIDP); - } - - moaIDP.setAttributeQueryURL(queryURL); - moaIDP.setInboundSSO(inboundSSO); - moaIDP.setOutboundSSO(outboundSSO); - moaIDP.setStoreSSOSession(storeSSOSession); - moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError); - moaIDP.setPerformPassivRequest(passiveRequest); - - } - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (MiscUtil.isNotEmpty(queryURL)) { - if (!ValidationHelper.validateURL(queryURL)) { - log.info("AttributeQuery URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request)); - - } - } - + private String queryURL; + private Boolean inboundSSO = true; + private Boolean outboundSSO = true; + private Boolean storeSSOSession = true; + private Boolean passiveRequest = true; + private Boolean localAuthOnError = true; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "MOAIDPInterfederation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + final InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP != null) { + this.queryURL = moaIDP.getAttributeQueryURL(); + this.inboundSSO = moaIDP.isInboundSSO(); + this.outboundSSO = moaIDP.isOutboundSSO(); + this.storeSSOSession = moaIDP.isStoreSSOSession(); + this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError(); + this.passiveRequest = moaIDP.isPerformPassivRequest(); + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationIDP(true); + + InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP == null) { + moaIDP = new InterfederationIDPType(); + dbOA.setInterfederationIDP(moaIDP); + } + + moaIDP.setAttributeQueryURL(queryURL); + moaIDP.setInboundSSO(inboundSSO); + moaIDP.setOutboundSSO(outboundSSO); + moaIDP.setStoreSSOSession(storeSSOSession); + moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError); + moaIDP.setPerformPassivRequest(passiveRequest); + + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", + request)); + + } + } + // if (inboundSSO && MiscUtil.isEmpty(queryURL)) { // log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); // errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); // } - - return errors; - } - - /** - * @return the queryURL - */ - public String getQueryURL() { - return queryURL; - } - - /** - * @param queryURL the queryURL to set - */ - public void setQueryURL(String queryURL) { - this.queryURL = queryURL; - } - - /** - * @return the inboundSSO - */ - public boolean isInboundSSO() { - return inboundSSO.booleanValue(); - } - - /** - * @param inboundSSO the inboundSSO to set - */ - public void setInboundSSO(boolean inboundSSO) { - this.inboundSSO = inboundSSO; - } - - /** - * @return the outboundSSO - */ - public boolean isOutboundSSO() { - return outboundSSO.booleanValue(); - } - - /** - * @param outboundSSO the outboundSSO to set - */ - public void setOutboundSSO(boolean outboundSSO) { - this.outboundSSO = outboundSSO; - } - - /** - * @return the storeSSOSession - */ - public boolean isStoreSSOSession() { - return storeSSOSession.booleanValue(); - } - - /** - * @param storeSSOSession the storeSSOSession to set - */ - public void setStoreSSOSession(boolean storeSSOSession) { - this.storeSSOSession = storeSSOSession; - } - - /** - * @return the passiveRequest - */ - public boolean isPassiveRequest() { - return passiveRequest.booleanValue(); - } - - /** - * @param passiveRequest the passiveRequest to set - */ - public void setPassiveRequest(boolean passiveRequest) { - this.passiveRequest = passiveRequest; - } - - /** - * @return the localAuthOnError - */ - public boolean isLocalAuthOnError() { - return localAuthOnError.booleanValue(); - } - - /** - * @param localAuthOnError the localAuthOnError to set - */ - public void setLocalAuthOnError(boolean localAuthOnError) { - this.localAuthOnError = localAuthOnError; - } - - + + return errors; + } + + /** + * @return the queryURL + */ + public String getQueryURL() { + return queryURL; + } + + /** + * @param queryURL the queryURL to set + */ + public void setQueryURL(String queryURL) { + this.queryURL = queryURL; + } + + /** + * @return the inboundSSO + */ + public boolean isInboundSSO() { + return inboundSSO.booleanValue(); + } + + /** + * @param inboundSSO the inboundSSO to set + */ + public void setInboundSSO(boolean inboundSSO) { + this.inboundSSO = inboundSSO; + } + + /** + * @return the outboundSSO + */ + public boolean isOutboundSSO() { + return outboundSSO.booleanValue(); + } + + /** + * @param outboundSSO the outboundSSO to set + */ + public void setOutboundSSO(boolean outboundSSO) { + this.outboundSSO = outboundSSO; + } + + /** + * @return the storeSSOSession + */ + public boolean isStoreSSOSession() { + return storeSSOSession.booleanValue(); + } + + /** + * @param storeSSOSession the storeSSOSession to set + */ + public void setStoreSSOSession(boolean storeSSOSession) { + this.storeSSOSession = storeSSOSession; + } + + /** + * @return the passiveRequest + */ + public boolean isPassiveRequest() { + return passiveRequest.booleanValue(); + } + + /** + * @param passiveRequest the passiveRequest to set + */ + public void setPassiveRequest(boolean passiveRequest) { + this.passiveRequest = passiveRequest; + } + + /** + * @return the localAuthOnError + */ + public boolean isLocalAuthOnError() { + return localAuthOnError.booleanValue(); + } + + /** + * @param localAuthOnError the localAuthOnError to set + */ + public void setLocalAuthOnError(boolean localAuthOnError) { + this.localAuthOnError = localAuthOnError; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java index ce50c847a..bae37b531 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java @@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAOAUTH20; @@ -40,132 +39,150 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import lombok.extern.slf4j.Slf4j; -public class OAOAuth20Config implements IOnlineApplicationData{ - - private final Logger log = Logger.getLogger(OAOAuth20Config.class); - - private String clientId = null; - private String clientSecret = null; - private String redirectUri = null; - - public OAOAuth20Config() { - this.generateClientSecret(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAOpenIDConnect"; - } - - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - List errors = new ArrayList(); - - HttpSession session = request.getSession(); - - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - // set client id to public url prefix - this.clientId = dbOAConfig.getPublicURLPrefix(); - - OAOAUTH20 config = authdata.getOAOAUTH20(); - - if (config != null) { - // validate secret - if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { - this.clientSecret = config.getOAuthClientSecret(); - } else { - this.generateClientSecret(); - } - - // validate redirectUri - if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) { - this.redirectUri = config.getOAuthRedirectUri(); - } else { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); - } - } else { - this.generateClientSecret(); - } - } - - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAOAUTH20ConfigValidation().validate(this, request); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); +@Slf4j +public class OAOAuth20Config implements IOnlineApplicationData { + + private String clientId = null; + private String clientSecret = null; + private String redirectUri = null; + + public OAOAuth20Config() { + this.generateClientSecret(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAOpenIDConnect"; + } + + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final List errors = new ArrayList<>(); + + final HttpSession session = request.getSession(); + + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + // set client id to public url prefix + this.clientId = dbOAConfig.getPublicURLPrefix(); + + final OAOAUTH20 config = authdata.getOAOAUTH20(); + + if (config != null) { + // validate secret + if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { + this.clientSecret = config.getOAuthClientSecret(); + } else { + this.generateClientSecret(); } - - log.debug("Saving OAuth 2.0 configuration:"); - OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); - if (oaOAuth20 == null) { - oaOAuth20 = new OAOAUTH20(); - authoa.setOAOAUTH20(oaOAuth20); + + // validate redirectUri + if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config + .getOAuthRedirectUri())) { + this.redirectUri = config.getOAuthRedirectUri(); + } else { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); } + } else { + this.generateClientSecret(); + } + } + + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAOAUTH20ConfigValidation().validate(this, request); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(getRedirectUri()); + log.debug("client id: " + getClientId()); + log.debug("client secret: " + getClientSecret()); + log.debug("redirect uri:" + getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute( + Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + return null; + } + + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getClientSecret() { + return clientSecret; + } + + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + + public String getRedirectUri() { + return redirectUri; + } + + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } - oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); - // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); - oaOAuth20.setOAuthRedirectUri(getRedirectUri()); - log.debug("client id: " + getClientId()); - log.debug("client secret: " + getClientSecret()); - log.debug("redirect uri:" + getRedirectUri()); - - oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); - request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); - - return null; - } - - public String getClientId() { - return clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public String getClientSecret() { - return clientSecret; - } - - public void setClientSecret(String clientSecret) { - this.clientSecret = clientSecret; - } - - public String getRedirectUri() { - return redirectUri; - } - - public void setRedirectUri(String redirectUri) { - this.redirectUri = redirectUri; - } - - public void generateClientSecret() { - this.clientSecret = UUID.randomUUID().toString(); - } + public void generateClientSecret() { + this.clientSecret = UUID.randomUUID().toString(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index 4be1a81de..008617e76 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -32,228 +32,247 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - -import iaik.x509.X509Certificate; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; -import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; -public class OAPVP2Config implements IOnlineApplicationData{ - - private final Logger log = Logger.getLogger(OAPVP2Config.class); - - private boolean reLoad = false; - - private String metaDataURL = null; - private String certificateDN = null; - - private File fileUpload = null; - private String fileUploadContentType; - private String fileUploadFileName; - - private byte[] storedCert = null; - - public OAPVP2Config() { - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAPVP2"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) - */ - @Override - public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - OAPVP2 pvp2 = authoa.getOAPVP2(); - if (pvp2 == null) { - pvp2 = new OAPVP2(); - authoa.setOAPVP2(pvp2); - } +@Slf4j +public class OAPVP2Config implements IOnlineApplicationData { + + private boolean reLoad = false; + + private String metaDataURL = null; + private String certificateDN = null; + + private File fileUpload = null; + private String fileUploadContentType; + private String fileUploadFileName; + + private byte[] storedCert = null; + + public OAPVP2Config() { + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAPVP2"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) + */ + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + try { + + if (getFileUpload() != null) { + pvp2.setCertificate(getCertificate()); + setReLoad(true); + + } else if (storedCert != null) { + pvp2.setCertificate(storedCert); + } + + } catch (final CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); + } catch (final IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + } + + if (getMetaDataURL() != null && + !getMetaDataURL().equals(pvp2.getMetadataURL())) { + setReLoad(true); + } + pvp2.setMetadataURL(getMetaDataURL()); + + if (isReLoad()) { + pvp2.setUpdateRequiredItem(new Date()); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); + } - try { - - if (getFileUpload() != null) { - pvp2.setCertificate(getCertificate()); - setReLoad(true); - - } else if (storedCert != null) - pvp2.setCertificate(storedCert); - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); - } catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) + */ + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final List errors = new ArrayList<>(); + + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OAPVP2 pvp2 = authdata.getOAPVP2(); + if (pvp2 != null) { + metaDataURL = pvp2.getMetadataURL(); + + if (pvp2.getCertificate() != null && + !new String(pvp2.getCertificate()).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + try { + // byte[] cert = pvp2.getCertificate(); + final byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false); + if (MiscUtil.isNotEmpty(cert)) { + final X509Certificate x509 = new X509Certificate(cert); + certificateDN = x509.getSubjectDN().getName(); + } + } catch (final CertificateException e) { + try { + final byte[] cert = pvp2.getCertificate(); + if (MiscUtil.isNotEmpty(cert)) { + final X509Certificate x509 = new X509Certificate(cert); + certificateDN = x509.getSubjectDN().getName(); + } + + } catch (final CertificateException e1) { + log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig + .getPublicURLPrefix(), e1); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); + + } + + } catch (final IOException e) { + log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig + .getPublicURLPrefix()); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); + } } + } + } + return errors; + } - if (getMetaDataURL() != null && - !getMetaDataURL().equals(pvp2.getMetadataURL())) - setReLoad(true); - pvp2.setMetadataURL(getMetaDataURL()); - - if (isReLoad()) - pvp2.setUpdateRequiredItem(new Date()); - - return null; - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) - */ - @Override - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - List errors = new ArrayList(); - - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OAPVP2 pvp2 = authdata.getOAPVP2(); - if (pvp2 != null) { - metaDataURL = pvp2.getMetadataURL(); - - if (pvp2.getCertificate() != null && - !(new String(pvp2.getCertificate())).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { - try { - //byte[] cert = pvp2.getCertificate(); - byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false); - if (MiscUtil.isNotEmpty(cert)) { - X509Certificate x509 = new X509Certificate(cert); - certificateDN = x509.getSubjectDN().getName(); - } - } catch (CertificateException e) { - try { - byte[] cert = pvp2.getCertificate(); - if (MiscUtil.isNotEmpty(cert)) { - X509Certificate x509 = new X509Certificate(cert); - certificateDN = x509.getSubjectDN().getName(); - } - - } catch (CertificateException e1) { - log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix(), e1); - errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); - - } - - } catch (IOException e) { - log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix()); - errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); - } - } - } - } - return errors; - } - - public byte[] getCertificate() throws CertificateException, IOException { - - FileInputStream filestream = new FileInputStream(fileUpload); - X509Certificate x509 = new X509Certificate(filestream); - return x509.getEncoded(); - } - - public void setStoredCert(byte[] storedCert) { - this.storedCert = storedCert; - } - - public String getMetaDataURL() { - return metaDataURL; - } - public void setMetaDataURL(String metaDataURL) { - this.metaDataURL = metaDataURL; - } - - /** - * @return the certificateDN - */ - public String getCertificateDN() { - return certificateDN; - } - - /** - * @return the fileUpLoad - */ - public File getFileUpload() { - return fileUpload; - } - - /** - * @param fileUpLoad the fileUpLoad to set - */ - public void setFileUpload(File fileUpload) { - this.fileUpload = fileUpload; - } - - /** - * @return the fileUploadContentType - */ - public String getFileUploadContentType() { - return fileUploadContentType; - } - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(String fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - /** - * @return the fileUploadFileName - */ - public String getFileUploadFileName() { - return fileUploadFileName; - } - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(String fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - /** - * @return the reLoad - */ - public boolean isReLoad() { - return reLoad; - } - - /** - * @param reLoad the reLoad to set - */ - public void setReLoad(boolean reLoad) { - this.reLoad = reLoad; - } - -} + public byte[] getCertificate() throws CertificateException, IOException { + + final FileInputStream filestream = new FileInputStream(fileUpload); + final X509Certificate x509 = new X509Certificate(filestream); + return x509.getEncoded(); + } + + public void setStoredCert(byte[] storedCert) { + this.storedCert = storedCert; + } + + public String getMetaDataURL() { + return metaDataURL; + } + + public void setMetaDataURL(String metaDataURL) { + this.metaDataURL = metaDataURL; + } + /** + * @return the certificateDN + */ + public String getCertificateDN() { + return certificateDN; + } + /** + * @return the fileUpLoad + */ + public File getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpLoad the fileUpLoad to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the reLoad + */ + public boolean isReLoad() { + return reLoad; + } + + /** + * @param reLoad the reLoad to set + */ + public void setReLoad(boolean reLoad) { + this.reLoad = reLoad; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java index 18bebf9d8..76fd31ccd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java @@ -39,113 +39,134 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class OARevisionsLogData implements IOnlineApplicationData { - private boolean active = false; - private String eventCodes = null; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OARevisionsLogging"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - if (dbOA.getIsRevisionsLogActive() != null) - active = dbOA.getIsRevisionsLogActive(); - - if (MiscUtil.isNotEmpty(dbOA.getEventCodes())) - eventCodes = dbOA.getEventCodes(); - - return null; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - dbOA.setIsRevisionsLogActive(active); - - if (MiscUtil.isNotEmpty(eventCodes)) { - dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes)); - - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - List errors = new ArrayList(); - - if (active && MiscUtil.isEmpty(eventCodes)) { - errors.add(LanguageHelper.getErrorString( - "error.oa.reversion.log.enabled")); - - } - - if (MiscUtil.isNotEmpty(eventCodes)) { - String[] codes = eventCodes.split(","); - for (String el: codes) { - try { - Integer.parseInt(el.trim()); - - } catch (NumberFormatException e) { - errors.add(LanguageHelper.getErrorString( - "error.oa.reversion.log.eventcodes")); - break; - - } - - } - - } - - return errors; - } - - /** - * @return the active - */ - public boolean isActive() { - return active; - } - - /** - * @param active the active to set - */ - public void setActive(boolean active) { - this.active = active; - } - - /** - * @return the eventCodes - */ - public String getEventCodes() { - return eventCodes; - } - - /** - * @param eventCodes the eventCodes to set - */ - public void setEventCodes(String eventCodes) { - this.eventCodes = eventCodes; - } - - + private boolean active = false; + private String eventCodes = null; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OARevisionsLogging"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + if (dbOA.getIsRevisionsLogActive() != null) { + active = dbOA.getIsRevisionsLogActive(); + } + + if (MiscUtil.isNotEmpty(dbOA.getEventCodes())) { + eventCodes = dbOA.getEventCodes(); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + dbOA.setIsRevisionsLogActive(active); + + if (MiscUtil.isNotEmpty(eventCodes)) { + dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes)); + + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + final List errors = new ArrayList<>(); + + if (active && MiscUtil.isEmpty(eventCodes)) { + errors.add(LanguageHelper.getErrorString( + "error.oa.reversion.log.enabled")); + + } + + if (MiscUtil.isNotEmpty(eventCodes)) { + final String[] codes = eventCodes.split(","); + for (final String el : codes) { + try { + Integer.parseInt(el.trim()); + + } catch (final NumberFormatException e) { + errors.add(LanguageHelper.getErrorString( + "error.oa.reversion.log.eventcodes")); + break; + + } + + } + + } + + return errors; + } + + /** + * @return the active + */ + public boolean isActive() { + return active; + } + + /** + * @param active the active to set + */ + public void setActive(boolean active) { + this.active = active; + } + + /** + * @return the eventCodes + */ + public String getEventCodes() { + return eventCodes; + } + + /** + * @param eventCodes the eventCodes to set + */ + public void setEventCodes(String eventCodes) { + this.eventCodes = eventCodes; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java index 2922231b3..f1ee853ae 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -33,178 +33,213 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; -public class OASAML1Config implements IOnlineApplicationData{ - - private Boolean isActive = false; - private Boolean provideStammZahl = false; - private Boolean provideAuthBlock = false; - private Boolean provideIdentityLink = false; - private Boolean provideCertificate = false; - private Boolean provideFullMandateData = false; - private Boolean useCondition = false; - private Boolean provideAllErrors = true; - private int conditionLength = -1; - - - public OASAML1Config() { - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASAML1"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOA.getAuthComponentOA(); - if (authdata != null) { - OASAML1 saml1 = authdata.getOASAML1(); - if (saml1 != null) { - provideAuthBlock = saml1.isProvideAUTHBlock(); - provideCertificate = saml1.isProvideCertificate(); - provideFullMandateData = saml1.isProvideFullMandatorData(); - provideIdentityLink = saml1.isProvideIdentityLink(); - provideStammZahl = saml1.isProvideStammzahl(); - - if (saml1.isProvideAllErrors() != null) - provideAllErrors = saml1.isProvideAllErrors(); - - if (saml1.isUseCondition() != null) - useCondition = saml1.isUseCondition(); - - if (saml1.getConditionLength() != null) - conditionLength = saml1.getConditionLength().intValue(); - - if (saml1.isIsActive() != null) - isActive = saml1.isIsActive(); - } - } - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OASAML1ConfigValidation().validate(this, general, request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - OASAML1 saml1 = authoa.getOASAML1(); - if (saml1 == null) { - saml1 = new OASAML1(); - authoa.setOASAML1(saml1); - saml1.setIsActive(false); - } - - if (authUser.isAdmin()) { - saml1.setIsActive(isActive()); - } - - if (saml1.isIsActive() != null && saml1.isIsActive()) { - saml1.setProvideAUTHBlock(isProvideAuthBlock()); - saml1.setProvideCertificate(isProvideCertificate()); - saml1.setProvideFullMandatorData(isProvideFullMandateData()); - saml1.setProvideIdentityLink(isProvideIdentityLink()); - saml1.setProvideStammzahl(isProvideStammZahl()); - saml1.setUseCondition(isUseCondition()); - saml1.setProvideAllErrors(provideAllErrors); - saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); - // TODO: set sourceID - // saml1.setSourceID(""); - } - - return null; - } - - public boolean isProvideStammZahl() { - return provideStammZahl; - } - public void setProvideStammZahl(boolean provideStammZahl) { - this.provideStammZahl = provideStammZahl; - } - public boolean isProvideAuthBlock() { - return provideAuthBlock; - } - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } - public boolean isProvideIdentityLink() { - return provideIdentityLink; - } - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } - public boolean isProvideCertificate() { - return provideCertificate; - } - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - public boolean isProvideFullMandateData() { - return provideFullMandateData; - } - public void setProvideFullMandateData(boolean provideFullMandateData) { - this.provideFullMandateData = provideFullMandateData; - } - public boolean isUseCondition() { - return useCondition; - } - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - public int getConditionLength() { - return conditionLength; - } - public void setConditionLength(int conditionLength) { - this.conditionLength = conditionLength; - } - - /** - * @return the isActive - */ - public boolean isActive() { - return isActive; - } - - /** - * @param isActive the isActive to set - */ - public void setActive(boolean isActive) { - this.isActive = isActive; - } - - /** - * @return the provideAllErrors - */ - public Boolean getProvideAllErrors() { - return provideAllErrors; - } - - /** - * @param provideAllErrors the provideAllErrors to set - */ - public void setProvideAllErrors(Boolean provideAllErrors) { - this.provideAllErrors = provideAllErrors; - } - - +public class OASAML1Config implements IOnlineApplicationData { + + private Boolean isActive = false; + private Boolean provideStammZahl = false; + private Boolean provideAuthBlock = false; + private Boolean provideIdentityLink = false; + private Boolean provideCertificate = false; + private Boolean provideFullMandateData = false; + private Boolean useCondition = false; + private Boolean provideAllErrors = true; + private int conditionLength = -1; + + public OASAML1Config() { + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASAML1"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA authdata = dbOA.getAuthComponentOA(); + if (authdata != null) { + final OASAML1 saml1 = authdata.getOASAML1(); + if (saml1 != null) { + provideAuthBlock = saml1.isProvideAUTHBlock(); + provideCertificate = saml1.isProvideCertificate(); + provideFullMandateData = saml1.isProvideFullMandatorData(); + provideIdentityLink = saml1.isProvideIdentityLink(); + provideStammZahl = saml1.isProvideStammzahl(); + + if (saml1.isProvideAllErrors() != null) { + provideAllErrors = saml1.isProvideAllErrors(); + } + + if (saml1.isUseCondition() != null) { + useCondition = saml1.isUseCondition(); + } + + if (saml1.getConditionLength() != null) { + conditionLength = saml1.getConditionLength().intValue(); + } + + if (saml1.isIsActive() != null) { + isActive = saml1.isIsActive(); + } + } + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OASAML1ConfigValidation().validate(this, general, request); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(isProvideAuthBlock()); + saml1.setProvideCertificate(isProvideCertificate()); + saml1.setProvideFullMandatorData(isProvideFullMandateData()); + saml1.setProvideIdentityLink(isProvideIdentityLink()); + saml1.setProvideStammzahl(isProvideStammZahl()); + saml1.setUseCondition(isUseCondition()); + saml1.setProvideAllErrors(provideAllErrors); + saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); + } + + return null; + } + + public boolean isProvideStammZahl() { + return provideStammZahl; + } + + public void setProvideStammZahl(boolean provideStammZahl) { + this.provideStammZahl = provideStammZahl; + } + + public boolean isProvideAuthBlock() { + return provideAuthBlock; + } + + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + public boolean isProvideIdentityLink() { + return provideIdentityLink; + } + + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + public boolean isProvideCertificate() { + return provideCertificate; + } + + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + public boolean isProvideFullMandateData() { + return provideFullMandateData; + } + + public void setProvideFullMandateData(boolean provideFullMandateData) { + this.provideFullMandateData = provideFullMandateData; + } + + public boolean isUseCondition() { + return useCondition; + } + + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + public int getConditionLength() { + return conditionLength; + } + + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + /** + * @return the provideAllErrors + */ + public Boolean getProvideAllErrors() { + return provideAllErrors; + } + + /** + * @param provideAllErrors the provideAllErrors to set + */ + public void setProvideAllErrors(Boolean provideAllErrors) { + this.provideAllErrors = provideAllErrors; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java index 1baefe4b8..ed0f1c278 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java @@ -32,88 +32,104 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; -public class OASSOConfig implements IOnlineApplicationData{ - - private boolean useSSO = false; - private boolean showAuthDataFrame = true; - private String singleLogOutURL = null; - - public OASSOConfig() { - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASingleSignOn"; - } - - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OASSO ssoconfig = authdata.getOASSO(); - if(ssoconfig != null) { - useSSO = ssoconfig.isUseSSO(); - showAuthDataFrame = ssoconfig.isAuthDataFrame(); - singleLogOutURL = ssoconfig.getSingleLogOutURL(); - } - } - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, AuthenticatedUser authUser, - HttpServletRequest request) { - return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); - } - - public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { - - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - - OASSO sso = authoa.getOASSO(); - if (sso == null) { - sso = new OASSO(); - authoa.setOASSO(sso); - sso.setAuthDataFrame(true); - } - sso.setUseSSO(this.useSSO); - - if (authUser.isAdmin()) - sso.setAuthDataFrame(this.showAuthDataFrame); - - sso.setSingleLogOutURL(this.singleLogOutURL); - - return null; - } - - public boolean isUseSSO() { - return useSSO; - } - public void setUseSSO(boolean useSSO) { - this.useSSO = useSSO; - } - public boolean isShowAuthDataFrame() { - return showAuthDataFrame; - } - public void setShowAuthDataFrame(boolean showAuthDataFrame) { - this.showAuthDataFrame = showAuthDataFrame; - } - public String getSingleLogOutURL() { - return singleLogOutURL; - } - public void setSingleLogOutURL(String singleLogOutURL) { - this.singleLogOutURL = singleLogOutURL; - } +public class OASSOConfig implements IOnlineApplicationData { + + private boolean useSSO = false; + private boolean showAuthDataFrame = true; + private String singleLogOutURL = null; + + public OASSOConfig() { + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASingleSignOn"; + } + + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OASSO ssoconfig = authdata.getOASSO(); + if (ssoconfig != null) { + useSSO = ssoconfig.isUseSSO(); + showAuthDataFrame = ssoconfig.isAuthDataFrame(); + singleLogOutURL = ssoconfig.getSingleLogOutURL(); + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); + } + + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(this.useSSO); + + if (authUser.isAdmin()) { + sso.setAuthDataFrame(this.showAuthDataFrame); + } + + sso.setSingleLogOutURL(this.singleLogOutURL); + + return null; + } + + public boolean isUseSSO() { + return useSSO; + } + + public void setUseSSO(boolean useSSO) { + this.useSSO = useSSO; + } + + public boolean isShowAuthDataFrame() { + return showAuthDataFrame; + } + + public void setShowAuthDataFrame(boolean showAuthDataFrame) { + this.showAuthDataFrame = showAuthDataFrame; + } + + public String getSingleLogOutURL() { + return singleLogOutURL; + } + + public void setSingleLogOutURL(String singleLogOutURL) { + this.singleLogOutURL = singleLogOutURL; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index fb096a2a0..82ef9d1d1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -44,306 +42,331 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; import at.gv.egovernment.moa.util.MiscUtil; //import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class OASTORKConfig implements IOnlineApplicationData { + + private boolean isStorkLogonEnabled = false; + private String qaa; + + private List attributes = null; + + /* + * VIDP settings below + */ + private boolean vidpEnabled = false; + private List attributeProviderPlugins = new ArrayList<>(); + private boolean requireConsent = false; + private final List citizenCountries; + private List enabledCitizenCountries; + + private MOAIDConfiguration dbconfig = null; + + public OASTORKConfig() { + // fetch available citizen countries + citizenCountries = new ArrayList<>(); + try { + dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS()) { + citizenCountries.add(current.getCountryCode()); + } + + } catch (final NullPointerException e) { + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASTORK2"; + } + + /** + * Parses the OA config for stork entities. + * + * @param dbOAConfig the db oa config + */ + @Override + public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OASTORK config = authdata.getOASTORK(); + if (config != null) { + setStorkLogonEnabled(config.isStorkLogonEnabled()); + + try { + setQaa(config.geteIDAS_LOA()); + } catch (final NullPointerException e) { + // if there is no configuration available for the OA, get the default qaa level + try { + setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getGeneral_eIDAS_LOA()); + + } catch (final NullPointerException e1) { + setQaa(MOAIDConstants.eIDAS_LOA_HIGH); + + } + } + + enabledCitizenCountries = new ArrayList<>(); + if (config.getCPEPS() != null) { + for (final CPEPS current : config.getCPEPS()) { + enabledCitizenCountries.add(current.getCountryCode()); + } + } -public class OASTORKConfig implements IOnlineApplicationData{ - - private static final Logger log = Logger.getLogger(OASTORKConfig.class); - - private boolean isStorkLogonEnabled = false; - private String qaa; - - private List attributes = null; - - /* - * VIDP settings below - */ - private boolean vidpEnabled = false; - private List attributeProviderPlugins = new ArrayList(); - private boolean requireConsent = false; - private List citizenCountries; - private List enabledCitizenCountries; - - private MOAIDConfiguration dbconfig = null; - - public OASTORKConfig() { - // fetch available citizen countries - citizenCountries = new ArrayList(); - try { - dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - - for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - citizenCountries.add(current.getCountryCode()); - } - - }catch (NullPointerException e) { - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASTORK2"; - } - - /** - * Parses the OA config for stork entities. - * - * @param dbOAConfig - * the db oa config - */ - public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OASTORK config = authdata.getOASTORK(); - if(config != null) { - setStorkLogonEnabled(config.isStorkLogonEnabled()); - - try { - setQaa(config.geteIDAS_LOA()); - } catch(NullPointerException e) { - // if there is no configuration available for the OA, get the default qaa level - try { - setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA()); - - } catch (NullPointerException e1) { - setQaa(MOAIDConstants.eIDAS_LOA_HIGH); - - } - } - - - enabledCitizenCountries = new ArrayList(); - if (config.getCPEPS() != null) { - for(CPEPS current : config.getCPEPS()) - enabledCitizenCountries.add(current.getCountryCode()); - } - - // prepare attribute helper list - attributes = new ArrayList(); - try { - try { - for(StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) { - AttributeHelper tmp = null; - - if (config.getOAAttributes() != null) { - for(OAStorkAttribute sepp : config.getOAAttributes()) - if(sepp.getName() != null && sepp.getName().equals(current.getName())) - tmp = new AttributeHelper(sepp); - } - - if(null == tmp) - tmp = new AttributeHelper(current); - - attributes.add(tmp); - } - - } catch (NullPointerException ex) { - - } - - // fetch vidp config - if (config.isVidpEnabled() != null) - setVidpEnabled(config.isVidpEnabled()); - else - setVidpEnabled(false); - - if (config.isRequireConsent() != null) - setRequireConsent(config.isRequireConsent()); - else - setRequireConsent(false); - - attributeProviderPlugins = config.getAttributeProviders(); - // - if no attribute providers are configured, add a dummy - // TODO this is a dirty hack since we have to have one entry to - // clone from in the web form. Happens when time is short. - // Sorry. - if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty()) - attributeProviderPlugins.add(new AttributeProviderPlugin()); - } catch (NullPointerException ex) { - log.error("Nullpointerexception encountered in Configurationinterface", ex); + // prepare attribute helper list + attributes = new ArrayList<>(); + try { + try { + for (final StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities() + .getSTORK().getAttributes()) { + AttributeHelper tmp = null; + + if (config.getOAAttributes() != null) { + for (final OAStorkAttribute sepp : config.getOAAttributes()) { + if (sepp.getName() != null && sepp.getName().equals(current.getName())) { + tmp = new AttributeHelper(sepp); + } } - } - } - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, AuthenticatedUser authUser, - HttpServletRequest request) { - return new OASTORKConfigValidation().validate(this, request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + } + + if (null == tmp) { + tmp = new AttributeHelper(current); + } + + attributes.add(tmp); + } + + } catch (final NullPointerException ex) { + + } + + // fetch vidp config + if (config.isVidpEnabled() != null) { + setVidpEnabled(config.isVidpEnabled()); + } else { + setVidpEnabled(false); + } + + if (config.isRequireConsent() != null) { + setRequireConsent(config.isRequireConsent()); + } else { + setRequireConsent(false); + } + + attributeProviderPlugins = config.getAttributeProviders(); + // - if no attribute providers are configured, add a dummy + // TODO this is a dirty hack since we have to have one entry to + // clone from in the web form. Happens when time is short. + // Sorry. + if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty()) { + attributeProviderPlugins.add(new AttributeProviderPlugin()); + } + } catch (final NullPointerException ex) { + log.error("Nullpointerexception encountered in Configurationinterface", ex); } - - // fetch stork configuration from database model - OASTORK stork = authoa.getOASTORK(); - if (stork == null) { - // if there is none, create a new one with default values. - stork = new OASTORK(); - authoa.setOASTORK(stork); - stork.setStorkLogonEnabled(false); + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASTORKConfigValidation().validate(this, request); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(isStorkLogonEnabled()); + stork.seteIDAS_LOA(getQaa()); + stork.setOAAttributes(getAttributes()); + stork.setVidpEnabled(isVidpEnabled()); + stork.setRequireConsent(isRequireConsent()); + stork.setAttributeProviders(getAttributeProviderPlugins()); + stork.setCPEPS(getEnabledCPEPS()); + + return null; + + } + + public boolean isStorkLogonEnabled() { + return isStorkLogonEnabled; + } + + public void setStorkLogonEnabled(boolean enabled) { + this.isStorkLogonEnabled = enabled; + } + + public String getQaa() { + return qaa; + } + + public void setQaa(String qaa) { + this.qaa = qaa; + } + + public List getAttributes() { + final List result = new ArrayList<>(); + + if (null == getHelperAttributes()) { + return result; + } + + for (final AttributeHelper current : getHelperAttributes()) { + List generalConfStorkAttr = null; + try { + generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getAttributes(); + + } catch (final NullPointerException e) { + log.trace("No STORK attributes in 'General Configuration'"); + + } + + if (generalConfStorkAttr != null) { + for (final StorkAttribute currentAttribute : generalConfStorkAttr) { + if (MiscUtil.isNotEmpty(currentAttribute.getName()) && + currentAttribute.getName().equals(current.getName())) { + if (current.isUsed() || currentAttribute.isMandatory()) { + final OAStorkAttribute tmp = new OAStorkAttribute(); + tmp.setName(current.getName()); + tmp.setMandatory(current.isMandatory()); + result.add(tmp); + + } + break; + } } - // transfer the incoming data to the database model - stork.setStorkLogonEnabled(isStorkLogonEnabled()); - stork.seteIDAS_LOA(getQaa()); - stork.setOAAttributes(getAttributes()); - stork.setVidpEnabled(isVidpEnabled()); - stork.setRequireConsent(isRequireConsent()); - stork.setAttributeProviders(getAttributeProviderPlugins()); - stork.setCPEPS(getEnabledCPEPS()); - - return null; - - } - - public boolean isStorkLogonEnabled() { - return isStorkLogonEnabled; - } - - public void setStorkLogonEnabled(boolean enabled) { - this.isStorkLogonEnabled = enabled; - } - - public String getQaa() { - return qaa; - } - - public void setQaa(String qaa) { - this.qaa = qaa; - } - - public List getAttributes() { - List result = new ArrayList(); - - if(null == getHelperAttributes()) - return result; - - for(AttributeHelper current : getHelperAttributes()) { - List generalConfStorkAttr = null; - try { - generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes(); - - } catch (NullPointerException e) { - log.trace("No STORK attributes in 'General Configuration'"); - - } - - if (generalConfStorkAttr != null) { - for(StorkAttribute currentAttribute : generalConfStorkAttr) - if(MiscUtil.isNotEmpty(currentAttribute.getName()) && - currentAttribute.getName().equals(current.getName())) { - if(current.isUsed() || currentAttribute.isMandatory()) { - OAStorkAttribute tmp = new OAStorkAttribute(); - tmp.setName(current.getName()); - tmp.setMandatory(current.isMandatory()); - result.add(tmp); - - } - break; - } - } - } - - return result; - } - - public List getHelperAttributes() { - return attributes; - } - - public void setHelperAttributes(List attributes) { - this.attributes = attributes; - } - - public List getAvailableCitizenCountries() { - return citizenCountries; - } - - - public List getAllowedLoALevels() { - return MOAIDConstants.ALLOWED_eIDAS_LOA; - } - - public List getEnabledCitizenCountries() { - return enabledCitizenCountries; - } - - public void setEnabledCitizenCountries(List update) { - enabledCitizenCountries = update; - } - - public List getEnabledCPEPS() { - if (enabledCitizenCountries != null) { - List result = new ArrayList(); - - try { - for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - if(enabledCitizenCountries.contains(current.getCountryCode())) - result.add(current); - } - - } catch (NullPointerException e){ - - } - return result; - } - - return null; - - } - - public List getAvailableAttributeProviderPlugins() { - //TODO: remove in final version - - return new ArrayList(); - //return AttributeProviderFactory.getAvailablePlugins(); - } - - public List getAttributeProviderPlugins() { - return attributeProviderPlugins; - } - - public void setAttributeProviderPlugins(List update) { - attributeProviderPlugins = update; - } - - public boolean isVidpEnabled() { - return vidpEnabled; - } - - public void setVidpEnabled(boolean update) { - vidpEnabled = update; - } - - public boolean isRequireConsent() { - return requireConsent; - } - - public void setRequireConsent(boolean update) { - requireConsent = update; - } + } + } + + return result; + } + + public List getHelperAttributes() { + return attributes; + } + + public void setHelperAttributes(List attributes) { + this.attributes = attributes; + } + + public List getAvailableCitizenCountries() { + return citizenCountries; + } + + public List getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + + public List getEnabledCitizenCountries() { + return enabledCitizenCountries; + } + + public void setEnabledCitizenCountries(List update) { + enabledCitizenCountries = update; + } + + public List getEnabledCPEPS() { + if (enabledCitizenCountries != null) { + final List result = new ArrayList<>(); + + try { + for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS()) { + if (enabledCitizenCountries.contains(current.getCountryCode())) { + result.add(current); + } + } + + } catch (final NullPointerException e) { + + } + return result; + } + + return null; + + } + + public List getAvailableAttributeProviderPlugins() { + // TODO: remove in final version + + return new ArrayList<>(); + // return AttributeProviderFactory.getAvailablePlugins(); + } + + public List getAttributeProviderPlugins() { + return attributeProviderPlugins; + } + + public void setAttributeProviderPlugins(List update) { + attributeProviderPlugins = update; + } + + public boolean isVidpEnabled() { + return vidpEnabled; + } + + public void setVidpEnabled(boolean update) { + vidpEnabled = update; + } + + public boolean isRequireConsent() { + return requireConsent; + } + + public void setRequireConsent(boolean update) { + requireConsent = update; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index 84516c73f..be1b937f0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -43,464 +43,473 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class OATargetConfiguration implements IOnlineApplicationData { - private boolean deaktivededBusinessService = false; - - private boolean subTargetSet = false; - - private String target = null; - private String target_subsector = null; - private String target_admin = null; - private static List targetList = null; - private String targetFriendlyName = null; - private boolean isAdminTarget = false; - - private String identificationNumber = null; - private String identificationType = null; - private static List identificationTypeList = null; - - private String foreignbPKTargets = null; - private String additionalbPKTargets = null; - private boolean eidDemoActive = false; + private boolean deaktivededBusinessService = false; + + private boolean subTargetSet = false; + + private String target = null; + private String target_subsector = null; + private String target_admin = null; + private static List targetList = null; + private String targetFriendlyName = null; + private boolean isAdminTarget = false; + + private String identificationNumber = null; + private String identificationType = null; + private static List identificationTypeList = null; + + private String foreignbPKTargets = null; + private String additionalbPKTargets = null; + private boolean eidDemoActive = false; private boolean eidProxyActive = false; - - public OATargetConfiguration() { - targetList = TargetValidator.getListOfTargets(); - target = ""; - - identificationTypeList = Arrays.asList( - Constants.IDENIFICATIONTYPE_FN, - Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB, - Constants.IDENIFICATIONTYPE_STORK, - Constants.IDENIFICATIONTYPE_EIDAS); - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OATargetConfig"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - String target_full = dbOA.getTarget(); - if (MiscUtil.isNotEmpty(target_full)) { - if (TargetValidator.isValidTarget(target_full)) { - target = target_full; - - } else { - String[] target_split = target_full.split("-"); - - if (TargetValidator.isValidTarget(target_split[0])) { - target = target_split[0]; - if (target_split.length > 1) { - target_subsector = target_split[1]; - subTargetSet = true; - } - - } else { - target = ""; - target_subsector = null; - target_admin = target_full; - isAdminTarget = true; - } - } - targetFriendlyName = dbOA.getTargetFriendlyName(); - } - - AuthComponentOA oaauth = dbOA.getAuthComponentOA(); - if (oaauth != null) { - - IdentificationNumber idnumber = oaauth.getIdentificationNumber(); - if (idnumber != null) { - String number = idnumber.getValue(); - if (MiscUtil.isNotEmpty(number)) { - String[] split = number.split("\\+"); - - if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { - identificationType = split[1]; - identificationNumber = split[2]; - - } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_EIDAS; - identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident - - } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_STORK; - identificationNumber = split[2]; // setting sp country as ident type -> sp ident - } - } - - if (authUser.isOnlyBusinessService()) { - deaktivededBusinessService = authUser.isOnlyBusinessService(); - - identificationType = authUser.getBusinessServiceType(); - identificationNumber = authUser.getBusinessServiceNumber(); - - } - - } - } - - - //parse foreign bPK sector list - if (dbOA.getForeignbPKTargetList() != null) { - if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) - foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); - - else { - if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, - dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - foreignbPKTargets = dbOA.getForeignbPKTargetList(); - - } - } - - //parse additional bPK sector list - if (dbOA.getAdditionalbPKTargetList() != null) { - if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) - additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); - - else { - if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, - dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); - - } - } - - //parse 'Austrian eID mode' flag - eidDemoActive = dbOA.getIseIDDemoModeActive(); - eidProxyActive = dbOA.getIseIDProxyModeActive(); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + + public OATargetConfiguration() { + targetList = TargetValidator.getListOfTargets(); + target = ""; + + identificationTypeList = Arrays.asList( + Constants.IDENIFICATIONTYPE_FN, + Constants.IDENIFICATIONTYPE_ZVR, + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK, + Constants.IDENIFICATIONTYPE_EIDAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OATargetConfig"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + final String target_full = dbOA.getTarget(); + if (MiscUtil.isNotEmpty(target_full)) { + if (TargetValidator.isValidTarget(target_full)) { + target = target_full; + + } else { + final String[] target_split = target_full.split("-"); + + if (TargetValidator.isValidTarget(target_split[0])) { + target = target_split[0]; + if (target_split.length > 1) { + target_subsector = target_split[1]; + subTargetSet = true; + } + + } else { + target = ""; + target_subsector = null; + target_admin = target_full; + isAdminTarget = true; + } + } + targetFriendlyName = dbOA.getTargetFriendlyName(); + } + + final AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + + final IdentificationNumber idnumber = oaauth.getIdentificationNumber(); + if (idnumber != null) { + final String number = idnumber.getValue(); + if (MiscUtil.isNotEmpty(number)) { + final String[] split = number.split("\\+"); + + if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; + identificationNumber = split[2]; + + } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { + // identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_EIDAS; + identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident + + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + // identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_STORK; + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } } - - if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { - - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - String num = null; - if (authUser.isOnlyBusinessService()) { - deaktivededBusinessService = authUser.isOnlyBusinessService(); - num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); - - } else { - - num = getIdentificationNumber().replaceAll(" ", ""); - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - - /*Fixme: - * Company numbers had to be padded with '0' on left site - * But this bugfix can not be activated, because this would - * change all bPKs for company numbers. - * - * Change this in case of new bPK generation algorithms - */ - // num = StringUtils.leftPad(num, 7, '0'); - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - } - - IdentificationNumber idnumber = authoa.getIdentificationNumber(); - if (idnumber == null) - idnumber = new IdentificationNumber(); - - if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { - idnumber.setValue(Constants.PREFIX_EIDAS + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - - } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { - idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - } else { - idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - } - - authoa.setIdentificationNumber(idnumber); + + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + + identificationType = authUser.getBusinessServiceType(); + identificationNumber = authUser.getBusinessServiceNumber(); + + } + + } + } + + // parse foreign bPK sector list + if (dbOA.getForeignbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) { + foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); + } else { + if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, + dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); } else { - dbOA.setType(null); + foreignbPKTargets = dbOA.getForeignbPKTargetList(); + } + + } + } - if (authUser.isAdmin()) { - if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { - dbOA.setTarget(getTarget_admin()); - dbOA.setTargetFriendlyName(getTargetFriendlyName()); + // parse additional bPK sector list + if (dbOA.getAdditionalbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) { + additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); + } else { + if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, + dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - } else { + } else { + additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); + } - String target = getTarget(); + } + } - if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) - dbOA.setTarget(target + "-" + getTarget_subsector()); - else - dbOA.setTarget(target); + // parse 'Austrian eID mode' flag + eidDemoActive = dbOA.getIseIDDemoModeActive(); + eidProxyActive = dbOA.getIseIDProxyModeActive(); + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { - } + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - } else { + String num = null; + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); - if (MiscUtil.isNotEmpty(getTarget())) { + } else { - String target = getTarget(); + num = getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) - dbOA.setTarget(target + "-" + getTarget_subsector()); + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - else - dbOA.setTarget(target); + /* + * Fixme: Company numbers had to be padded with '0' on left site But this bugfix + * can not be activated, because this would change all bPKs for company numbers. + * + * Change this in case of new bPK generation algorithms + */ + // num = StringUtils.leftPad(num, 7, '0'); + } - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + } - } - } + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); } - - dbOA.setForeignbPKTargetList(getForeignbPKTargets()); - dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); - dbOA.setIseIDDemoModeActive(isEidDemoActive()); - dbOA.setIseIDProxyModeActive(isEidProxyActive()); - - return null; - } - - /** - * @return - */ - private boolean isBusinessService(OnlineApplication dbOA) { - if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) - return true; - else - return false; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); - } - - public String getTarget() { - return target; - } - - public void setTarget(String target) { - this.target = target; - } - - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - public String getIdentificationNumber() { - return identificationNumber; - } - - public void setIdentificationNumber(String identificationNumber) { - this.identificationNumber = identificationNumber; - } - - public String getIdentificationType() { - return identificationType; - } - - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * @return the target_subsector - */ - public String getTarget_subsector() { - return target_subsector; - } - - - /** - * @param target_subsector the target_subsector to set - */ - public void setTarget_subsector(String target_subsector) { - this.target_subsector = target_subsector; - } - - - /** - * @return the target_admin - */ - public String getTarget_admin() { - return target_admin; - } - - - /** - * @param target_admin the target_admin to set - */ - public void setTarget_admin(String target_admin) { - this.target_admin = target_admin; - } - - - /** - * @return the targetList - */ - public List getTargetList() { - return targetList; - } - - - /** - * @return the identificationTypeList - */ - public List getIdentificationTypeList() { - return identificationTypeList; - } - - - /** - * @return the isAdminTarget - */ - public boolean isAdminTarget() { - return isAdminTarget; - } - - - /** - * @param isAdminTarget the isAdminTarget to set - */ - public void setAdminTarget(boolean isAdminTarget) { - this.isAdminTarget = isAdminTarget; - } - - /** - * @return the deaktivededBusinessService - */ - public boolean isDeaktivededBusinessService() { - return deaktivededBusinessService; - } + } + IdentificationNumber idnumber = authoa.getIdentificationNumber(); + if (idnumber == null) { + idnumber = new IdentificationNumber(); + } - /** - * @param deaktivededBusinessService the deaktivededBusinessService to set - */ - public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { - this.deaktivededBusinessService = deaktivededBusinessService; - } + if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { + idnumber.setValue(Constants.PREFIX_EIDAS + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { + idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else { + idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } - /** - * @return the subTargetSet - */ - public boolean isSubTargetSet() { - return subTargetSet; - } + authoa.setIdentificationNumber(idnumber); + } else { + dbOA.setType(null); - /** - * @param subTargetSet the subTargetSet to set - */ - public void setSubTargetSet(boolean subTargetSet) { - this.subTargetSet = subTargetSet; - } + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { + dbOA.setTarget(getTarget_admin()); + dbOA.setTargetFriendlyName(getTargetFriendlyName()); + } else { - public String getForeignbPKTargets() { - return foreignbPKTargets; - } + final String target = getTarget(); + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) { + dbOA.setTarget(target + "-" + getTarget_subsector()); + } else { + dbOA.setTarget(target); + } - public void setForeignbPKTargets(String foreignbPKTargets) { - if (MiscUtil.isNotEmpty(foreignbPKTargets)) - this.foreignbPKTargets = - KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); - else - this.foreignbPKTargets = foreignbPKTargets; - } + final String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) { + dbOA.setTargetFriendlyName(targetname); + } + } + + } else { + + if (MiscUtil.isNotEmpty(getTarget())) { - public String getAdditionalbPKTargets() { - return additionalbPKTargets; - } + final String target = getTarget(); + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) { + dbOA.setTarget(target + "-" + getTarget_subsector()); + } else { + dbOA.setTarget(target); + } - public void setAdditionalbPKTargets(String additionalbPKTargets) { - if (MiscUtil.isNotEmpty(additionalbPKTargets)) - this.additionalbPKTargets = - KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); - else - this.additionalbPKTargets = additionalbPKTargets; + final String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) { + dbOA.setTargetFriendlyName(targetname); + } - } + } + } + } + + dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); + dbOA.setIseIDDemoModeActive(isEidDemoActive()); + dbOA.setIseIDProxyModeActive(isEidProxyActive()); + + return null; + } + + /** + * @return + */ + private boolean isBusinessService(OnlineApplication dbOA) { + if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) { + return true; + } else { + return false; + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + public String getIdentificationNumber() { + return identificationNumber; + } + + public void setIdentificationNumber(String identificationNumber) { + this.identificationNumber = identificationNumber; + } + + public String getIdentificationType() { + return identificationType; + } + + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * @return the target_subsector + */ + public String getTarget_subsector() { + return target_subsector; + } + + /** + * @param target_subsector the target_subsector to set + */ + public void setTarget_subsector(String target_subsector) { + this.target_subsector = target_subsector; + } + + /** + * @return the target_admin + */ + public String getTarget_admin() { + return target_admin; + } + + /** + * @param target_admin the target_admin to set + */ + public void setTarget_admin(String target_admin) { + this.target_admin = target_admin; + } + + /** + * @return the targetList + */ + public List getTargetList() { + return targetList; + } + + /** + * @return the identificationTypeList + */ + public List getIdentificationTypeList() { + return identificationTypeList; + } + + /** + * @return the isAdminTarget + */ + public boolean isAdminTarget() { + return isAdminTarget; + } + + /** + * @param isAdminTarget the isAdminTarget to set + */ + public void setAdminTarget(boolean isAdminTarget) { + this.isAdminTarget = isAdminTarget; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + /** + * @param deaktivededBusinessService the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + public String getForeignbPKTargets() { + return foreignbPKTargets; + } + + public void setForeignbPKTargets(String foreignbPKTargets) { + if (MiscUtil.isNotEmpty(foreignbPKTargets)) { + this.foreignbPKTargets = + KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); + } else { + this.foreignbPKTargets = foreignbPKTargets; + } + } + + public String getAdditionalbPKTargets() { + return additionalbPKTargets; + } + + public void setAdditionalbPKTargets(String additionalbPKTargets) { + if (MiscUtil.isNotEmpty(additionalbPKTargets)) { + this.additionalbPKTargets = + KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); + } else { + this.additionalbPKTargets = additionalbPKTargets; + } + } - public boolean isEidDemoActive() { - return eidDemoActive; - } + public boolean isEidDemoActive() { + return eidDemoActive; + } + public void setEidDemoActive(boolean eidDemoActive) { + this.eidDemoActive = eidDemoActive; + } - public void setEidDemoActive(boolean eidDemoActive) { - this.eidDemoActive = eidDemoActive; - } - - public boolean isEidProxyActive() { - return eidProxyActive; - } + public boolean isEidProxyActive() { + return eidProxyActive; + } + public void setEidProxyActive(boolean eidProxyActive) { + this.eidProxyActive = eidProxyActive; + } - public void setEidProxyActive(boolean eidProxyActive) { - this.eidProxyActive = eidProxyActive; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java index e27c55c90..29598a679 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java @@ -27,110 +27,128 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationGatewayType; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class PVPGatewayInterfederationConfig implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(PVPGatewayInterfederationConfig.class); - - private String entityID = null; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "PVPGatewayInterfederation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); - if (gateway != null) { - this.entityID = gateway.getForwardIDPIdentifier(); - - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - if (authUser.isAdmin()) { - dbOA.setIsInterfederationGateway(true); - - InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); - if (gateway == null) { - gateway = new InterfederationGatewayType(); - dbOA.setInterfederationGateway(gateway); - } - - gateway.setForwardIDPIdentifier(entityID); - } - - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (MiscUtil.isNotEmpty(entityID)) { - if (!ValidationHelper.validateURL(entityID)) { - log.info("PVP gateway EntityID is not valid"); - errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid", request)); - - } - - } else - errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request)); - - return errors; - } - - /** - * @return the entityID - */ - public String getEntityID() { - return entityID; - } - - /** - * @param entityID the entityID to set - */ - public void setEntityID(String entityID) { - this.entityID = entityID; - } - - - + private String entityID = null; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "PVPGatewayInterfederation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + final InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); + if (gateway != null) { + this.entityID = gateway.getForwardIDPIdentifier(); + + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationGateway(true); + + InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); + if (gateway == null) { + gateway = new InterfederationGatewayType(); + dbOA.setInterfederationGateway(gateway); + } + + gateway.setForwardIDPIdentifier(entityID); + } + + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (MiscUtil.isNotEmpty(entityID)) { + if (!ValidationHelper.validateURL(entityID)) { + log.info("PVP gateway EntityID is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid", + request)); + + } + + } else { + errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request)); + } + + return errors; + } + + /** + * @return the entityID + */ + public String getEntityID() { + return entityID; + } + + /** + * @param entityID the entityID to set + */ + public void setEntityID(String entityID) { + this.entityID = entityID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index c69998fa2..8b50437cb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -40,8 +40,6 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; @@ -50,10 +48,10 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.ToStringUtil; import at.gv.util.WebAppUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class AuthenticationFilter implements Filter{ - - private final Logger log = Logger.getLogger(AuthenticationFilter.class); private static ConfigurationProvider config; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java index 71f9536ae..6c4ecf3ae 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java @@ -11,11 +11,13 @@ import javax.servlet.ServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.builder.ToStringBuilder; -import org.apache.log4j.Logger; + +import lombok.extern.slf4j.Slf4j; /** * @author Thomas Knall */ +@Slf4j public class EncodingFilter implements javax.servlet.Filter { private static final String SERVLET_INIT_PARAM_ENCODING = "encoding"; @@ -30,8 +32,6 @@ public class EncodingFilter implements javax.servlet.Filter { private static final boolean DEFAULT_FORCE_REQUEST_ENCODING_VALUE = true; private static final boolean DEFAULT_SET_RESPONSE_ENCODING_VALUE = false; private static final boolean DEFAULT_FORCE_RESPONSE_ENCODING_VALUE = false; - - private Logger log = Logger.getLogger(getClass().getName()); private String encoding = null; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java index 4d47d8d96..25cf87aa9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java @@ -29,29 +29,27 @@ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.util.Base64Utils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class AuthenticationHelper { - - private static final Logger log = Logger.getLogger(AuthenticationHelper.class); - - public static String generateKeyFormPassword(String password) { - SecretKeyFactory factory; - - try { - factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); - KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128); - SecretKey tmp = factory.generateSecret(spec); - SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); - return Base64Utils.encode(secret.getEncoded()); - - } catch (Exception e) { - log.info("Key generation form password failed."); - return null; - } - - } + + public static String generateKeyFormPassword(String password) { + SecretKeyFactory factory; + + try { + factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + final KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128); + final SecretKey tmp = factory.generateSecret(spec); + final SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); + return Base64Utils.encode(secret.getEncoded()); + + } catch (final Exception e) { + log.info("Key generation form password failed."); + return null; + } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java index eed4aa32f..a6c8b93b1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java @@ -26,34 +26,32 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class DateTimeHelper { - private static final Logger log = Logger.getLogger(DateTimeHelper.class); - - private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; - - public static String getDateTime(Date date) { - SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); - return f.format(date); - } - - public static Date parseDateTime(String date) { - SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); - - if (MiscUtil.isNotEmpty(date)) { - - try { - return f.parse(date); - - } catch (ParseException e) { - log.warn("Parse DATETIME String " + date + " failed", e); - - } - } - return null; - } + private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; + + public static String getDateTime(Date date) { + final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + return f.format(date); + } + + public static Date parseDateTime(String date) { + final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + + if (MiscUtil.isNotEmpty(date)) { + + try { + return f.parse(date); + + } catch (final ParseException e) { + log.warn("Parse DATETIME String " + date + " failed", e); + + } + } + return null; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index b4afcb5f2..406acf001 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -26,77 +26,76 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType; public class FormDataHelper { - public static ArrayList populateFormWithInderfederationIDPs(List dbOAs) { - - ArrayList formOAs = new ArrayList(); - - for (OnlineApplication dboa : dbOAs) { - - if (dboa.isIsInterfederationIDP()!= null && dboa.isIsInterfederationIDP()) - formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); - - else if (dboa.isIsInterfederationGateway()!= null && dboa.isIsInterfederationGateway()) - formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY)); - - else if (dboa.getAuthComponentOA().getOASTORK() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) - formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); - } - return formOAs; - } - - public static ArrayList populateFormWithOAs(List dbOAs) { - - ArrayList formOAs = new ArrayList(); - - for (OnlineApplication dboa : dbOAs) { - - if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || - (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) || - (dboa.getAuthComponentOA().getOASTORK() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) || - (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) { - formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); - } - } - return formOAs; - } - - private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { - OAListElement listoa = new OAListElement(type); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - return listoa; - } - - public static ArrayList addFormUsers(List dbuserlist) { - ArrayList userlist = new ArrayList(); - - for (UserDatabase dbuser : dbuserlist) { - - boolean ismandate = false; - if (dbuser.isIsMandateUser() != null) - ismandate = dbuser.isIsMandateUser(); - - userlist.add(new AuthenticatedUser(dbuser, - dbuser.isIsActive(), - ismandate, - false, null, null, new Date()) - ); - } - return userlist; - } + public static ArrayList populateFormWithInderfederationIDPs(List dbOAs) { + + final ArrayList formOAs = new ArrayList<>(); + + for (final OnlineApplication dboa : dbOAs) { + + if (dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); + } else if (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY)); + } else if (dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); + } + } + return formOAs; + } + + public static ArrayList populateFormWithOAs(List dbOAs) { + + final ArrayList formOAs = new ArrayList<>(); + + for (final OnlineApplication dboa : dbOAs) { + + if (!(dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP() || + dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() || + dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() || + dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway())) { + formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); + } + } + return formOAs; + } + + private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { + final OAListElement listoa = new OAListElement(type); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + return listoa; + } + + public static ArrayList addFormUsers(List dbuserlist) { + final ArrayList userlist = new ArrayList<>(); + + for (final UserDatabase dbuser : dbuserlist) { + + boolean ismandate = false; + if (dbuser.isIsMandateUser() != null) { + ismandate = dbuser.isIsMandateUser(); + } + + userlist.add(new AuthenticatedUser(dbuser, + dbuser.isIsActive(), + ismandate, + false, null, null, new Date())); + } + return userlist; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java index 29ab75b3e..d4f4d2129 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java @@ -22,81 +22,73 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; +import java.text.MessageFormat; +import java.util.Locale; +import java.util.ResourceBundle; + +import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; -import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; -import javax.servlet.http.HttpServletRequest; -import java.text.MessageFormat; -import java.util.Locale; -import java.util.ResourceBundle; +@Slf4j +public class LanguageHelper { + private static String errorLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); -import org.apache.log4j.Logger; + } + private static String guiLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); -public class LanguageHelper { + } - private static Logger log = Logger.getLogger(LanguageHelper.class); - - private static String errorLanguage(String code, Locale locale) { - return ResourceBundle.getBundle("applicationResources", locale).getString(code); - - } + public static String getGUIString(String code, HttpServletRequest request) { + return guiLanguage(code, getLangFromRequest(request)); + } - private static String guiLanguage(String code, Locale locale) { - return ResourceBundle.getBundle("applicationResources", locale).getString(code); - - } + public static String getErrorString(String code, HttpServletRequest request) { + return errorLanguage(code, getLangFromRequest(request)); + } - public static String getGUIString(String code, HttpServletRequest request) { - return guiLanguage(code, getLangFromRequest(request)); - } + public static String getGUIString(String code, String parameter, HttpServletRequest request) { + return MessageFormat.format(getGUIString(code, request), parameter); + } + public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { - public static String getErrorString(String code, HttpServletRequest request) { - return errorLanguage(code, getLangFromRequest(request)); - } + return MessageFormat.format(getGUIString(code, request), parameter); + } - public static String getGUIString(String code, String parameter, HttpServletRequest request) { - return MessageFormat.format(getGUIString(code, request), parameter); - } + private static Locale getLangFromRequest(HttpServletRequest request) { + + Locale defaultLanguage = Locale.forLanguageTag("de"); - public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { + try { + final ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); + defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); - return MessageFormat.format(getGUIString(code, request), parameter); + } catch (final ConfigurationException e) { + log.error("Configuration exception while getting ConfigurationProvider instance", e); } - - private static Locale getLangFromRequest(HttpServletRequest request) { - - Locale defaultLanguage = Locale.forLanguageTag("de"); - - try { - ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); - defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); - - } catch (ConfigurationException e) { - log.error("Configuration exception while getting ConfigurationProvider instance", e); - } - - - if (request == null) { - return defaultLanguage; - - } else { - Object obj = request.getSession().getAttribute(Constants.SESSION_I18n); - - if (obj != null && obj instanceof Locale) { - return (Locale) obj; - - } else - return defaultLanguage; - - } - + if (request == null) { + return defaultLanguage; + + } else { + final Object obj = request.getSession().getAttribute(Constants.SESSION_I18n); + + if (obj != null && obj instanceof Locale) { + return (Locale) obj; + + } else { + return defaultLanguage; + } + } -} + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index 8f3b8f479..5d1f663a9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -41,7 +41,6 @@ import javax.mail.internet.MimeMessage; import javax.mail.internet.MimeMultipart; import org.apache.commons.io.IOUtils; -import org.apache.log4j.Logger; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -49,207 +48,213 @@ import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MailHelper { - private static final Logger log = Logger.getLogger(MailHelper.class); - - private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; - private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; - private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; - private static final String PATTERN_DATE = "#TODAY_DATE#"; - private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; - private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; - private static final String PATTERN_OANAME = "#OANAME#"; - - public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountVerificationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); - template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); - } - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + - "?" + Constants.REQUEST_USERREQUESTTOKKEN + - "=" + userdb.getUserRequestTokken(); - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailUserAcountVerificationSubject(), - userdb.getMail(), template); - - } - - public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailAdminTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); - template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); - - } - - public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountActivationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - if (MiscUtil.isNotEmpty(institut)) { - template = template.replace(PATTERN_GIVENNAME, institut); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, givenname); - template = template.replace(PATTERN_FAMILYNAME, familyname); - } - - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailUserAcountActivationSubject(), - mailurl, template); - } - - public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailOAActivationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - if (MiscUtil.isNotEmpty(institut)) { - template = template.replace(PATTERN_GIVENNAME, institut); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, givenname); - template = template.replace(PATTERN_FAMILYNAME, familyname); - } - - template = template.replace(PATTERN_OANAME, oaname); - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailOAActivationSubject(), - mailurl, template); - } - - public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountRevocationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); - template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); - } - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - sendMail(config, config.getMailUserAcountActivationSubject(), - userdb.getMail(), template); - } - - private static String readTemplateFromURL(String templateurl, String rootDir) throws ConfigurationException { - InputStream input; - try { - - URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir)); - input = keystoreURL.openStream(); - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - input.close(); - return writer.toString(); - - } catch (Exception e) { - log.warn("Mailtemplate can not be read from source" + templateurl); - throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); - - } - } - - private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException { - try { - log.debug("Sending mail."); - MiscUtil.assertNotNull(subject, "subject"); - MiscUtil.assertNotNull(recipient, "recipient"); - MiscUtil.assertNotNull(content, "content"); - - Properties props = new Properties(); - props.setProperty("mail.transport.protocol", "smtp"); - props.setProperty("mail.host", config.getSMTPMailHost()); - log.trace("Mail host: " + config.getSMTPMailHost()); - if (config.getSMTPMailPort() != null) { - log.trace("Mail port: " + config.getSMTPMailPort()); - props.setProperty("mail.port", config.getSMTPMailPort()); - } - if (config.getSMTPMailUsername() != null) { - log.trace("Mail user: " + config.getSMTPMailUsername()); - props.setProperty("mail.user", config.getSMTPMailUsername()); - } - if (config.getSMTPMailPassword() != null) { - log.trace("Mail password: " + config.getSMTPMailPassword()); - props.setProperty("mail.password", config.getSMTPMailPassword()); - } - - Session mailSession = Session.getDefaultInstance(props, null); - Transport transport = mailSession.getTransport(); - - MimeMessage message = new MimeMessage(mailSession); - message.setSubject(subject); - log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); - message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); - log.trace("Recipient: " + recipient); - message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); - - log.trace("Creating multipart content of mail."); - MimeMultipart multipart = new MimeMultipart("related"); - - log.trace("Adding first part (html)"); - BodyPart messageBodyPart = new MimeBodyPart(); - messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); - multipart.addBodyPart(messageBodyPart); - + private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; + private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; + private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; + private static final String PATTERN_DATE = "#TODAY_DATE#"; + private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; + private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; + private static final String PATTERN_OANAME = "#OANAME#"; + + public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountVerificationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + + "?" + Constants.REQUEST_USERREQUESTTOKKEN + + "=" + userdb.getUserRequestTokken(); + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountVerificationSubject(), + userdb.getMail(), template); + + } + + public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailAdminTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); + template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); + + } + + public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, + String mailurl) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountActivationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountActivationSubject(), + mailurl, template); + } + + public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, + String institut, String oaname, String mailurl) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailOAActivationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + template = template.replace(PATTERN_OANAME, oaname); + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailOAActivationSubject(), + mailurl, template); + } + + public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountRevocationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailUserAcountActivationSubject(), + userdb.getMail(), template); + } + + private static String readTemplateFromURL(String templateurl, String rootDir) + throws ConfigurationException { + InputStream input; + try { + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir)); + input = keystoreURL.openStream(); + final StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + input.close(); + return writer.toString(); + + } catch (final Exception e) { + log.warn("Mailtemplate can not be read from source" + templateurl); + throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); + + } + } + + private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) + throws ConfigurationException { + try { + log.debug("Sending mail."); + MiscUtil.assertNotNull(subject, "subject"); + MiscUtil.assertNotNull(recipient, "recipient"); + MiscUtil.assertNotNull(content, "content"); + + final Properties props = new Properties(); + props.setProperty("mail.transport.protocol", "smtp"); + props.setProperty("mail.host", config.getSMTPMailHost()); + log.trace("Mail host: " + config.getSMTPMailHost()); + if (config.getSMTPMailPort() != null) { + log.trace("Mail port: " + config.getSMTPMailPort()); + props.setProperty("mail.port", config.getSMTPMailPort()); + } + if (config.getSMTPMailUsername() != null) { + log.trace("Mail user: " + config.getSMTPMailUsername()); + props.setProperty("mail.user", config.getSMTPMailUsername()); + } + if (config.getSMTPMailPassword() != null) { + log.trace("Mail password: " + config.getSMTPMailPassword()); + props.setProperty("mail.password", config.getSMTPMailPassword()); + } + + final Session mailSession = Session.getDefaultInstance(props, null); + final Transport transport = mailSession.getTransport(); + + final MimeMessage message = new MimeMessage(mailSession); + message.setSubject(subject); + log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); + message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); + log.trace("Recipient: " + recipient); + message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); + + log.trace("Creating multipart content of mail."); + final MimeMultipart multipart = new MimeMultipart("related"); + + log.trace("Adding first part (html)"); + final BodyPart messageBodyPart = new MimeBodyPart(); + messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); + multipart.addBodyPart(messageBodyPart); + // log.trace("Adding mail images"); // messageBodyPart = new MimeBodyPart(); // for (Image image : images) { @@ -257,20 +262,20 @@ public class MailHelper { // messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">"); // multipart.addBodyPart(messageBodyPart); // } - - message.setContent(multipart); - transport.connect(); - log.trace("Sending mail message."); - transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); - log.trace("Successfully sent."); - transport.close(); - - } catch(MessagingException e) { - throw new ConfigurationException(e); - - } catch (UnsupportedEncodingException e) { - throw new ConfigurationException(e); - - } - } + + message.setContent(multipart); + transport.connect(); + log.trace("Sending mail message."); + transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); + log.trace("Successfully sent."); + transport.close(); + + } catch (final MessagingException e) { + throw new ConfigurationException(e); + + } catch (final UnsupportedEncodingException e) { + throw new ConfigurationException(e); + + } + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java index 53afa59a0..be4cab9d7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java @@ -26,37 +26,35 @@ import java.io.UnsupportedEncodingException; public class StringHelper { - public static String formatText(String strGivenText) - { - StringBuffer sbFormattedText = new StringBuffer(strGivenText); - - for(int i=0; i formList; - protected long oaid = -1; - - private String oaidobj; - private boolean newOA; - private boolean isMetaDataRefreshRequired = false; - - private InputStream stream = null; - - - - /** - * - */ - public BasicOAAction() { - super(); - - formList = new LinkedHashMap(); - - OAGeneralConfig generalOA = new OAGeneralConfig(); - formList.put(generalOA.getName(), generalOA); - - } - - protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{ - if (!ValidationHelper.validateOAID(oaidobj)) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - + private static final long serialVersionUID = 5676123696807646246L; + + protected LinkedHashMap formList; + protected long oaid = -1; + + private String oaidobj; + private boolean newOA; + private boolean isMetaDataRefreshRequired = false; + + private InputStream stream = null; + + /** + * + */ + public BasicOAAction() { + super(); + + formList = new LinkedHashMap<>(); + + final OAGeneralConfig generalOA = new OAGeneralConfig(); + formList.put(generalOA.getName(), generalOA); + + } + + protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException { + if (!ValidationHelper.validateOAID(oaidobj)) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } else { + userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + // TODO: change to direct Database operation + final List oas = userdb.getOnlineApplication(); + for (final String oa : oas) { + if (oa.equals(oaid)) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + break; } - oaid = Long.valueOf(oaidobj); + } + if (onlineapplication == null) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; + return onlineapplication; - if (authUser.isAdmin()) - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } - else { - userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + protected void populateBasicNewOnlineApplicationInformation() { + session.setAttribute(Constants.SESSION_OAID, null); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); + setNewOA(true); - } + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } - // TODO: change to direct Database operation - List oas = userdb.getOnlineApplication(); - for (String oa : oas) { - if (oa.equals(oaid)) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - break; - } - } - if (onlineapplication == null) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - } + protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, + boolean persistOA) throws BasicOAActionException { + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + onlineapplication.setIsNew(true); + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else { + isMetaDataRefreshRequired = true; + } + + } else { + onlineapplication.setIsNew(false); + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA() + .getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if (onlineapplication.isIsAdminRequired() == null + || authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired()) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + UserDatabase userdb = null; + if (onlineapplication.getHjid() != null) { + userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); + } + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (final ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); } - - return onlineapplication; - - } - - protected void populateBasicNewOnlineApplicationInformation() { - session.setAttribute(Constants.SESSION_OAID, null); - - setNewOA(true); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } + } + + // save OA configuration + final String error = saveOAConfigToDatabase(onlineapplication, persistOA); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); } - - protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, boolean persistOA) throws BasicOAActionException { - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - onlineapplication.setIsNew(true); - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - onlineapplication.setIsNew(false); - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - UserDatabase userdb = null; - if (onlineapplication.getHjid() != null) - userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, persistOA); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); - } // //set metadata reload flag if reload is required -// +// // if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) { // // try { @@ -234,290 +237,302 @@ public class BasicOAAction extends BasicAction { // } // // } - - return onlineapplication; - } - - protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - } else { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - } - - OnlineApplication onlineapplication = null; - - Long oaid = getOAIDFromSession(); - - // valid DBID and check entry - OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName())); - String oaidentifier = oaGeneralForm.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (oaid == -1) { - List oaList = configuration.getDbRead().getAllOnlineApplications(); - - if (oaList != null) { - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - onlineapplication = el; - - } - } - - if (onlineapplication == null) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); - - } - - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{onlineapplication.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } else - setNewOA(true); - - } else { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - OnlineApplication dbOA = null; - List oaList = configuration.getDbRead().getAllOnlineApplications(); - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - dbOA = el; - - } - if (dbOA == null) - dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); - - if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{dbOA.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } - } - } - } - } - - return onlineapplication; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } - - } - - protected Long getOAIDFromSession() throws BasicOAActionException { - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + + return onlineapplication; + } + + protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + } else { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + } + + OnlineApplication onlineapplication = null; + + final Long oaid = getOAIDFromSession(); + + // valid DBID and check entry + final OAGeneralConfig oaGeneralForm = (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + final String oaidentifier = oaGeneralForm.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (oaid == -1) { + final List oaList = configuration.getDbRead().getAllOnlineApplications(); + + if (oaList != null) { + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + onlineapplication = el; } - } catch (Throwable t) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + } + } + + if (onlineapplication == null) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { onlineapplication.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + setNewOA(true); + } + + } else { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + OnlineApplication dbOA = null; + final List oaList = configuration.getDbRead().getAllOnlineApplications(); + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + dbOA = el; + } + + } + if (dbOA == null) { + dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (dbOA != null && !dbOA.getHjid().equals(oaid)) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { dbOA.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } + } + } } - - return oaid; + } + + return onlineapplication; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; } - - protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - - } - - String oaidentifier = getGeneralOA().getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - } - } - - return oaidentifier; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } + + } + + protected Long getOAIDFromSession() throws BasicOAActionException { + final Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + + } catch (final Throwable t) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { - - for (IOnlineApplicationData form : formList.values()) - form.store(dboa, authUser, request); - - try { - if (dboa.isIsNew()) { - if (!authUser.isAdmin()) { - UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - List useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList(); + return oaid; + } + + protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser + .getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); - useroas.add(String.valueOf(dboa.getHjid())); - configuration.getUserManagement().saveOrUpdate(user); - - } else { - if (persistOA) - save(dboa); - - } - - } else - if (persistOA) - save(dboa); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + final String oaidentifier = getGeneralOA().getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); - return null; + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + } + } + + return oaidentifier; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + } + + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { + + for (final IOnlineApplicationData form : formList.values()) { + form.store(dboa, authUser, request); } - - protected void save(OnlineApplication oa) throws MOADatabaseException { - try { - STORK storkConfig = null; - try { - MOAIDConfiguration moaidConfig = - ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); - - } catch (Exception e) { - - } - - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - if (oa.getHjid() == null) { - log.debug("No hjID -> find new Service ID ..."); - String hjID = configuration.getConfigModule().buildArrayIdentifier( - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); - log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); - oa.setHjid(Long.valueOf(hjID)); - - } else { - //TODO: work-around for old config tool and new key/value configuration - //see: NewConfigurationDBRead.java Line 81 + + try { + if (dboa.isIsNew()) { + if (!authUser.isAdmin()) { + final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + List useroas = user.getOnlineApplication(); + if (useroas == null) { + useroas = new ArrayList<>(); + } + + useroas.add(String.valueOf(dboa.getHjid())); + configuration.getUserManagement().saveOrUpdate(user); + + } else { + if (persistOA) { + save(dboa); + } + + } + + } else if (persistOA) { + save(dboa); + } + + } catch (final MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + + return null; + } + + protected void save(OnlineApplication oa) throws MOADatabaseException { + try { + STORK storkConfig = null; + try { + final MOAIDConfiguration moaidConfig = + ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); + + } catch (final Exception e) { + + } + + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + if (oa.getHjid() == null) { + log.debug("No hjID -> find new Service ID ..."); + final String hjID = configuration.getConfigModule().buildArrayIdentifier( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); + log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); + oa.setHjid(Long.valueOf(hjID)); + + } else { + // TODO: work-around for old config tool and new key/value configuration + // see: NewConfigurationDBRead.java Line 81 // if (oa.getHjid() > 1000000) { -// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) +// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) // oa.setHjid(oa.getHjid() - 1000000); // else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) // oa.setHjid(oa.getHjid() - 2000000); @@ -525,208 +540,210 @@ public class BasicOAAction extends BasicAction { // oa.setHjid(oa.getHjid() - 3000000); // else // log.warn("Inconsistent state found! Service Identifier for OA found but Hjid is > 1000000."); -// +// // } - - } - - Map absolutKeyValue = KeyValueUtils.makeKeysAbsolut( - keyValueConfig, - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(oa.getHjid()), - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); - - configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - - - } catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - throw new MOADatabaseException(e.getMessage(), e); - - } - + + } + + final Map absolutKeyValue = KeyValueUtils.makeKeysAbsolut( + keyValueConfig, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + oa.getHjid()), + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + + configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + + } catch (ConfigurationStorageException + | at.gv.egiz.components.configuration.api.ConfigurationException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + throw new MOADatabaseException(e.getMessage(), e); + } - - protected boolean delete(OnlineApplication onlineapplication) { - try { - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - String deleteServiceKey = - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(onlineapplication.getHjid()) + ".*"; - - configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[]{deleteServiceKey})); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - return true; - - } catch (ConfigurationStorageException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - - } - - return false; - + + } + + protected boolean delete(OnlineApplication onlineapplication) { + try { + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + final String deleteServiceKey = + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + onlineapplication.getHjid()) + ".*"; + + configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[] { + deleteServiceKey })); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + return true; + + } catch (final ConfigurationStorageException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + } - - public String bkuFramePreview() { - String preview = null; + return false; - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - InputStream input = null; + } - try { - Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); - if (mapobj != null && mapobj instanceof Map) { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR - + ConfigurationProvider.HTMLTEMPLATE_FILE; - - File file = new File(new URI(templateURL)); - input = new FileInputStream(file); - - String contextpath = config.getMOAIDInstanceURL(); - if (MiscUtil.isEmpty(contextpath)) { - log.info("NO MOA-ID instance URL configurated."); - input.close(); - throw new ConfigurationException("No MOA-ID instance configurated"); - - } - - //set parameters - Map params = (Map) mapobj; - params.put( - AbstractServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, - contextpath); - - request.setCharacterEncoding("UTF-8"); - String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); - String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); - - if (value != null) { - String[] query = URLDecoder.decode(request.getQueryString()).split("&"); - value = query[1].substring("value=".length()); - } + public String bkuFramePreview() { - synchronized (params) { - if (MiscUtil.isNotEmpty(module)) { - if (params.containsKey(module)) { - if (MiscUtil.isNotEmpty(value)) { - if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT.contains(module) - || value.startsWith("#")) - params.put(module, value); - else - params.put(module, "#" + value); - - } else { - params.put(module, FormBuildUtils.getDefaultMap().get(module)); - } - } - } - } - - //write preview - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - VelocityContext context = new VelocityContext(); - Iterator> interator = params.entrySet().iterator(); - while (interator.hasNext()) { - Entry el = interator.next(); - context.put(el.getKey(), el.getValue()); - - } - StringWriter writer = new StringWriter(); - engine.evaluate(context, writer, "BKUSelection_preview", - new BufferedReader(new InputStreamReader(input))); - stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + String preview = null; - } else { - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + try { + populateBasicInformations(); - } + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + InputStream input = null; + + try { + final Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); + if (mapobj != null && mapobj instanceof Map) { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR + + ConfigurationProvider.HTMLTEMPLATE_FILE; - } catch (Exception e) { - log.warn("BKUSelection Preview can not be generated.", e); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + final File file = new File(new URI(templateURL)); + input = new FileInputStream(file); + + final String contextpath = config.getMOAIDInstanceURL(); + if (MiscUtil.isEmpty(contextpath)) { + log.info("NO MOA-ID instance URL configurated."); + input.close(); + throw new ConfigurationException("No MOA-ID instance configurated"); } - if (stream == null && MiscUtil.isNotEmpty(preview)) { - try { - stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); - - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - - } + // set parameters + final Map params = (Map) mapobj; + params.put( + AbstractGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, + contextpath); + + request.setCharacterEncoding("UTF-8"); + final String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); + String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); + + if (value != null) { + final String[] query = URLDecoder.decode(request.getQueryString()).split("&"); + value = query[1].substring("value=".length()); } - - - return Constants.STRUTS_SUCCESS; - } - - - /** - * @param oaidobj the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - /** - * @param newOA the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; - } - - public OAGeneralConfig getGeneralOA() { - return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); - } + synchronized (params) { + if (MiscUtil.isNotEmpty(module)) { + if (params.containsKey(module)) { + if (MiscUtil.isNotEmpty(value)) { + if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT + .contains(module) + || value.startsWith("#")) { + params.put(module, value); + } else { + params.put(module, "#" + value); + } - public void setGeneralOA(OAGeneralConfig generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - - public OAPVP2Config getPvp2OA() { - return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); - } + } else { + params.put(module, FormBuildUtils.getDefaultMap().get(module)); + } + } + } + } + + // write preview + final VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + final VelocityContext context = new VelocityContext(); + final Iterator> interator = params.entrySet().iterator(); + while (interator.hasNext()) { + final Entry el = interator.next(); + context.put(el.getKey(), el.getValue()); + + } + final StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, "BKUSelection_preview", + new BufferedReader(new InputStreamReader(input))); + stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + + } else { + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + + } + + } catch (final Exception e) { + log.warn("BKUSelection Preview can not be generated.", e); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); - public void setPvp2OA(OAPVP2Config pvp2oa) { - formList.put(pvp2oa.getName(), pvp2oa); } - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } + if (stream == null && MiscUtil.isNotEmpty(preview)) { + try { + stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); + + } catch (final UnsupportedEncodingException e) { + e.printStackTrace(); + + } + } + return Constants.STRUTS_SUCCESS; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + public OAGeneralConfig getGeneralOA() { + return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + public OAPVP2Config getPvp2OA() { + return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 8e057db0f..0992d7f1a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -30,7 +30,6 @@ import java.util.Map; import java.util.Set; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; @@ -76,164 +75,160 @@ import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class EditGeneralConfigAction extends BasicAction { - - private static final Logger log = Logger.getLogger(EditGeneralConfigAction.class); - private static final long serialVersionUID = 1L; - - private GeneralMOAIDConfig moaconfig; - private GeneralStorkConfig storkconfig; - - private String formID; - - public String loadConfig() { - try { - populateBasicInformations(); - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - - MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - - moaconfig = new GeneralMOAIDConfig(); - moaconfig.parse(dbconfig); - if (moaconfig == null) { - log.error("MOA configuration is null"); - } - if (moaconfig.isMoaidMode()) { - storkconfig = new GeneralStorkConfig(); - storkconfig.parse(dbconfig); - if (storkconfig == null) { - log.error("Stork configuration is null"); - } - } + private static final long serialVersionUID = 1L; + + private GeneralMOAIDConfig moaconfig; + private GeneralStorkConfig storkconfig; + + private String formID; + + public String loadConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + final MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); + + moaconfig = new GeneralMOAIDConfig(); + moaconfig.parse(dbconfig); + if (moaconfig == null) { + log.error("MOA configuration is null"); + } + + if (moaconfig.isMoaidMode()) { + storkconfig = new GeneralStorkConfig(); + storkconfig.parse(dbconfig); + if (storkconfig == null) { + log.error("Stork configuration is null"); + } + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String saveConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + boolean isMoaidMode = false; + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); + } + + if (authUser.isAdmin()) { + + final MOAConfigValidator validator = new MOAConfigValidator(); + + final List errors = validator.validate(moaconfig, request, isMoaidMode); + + if (isMoaidMode) { + errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); + } + + if (errors.size() > 0) { + log.info("General MOA-ID configuration has some errors."); + for (final String el : errors) { + addActionError(el); + } + + if (moaconfig.getSecLayerTransformation() != null) { + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (moaconfig.getSecLayerTransformation() == null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map) { + moaconfig.setSecLayerTransformation((Map) session.getAttribute( + Constants.SESSION_SLTRANSFORMATION)); + + } + } + + final String error = saveFormToDatabase(isMoaidMode); + if (error != null) { + log.warn("General MOA-ID config can not be stored in Database"); + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + addActionError(error); + return Constants.STRUTS_ERROR_VALIDATION; + } + + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null); + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request)); + return Constants.STRUTS_SUCCESS; + } + + public String back() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + return Constants.STRUTS_SUCCESS; + } - - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String saveConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - boolean isMoaidMode = false; - try { - isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); - } - - if (authUser.isAdmin()) { - - MOAConfigValidator validator = new MOAConfigValidator(); - - List errors = validator.validate(moaconfig, request, isMoaidMode); - - if (isMoaidMode) - errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); - - if (errors.size() > 0) { - log.info("General MOA-ID configuration has some errors."); - for (String el : errors) - addActionError(el); - - if (moaconfig.getSecLayerTransformation() != null) { - session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation()); - } - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - if (moaconfig.getSecLayerTransformation() == null && - session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null && - session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map ) { - moaconfig.setSecLayerTransformation((Map) - session.getAttribute(Constants.SESSION_SLTRANSFORMATION)); - - } - } - - String error = saveFormToDatabase(isMoaidMode); - if (error != null) { - log.warn("General MOA-ID config can not be stored in Database"); - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - addActionError(error); - return Constants.STRUTS_ERROR_VALIDATION; - } - - session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null); - - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - - addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request)); - return Constants.STRUTS_SUCCESS; - } - - public String back() { - try { - populateBasicInformations(); - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - return Constants.STRUTS_SUCCESS; - } - - private String saveFormToDatabase(boolean isMoaidMode) { - - log.debug("Saving form to database"); + private String saveFormToDatabase(boolean isMoaidMode) { + + log.debug("Saving form to database"); // log.error("Saving form to db"); // log.info("SV frm db"); @@ -244,630 +239,649 @@ public class EditGeneralConfigAction extends BasicAction { // log.error(" SES PARAM: " + obj.toString()); // } - try { - log.error(" ASSERTION " + moaconfig.getTimeoutAssertion()); - } catch (Exception ex) { - ex.printStackTrace(); - } - - MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - if (dbconfig == null) - dbconfig = new MOAIDConfiguration(); - - - AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); - if (dbauth == null) { - dbauth = new AuthComponentGeneral(); - dbconfig.setAuthComponentGeneral(dbauth); - } - - GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration(); - if (dbauthgeneral == null) { - dbauthgeneral = new GeneralConfiguration(); - dbauth.setGeneralConfiguration(dbauthgeneral); - } - + try { + log.error(" ASSERTION " + moaconfig.getTimeoutAssertion()); + } catch (final Exception ex) { + ex.printStackTrace(); + } + + MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); + if (dbconfig == null) { + dbconfig = new MOAIDConfiguration(); + } + + AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); + if (dbauth == null) { + dbauth = new AuthComponentGeneral(); + dbconfig.setAuthComponentGeneral(dbauth); + } + + GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration(); + if (dbauthgeneral == null) { + dbauthgeneral = new GeneralConfiguration(); + dbauth.setGeneralConfiguration(dbauthgeneral); + } + // GeneralConfiguration oldauthgeneral = null; // if (oldauth != null) // oldauthgeneral = oldauth.getGeneralConfiguration(); - - //set Public URL Prefix - String pubURLPrefix = moaconfig.getPublicURLPrefix(); - if (moaconfig.isVirtualPublicURLPrefixEnabled()) { - dbauthgeneral.setPublicURLPreFix( - KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); - - } else { - if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { - dbauthgeneral.setPublicURLPreFix( - pubURLPrefix.trim().substring(0, - pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); - - } else - dbauthgeneral.setPublicURLPreFix( - StringUtils.chomp(pubURLPrefix.trim())); - - } - - dbauthgeneral.setVirtualPublicURLPrefixEnabled( - moaconfig.isVirtualPublicURLPrefixEnabled()); - - + + // set Public URL Prefix + final String pubURLPrefix = moaconfig.getPublicURLPrefix(); + if (moaconfig.isVirtualPublicURLPrefixEnabled()) { + dbauthgeneral.setPublicURLPreFix( + KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); + + } else { + if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { + dbauthgeneral.setPublicURLPreFix( + pubURLPrefix.trim().substring(0, + pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); + + } else { + dbauthgeneral.setPublicURLPreFix( + StringUtils.chomp(pubURLPrefix.trim())); + } + + } + + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + moaconfig.isVirtualPublicURLPrefixEnabled()); + // if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) // dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); // else { // if (oldauthgeneral != null) // dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); // } - + // if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) // dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); - - TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); - if (dbtimeouts == null) { - dbtimeouts = new TimeOuts(); - dbauthgeneral.setTimeOuts(dbtimeouts); - } - if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) - dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION)); - else - dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion())); - - if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) - dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED)); - else - dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated())); - - if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) - dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED)); - else - dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated())); - - dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); - - - - Protocols dbprotocols = dbauth.getProtocols(); - if (dbprotocols == null) { - dbprotocols = new Protocols(); - dbauth.setProtocols(dbprotocols); - } - LegacyAllowed legprot = dbprotocols.getLegacyAllowed(); - if (legprot == null) { - legprot = new LegacyAllowed(); - dbprotocols.setLegacyAllowed(legprot); - } - - List el = legprot.getProtocolName(); - if (el == null) { - el = new ArrayList(); - legprot.setProtocolName(el); - - } - - //Workaround for DB cleaning is only needed for one or the releases (insert in 2.1.1) - if (el.size() > 2) - el.clear(); - - if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { - if (!moaconfig.isLegacy_pvp2()) - el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2); - - } else { - if (moaconfig.isLegacy_pvp2()) - el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); - } - - if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { - if (!moaconfig.isLegacy_saml1()) - el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1); - - } else { - if (moaconfig.isLegacy_saml1()) - el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); - } - - SAML1 saml1= dbprotocols.getSAML1(); - if (saml1 == null) { - saml1 = new SAML1(); - dbprotocols.setSAML1(saml1); - } - saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); - - if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { - saml1.setSourceID(moaconfig.getSaml1SourceID()); - - } else { - if (MiscUtil.isNotEmpty(saml1.getSourceID())) - saml1.setSourceID(moaconfig.getSaml1SourceID()); - - } - - - OAuth oauth= dbprotocols.getOAuth(); - if (oauth == null) { - oauth = new OAuth(); - dbprotocols.setOAuth(oauth); - } - - PVP2 pvp2 = dbprotocols.getPVP2(); - if (pvp2 == null) { - pvp2 = new PVP2(); - dbprotocols.setPVP2(pvp2); - } - - if (isMoaidMode) { - oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); - pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); - - } - - if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) - pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); + + TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); + if (dbtimeouts == null) { + dbtimeouts = new TimeOuts(); + dbauthgeneral.setTimeOuts(dbtimeouts); + } + if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) { + dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION)); + } else { + dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion())); + } + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) { + dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED)); + } else { + dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated())); + } + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) { + dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED)); + } else { + dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated())); + } + + dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); + + Protocols dbprotocols = dbauth.getProtocols(); + if (dbprotocols == null) { + dbprotocols = new Protocols(); + dbauth.setProtocols(dbprotocols); + } + LegacyAllowed legprot = dbprotocols.getLegacyAllowed(); + if (legprot == null) { + legprot = new LegacyAllowed(); + dbprotocols.setLegacyAllowed(legprot); + } + + List el = legprot.getProtocolName(); + if (el == null) { + el = new ArrayList<>(); + legprot.setProtocolName(el); + + } + + // Workaround for DB cleaning is only needed for one or the releases (insert in + // 2.1.1) + if (el.size() > 2) { + el.clear(); + } + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { + if (!moaconfig.isLegacy_pvp2()) { + el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2); + } + + } else { + if (moaconfig.isLegacy_pvp2()) { + el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); + } + } + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { + if (!moaconfig.isLegacy_saml1()) { + el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1); + } + + } else { + if (moaconfig.isLegacy_saml1()) { + el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); + } + } + + SAML1 saml1 = dbprotocols.getSAML1(); + if (saml1 == null) { + saml1 = new SAML1(); + dbprotocols.setSAML1(saml1); + } + saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + + if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + + } else { + if (MiscUtil.isNotEmpty(saml1.getSourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + } + + } + + OAuth oauth = dbprotocols.getOAuth(); + if (oauth == null) { + oauth = new OAuth(); + dbprotocols.setOAuth(oauth); + } + + PVP2 pvp2 = dbprotocols.getPVP2(); + if (pvp2 == null) { + pvp2 = new PVP2(); + dbprotocols.setPVP2(pvp2); + } + + if (isMoaidMode) { + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + + } + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) { + pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); // if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) // pvp2.setPublicURLPrefix(moaconfig.getPvp2PublicUrlPrefix()); - - Organization pvp2org = pvp2.getOrganization(); - if (pvp2org == null) { - pvp2org = new Organization(); - pvp2.setOrganization(pvp2org); - } - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) - pvp2org.setDisplayName(StringHelper.getUTF8String( - moaconfig.getPvp2OrgDisplayName())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) - pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) - pvp2org.setURL(moaconfig.getPvp2OrgURL()); - - List pvp2cont = pvp2.getContact(); - if (pvp2cont == null) { - pvp2cont = new ArrayList(); - pvp2.setContact(pvp2cont); - } - - if (pvp2cont.size() == 0) { - Contact cont = new Contact(); - pvp2cont.add(cont); - } - - Contact cont = pvp2cont.get(0); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) - cont.setCompany(StringHelper.getUTF8String( - moaconfig.getPvp2Contact().getCompany())); - - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) - cont.setGivenName(StringHelper.getUTF8String( - moaconfig.getPvp2Contact().getGivenname())); - - if (cont.getMail() != null && cont.getMail().size() > 0) - cont.getMail().set(0, moaconfig.getPvp2Contact().getMail()); - else - cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); - - if (cont.getPhone() != null && cont.getPhone().size() > 0) - cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone()); - else - cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); - - cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) - cont.setType(moaconfig.getPvp2Contact().getType()); - - - ChainingModes dbchainingmodes = dbconfig.getChainingModes(); - if (dbchainingmodes == null) { - dbchainingmodes = new ChainingModes(); - dbconfig.setChainingModes(dbchainingmodes); - } - - dbchainingmodes.setSystemDefaultMode( - ChainingModeType.fromValue("pkix")); - - - if (isMoaidMode) { - SSO dbsso = dbauth.getSSO(); - if (dbsso == null) { - dbsso = new SSO(); - dbauth.setSSO(dbsso); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) - dbsso.setFriendlyName(StringHelper.getUTF8String( - moaconfig.getSsoFriendlyName())); - if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) - dbsso.setSpecialText(StringHelper.getUTF8String( - moaconfig.getSsoSpecialText())); - // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) - // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); - - if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { - - if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { - String num = moaconfig.getSsoTarget().replaceAll(" ", ""); - String pre = null; - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - pre = Constants.IDENIFICATIONTYPE_FN; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - pre = Constants.IDENIFICATIONTYPE_ZVR; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - pre = Constants.IDENIFICATIONTYPE_ERSB; - } - - dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); - - } else { - dbsso.setTarget(moaconfig.getSsoTarget()); - - } - } - // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { - // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); - // if (ssoid == null) { - // ssoid = new IdentificationNumber(); - // dbsso.setIdentificationNumber(ssoid); - // } - // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); - // } - - DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); - - if (dbbkus == null) { - dbbkus = new DefaultBKUs(); - dbconfig.setDefaultBKUs(dbbkus); - } - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) - dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); - else - dbbkus.setHandyBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) - dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); - else - dbbkus.setOnlineBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) - dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); - else - dbbkus.setLocalBKU(new String()); - - - - IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); - if (idlsigners == null) { - idlsigners = new IdentityLinkSigners(); - dbauth.setIdentityLinkSigners(idlsigners); - } - - ForeignIdentities dbforeign = dbauth.getForeignIdentities(); - if (dbforeign == null) { - dbforeign = new ForeignIdentities(); - dbauth.setForeignIdentities(dbforeign); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { - ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); - if (forcon == null) { - forcon = new ConnectionParameterClientAuthType(); - dbforeign.setConnectionParameter(forcon); - } - - if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) - forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); - - else { - if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) - forcon.setURL( - moaconfig.getSzrgwURL().trim().substring(0, - moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - forcon.setURL( - StringUtils.chomp(moaconfig.getSzrgwURL().trim())); - - } - - } - - ForeignIdentities foreign = dbauth.getForeignIdentities(); - if (foreign != null) { - STORK stork = foreign.getSTORK(); - if (stork == null) { - stork = new STORK(); - foreign.setSTORK(stork); - - } - - try { - log.error("QAAAA " + storkconfig.getDefaultQaa()); - stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); - - if (storkconfig.getAttributes() != null) { - List dbStorkAttr = new ArrayList(); - stork.setAttributes(dbStorkAttr); - - - for (StorkAttribute attr : storkconfig.getAttributes()) { - if (attr != null && MiscUtil.isNotEmpty(attr.getName())) - dbStorkAttr.add(attr); - - else - log.info("Remove null or empty STORK attribute"); - } - - } else - stork.setAttributes((List) (new ArrayList())); - - if (storkconfig.getCpepslist() != null) { - List dbStorkCPEPS = new ArrayList(); - stork.setCPEPS(dbStorkCPEPS); - - for (CPEPS cpeps : storkconfig.getCpepslist()) { - if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && - MiscUtil.isNotEmpty(cpeps.getCountryCode())) { - - if (cpeps.getCountryCode().equals("CC") && - cpeps.getURL().equals("http://")) - log.info("Remove dummy STORK CPEPS entry."); - - else - dbStorkCPEPS.add(cpeps); - - } else - log.info("Remove null or emtpy STORK CPEPS configuration"); - } - - } else - stork.setCPEPS((List) (new ArrayList())); - - } catch (Exception e) { - e.printStackTrace(); - - } - - try{ - log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); - log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); - - } catch (Exception ex) { - log.info("CPEPS LIST is null"); - - } - } - - //write MIS Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { - OnlineMandates dbmandate = dbauth.getOnlineMandates(); - if (dbmandate == null) { - dbmandate = new OnlineMandates(); - dbauth.setOnlineMandates(dbmandate); - } - ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); - - if (dbmandateconnection == null) { - dbmandateconnection = new ConnectionParameterClientAuthType(); - dbmandate.setConnectionParameter(dbmandateconnection); - } - - if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) - dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); - - else { - if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbmandateconnection.setURL( - moaconfig.getMandateURL().trim().substring(0, - moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbmandateconnection.setURL( - StringUtils.chomp(moaconfig.getMandateURL().trim())); - - } - } - - //write ELGA Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) - dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); - - else { - if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setElgaMandateServiceURLs( - moaconfig.getElgaMandateServiceURL().trim().substring(0, - moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbconfig.setElgaMandateServiceURLs( - StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); - - } - } else - dbconfig.setElgaMandateServiceURLs(null); - } - - - //write E-ID System URLs - if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) - dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getEidSystemServiceURL())); - - else { - if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setEidSystemServiceURLs( - moaconfig.getEidSystemServiceURL().trim().substring(0, - moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbconfig.setEidSystemServiceURLs( - StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); - - } - - } else - dbconfig.setEidSystemServiceURLs(null); - - - if (isMoaidMode) { - MOASP dbmoasp = dbauth.getMOASP(); - if (dbmoasp == null) { - dbmoasp = new MOASP(); - dbauth.setMOASP(dbmoasp); - } - if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { - ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); - if (moaspcon == null) { - moaspcon = new ConnectionParameterClientAuthType(); - dbmoasp.setConnectionParameter(moaspcon); - } - moaspcon.setURL(moaconfig.getMoaspssURL()); - } - VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); - if (moaidl == null) { - moaidl = new VerifyIdentityLink(); - dbmoasp.setVerifyIdentityLink(moaidl); - } - moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); - moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); - - VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); - if (moaauth == null) { - moaauth = new VerifyAuthBlock(); - dbmoasp.setVerifyAuthBlock(moaauth); - } - moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); - moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); - - if (moaauth.getVerifyTransformsInfoProfileID() != null && - moaauth.getVerifyTransformsInfoProfileID().size() > 0) - moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); - - else { - if (moaauth.getVerifyTransformsInfoProfileID() == null) { - moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); - - } - moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); - } - - SecurityLayer seclayertrans = dbauth.getSecurityLayer(); - if (seclayertrans == null) { - seclayertrans = new SecurityLayer(); - dbauth.setSecurityLayer(seclayertrans); - } - List trans = new ArrayList(); - Map moatrans = moaconfig.getSecLayerTransformation(); - if (moatrans != null) { - Set keys = moatrans.keySet(); - for (String key : keys) { - TransformsInfoType elem = new TransformsInfoType(); - elem.setFilename(key); - elem.setTransformation(moatrans.get(key)); - trans.add(elem); - } - } - if (trans.size() > 0) - seclayertrans.setTransformsInfo(trans); - - - SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); - if (slrequesttempl == null) { - slrequesttempl = new SLRequestTemplates(); - dbconfig.setSLRequestTemplates(slrequesttempl); - } - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) - slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) - slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) - slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); - - } - - if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) - dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); - - //save config - try { - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - configuration.getConfigModule().storeChanges(keyValueConfig, null, null); - - log.info("General MOA-ID Key/Value configuration successfull stored."); - - - } catch (ConfigurationStorageException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - - } finally { - - - } - - return null; - } - - /** - * @return the moaconfig - */ - public GeneralMOAIDConfig getMoaconfig() { - return moaconfig; - } - - /** - * @param moaconfig the moaconfig to set - */ - public void setMoaconfig(GeneralMOAIDConfig moaconfig) { - this.moaconfig = moaconfig; - } - - /** - * Gets the storkconfig. - * - * @return the storkconfig - */ - public GeneralStorkConfig getStorkconfig() { - return storkconfig; - } - - /** - * Sets the storkconfig. - * - * @param storkconfig the new storkconfig - */ - public void setStorkconfig(GeneralStorkConfig storkconfig) { - this.storkconfig = storkconfig; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - - + } + + Organization pvp2org = pvp2.getOrganization(); + if (pvp2org == null) { + pvp2org = new Organization(); + pvp2.setOrganization(pvp2org); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) { + pvp2org.setDisplayName(StringHelper.getUTF8String( + moaconfig.getPvp2OrgDisplayName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) { + pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) { + pvp2org.setURL(moaconfig.getPvp2OrgURL()); + } + + List pvp2cont = pvp2.getContact(); + if (pvp2cont == null) { + pvp2cont = new ArrayList<>(); + pvp2.setContact(pvp2cont); + } + + if (pvp2cont.size() == 0) { + final Contact cont = new Contact(); + pvp2cont.add(cont); + } + + final Contact cont = pvp2cont.get(0); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) { + cont.setCompany(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getCompany())); + } + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) { + cont.setGivenName(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getGivenname())); + } + + if (cont.getMail() != null && cont.getMail().size() > 0) { + cont.getMail().set(0, moaconfig.getPvp2Contact().getMail()); + } else { + cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); + } + + if (cont.getPhone() != null && cont.getPhone().size() > 0) { + cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone()); + } else { + cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); + } + + cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname())); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) { + cont.setType(moaconfig.getPvp2Contact().getType()); + } + + ChainingModes dbchainingmodes = dbconfig.getChainingModes(); + if (dbchainingmodes == null) { + dbchainingmodes = new ChainingModes(); + dbconfig.setChainingModes(dbchainingmodes); + } + + dbchainingmodes.setSystemDefaultMode( + ChainingModeType.fromValue("pkix")); + + if (isMoaidMode) { + SSO dbsso = dbauth.getSSO(); + if (dbsso == null) { + dbsso = new SSO(); + dbauth.setSSO(dbsso); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) { + dbsso.setFriendlyName(StringHelper.getUTF8String( + moaconfig.getSsoFriendlyName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) { + dbsso.setSpecialText(StringHelper.getUTF8String( + moaconfig.getSsoSpecialText())); + // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) + // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { + + if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { + String num = moaconfig.getSsoTarget().replaceAll(" ", ""); + String pre = null; + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = Constants.IDENIFICATIONTYPE_FN; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + pre = Constants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + pre = Constants.IDENIFICATIONTYPE_ERSB; + } + + dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); + + } else { + dbsso.setTarget(moaconfig.getSsoTarget()); + + } + } + // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { + // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); + // if (ssoid == null) { + // ssoid = new IdentificationNumber(); + // dbsso.setIdentificationNumber(ssoid); + // } + // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); + // } + + DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); + + if (dbbkus == null) { + dbbkus = new DefaultBKUs(); + dbconfig.setDefaultBKUs(dbbkus); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) { + dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); + } else { + dbbkus.setHandyBKU(new String()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) { + dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); + } else { + dbbkus.setOnlineBKU(new String()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) { + dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); + } else { + dbbkus.setLocalBKU(new String()); + } + + IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); + if (idlsigners == null) { + idlsigners = new IdentityLinkSigners(); + dbauth.setIdentityLinkSigners(idlsigners); + } + + ForeignIdentities dbforeign = dbauth.getForeignIdentities(); + if (dbforeign == null) { + dbforeign = new ForeignIdentities(); + dbauth.setForeignIdentities(dbforeign); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { + ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); + if (forcon == null) { + forcon = new ConnectionParameterClientAuthType(); + dbforeign.setConnectionParameter(forcon); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) { + forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); + } else { + if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) { + forcon.setURL( + moaconfig.getSzrgwURL().trim().substring(0, + moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + forcon.setURL( + StringUtils.chomp(moaconfig.getSzrgwURL().trim())); + } + + } + + } + + final ForeignIdentities foreign = dbauth.getForeignIdentities(); + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork == null) { + stork = new STORK(); + foreign.setSTORK(stork); + + } + + try { + log.error("QAAAA " + storkconfig.getDefaultQaa()); + stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); + + if (storkconfig.getAttributes() != null) { + final List dbStorkAttr = new ArrayList<>(); + stork.setAttributes(dbStorkAttr); + + for (final StorkAttribute attr : storkconfig.getAttributes()) { + if (attr != null && MiscUtil.isNotEmpty(attr.getName())) { + dbStorkAttr.add(attr); + } else { + log.info("Remove null or empty STORK attribute"); + } + } + + } else { + stork.setAttributes(new ArrayList()); + } + + if (storkconfig.getCpepslist() != null) { + final List dbStorkCPEPS = new ArrayList<>(); + stork.setCPEPS(dbStorkCPEPS); + + for (final CPEPS cpeps : storkconfig.getCpepslist()) { + if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && + MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + + if (cpeps.getCountryCode().equals("CC") && + cpeps.getURL().equals("http://")) { + log.info("Remove dummy STORK CPEPS entry."); + } else { + dbStorkCPEPS.add(cpeps); + } + + } else { + log.info("Remove null or emtpy STORK CPEPS configuration"); + } + } + + } else { + stork.setCPEPS(new ArrayList()); + } + + } catch (final Exception e) { + e.printStackTrace(); + + } + + try { + log.info("CPEPS LIST: " + storkconfig.getCpepslist().size()); + log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() + storkconfig + .getCpepslist().get(0).getURL()); + + } catch (final Exception ex) { + log.info("CPEPS LIST is null"); + + } + } + + // write MIS Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { + OnlineMandates dbmandate = dbauth.getOnlineMandates(); + if (dbmandate == null) { + dbmandate = new OnlineMandates(); + dbauth.setOnlineMandates(dbmandate); + } + ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); + + if (dbmandateconnection == null) { + dbmandateconnection = new ConnectionParameterClientAuthType(); + dbmandate.setConnectionParameter(dbmandateconnection); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) { + dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); + } else { + if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbmandateconnection.setURL( + moaconfig.getMandateURL().trim().substring(0, + moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbmandateconnection.setURL( + StringUtils.chomp(moaconfig.getMandateURL().trim())); + } + + } + } + + // write ELGA Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) { + dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig + .getElgaMandateServiceURL())); + } else { + if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbconfig.setElgaMandateServiceURLs( + moaconfig.getElgaMandateServiceURL().trim().substring(0, + moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbconfig.setElgaMandateServiceURLs( + StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + } + + } + } else { + dbconfig.setElgaMandateServiceURLs(null); + } + } + + // write E-ID System URLs + if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) { + dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig + .getEidSystemServiceURL())); + } else { + if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbconfig.setEidSystemServiceURLs( + moaconfig.getEidSystemServiceURL().trim().substring(0, + moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbconfig.setEidSystemServiceURLs( + StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); + } + + } + + } else { + dbconfig.setEidSystemServiceURLs(null); + } + + if (isMoaidMode) { + MOASP dbmoasp = dbauth.getMOASP(); + if (dbmoasp == null) { + dbmoasp = new MOASP(); + dbauth.setMOASP(dbmoasp); + } + if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { + ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); + if (moaspcon == null) { + moaspcon = new ConnectionParameterClientAuthType(); + dbmoasp.setConnectionParameter(moaspcon); + } + moaspcon.setURL(moaconfig.getMoaspssURL()); + } + VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); + if (moaidl == null) { + moaidl = new VerifyIdentityLink(); + dbmoasp.setVerifyIdentityLink(moaidl); + } + moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); + moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); + + VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); + if (moaauth == null) { + moaauth = new VerifyAuthBlock(); + dbmoasp.setVerifyAuthBlock(moaauth); + } + moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); + moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); + + if (moaauth.getVerifyTransformsInfoProfileID() != null && + moaauth.getVerifyTransformsInfoProfileID().size() > 0) { + moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); + } else { + if (moaauth.getVerifyTransformsInfoProfileID() == null) { + moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); + + } + moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); + } + + SecurityLayer seclayertrans = dbauth.getSecurityLayer(); + if (seclayertrans == null) { + seclayertrans = new SecurityLayer(); + dbauth.setSecurityLayer(seclayertrans); + } + final List trans = new ArrayList<>(); + final Map moatrans = moaconfig.getSecLayerTransformation(); + if (moatrans != null) { + final Set keys = moatrans.keySet(); + for (final String key : keys) { + final TransformsInfoType elem = new TransformsInfoType(); + elem.setFilename(key); + elem.setTransformation(moatrans.get(key)); + trans.add(elem); + } + } + if (trans.size() > 0) { + seclayertrans.setTransformsInfo(trans); + } + + SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); + if (slrequesttempl == null) { + slrequesttempl = new SLRequestTemplates(); + dbconfig.setSLRequestTemplates(slrequesttempl); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) { + slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) { + slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) { + slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); + } + + } + + if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) { + dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); + } + + // save config + try { + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + configuration.getConfigModule().storeChanges(keyValueConfig, null, null); + + log.info("General MOA-ID Key/Value configuration successfull stored."); + + } catch (final ConfigurationStorageException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + + } finally { + + } + + return null; + } + + /** + * @return the moaconfig + */ + public GeneralMOAIDConfig getMoaconfig() { + return moaconfig; + } + + /** + * @param moaconfig the moaconfig to set + */ + public void setMoaconfig(GeneralMOAIDConfig moaconfig) { + this.moaconfig = moaconfig; + } + + /** + * Gets the storkconfig. + * + * @return the storkconfig + */ + public GeneralStorkConfig getStorkconfig() { + return storkconfig; + } + + /** + * Sets the storkconfig. + * + * @param storkconfig the new storkconfig + */ + public void setStorkconfig(GeneralStorkConfig storkconfig) { + this.storkconfig = storkconfig; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 31126d14f..1ad6e7d6b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -27,8 +27,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -53,505 +51,512 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class EditOAAction extends BasicOAAction { - private final Logger log = Logger.getLogger(EditOAAction.class); - private static final long serialVersionUID = 1L; - - private String nextPage; - - public EditOAAction() { - super(); - - OATargetConfiguration oaTarget = new OATargetConfiguration(); - formList.put(oaTarget.getName(), oaTarget); - - OAAuthenticationData authOA = new OAAuthenticationData(); - formList.put(authOA.getName(), authOA); - - OASAML1Config saml1OA = new OASAML1Config(); - formList.put(saml1OA.getName(), saml1OA); - - if (isMoaidMode) { - OABPKEncryption bPKEncDec = new OABPKEncryption(); - formList.put(bPKEncDec.getName(), bPKEncDec); - - OASSOConfig ssoOA = new OASSOConfig(); - formList.put(ssoOA.getName(), ssoOA); - - OAPVP2Config pvp2OA = new OAPVP2Config(); - formList.put(pvp2OA.getName(), pvp2OA); - - OAOAuth20Config oauth20OA = new OAOAuth20Config(); - formList.put(oauth20OA.getName(), oauth20OA); - - OASTORKConfig storkOA = new OASTORKConfig(); - formList.put(storkOA.getName(), storkOA); - - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - formList.put(formOA.getName(), formOA); - - OARevisionsLogData revisOA = new OARevisionsLogData(); - formList.put(revisOA.getName(), revisOA); - } - - } - - // STRUTS actions - public String inital() { - try { - populateBasicInformations(); - - OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); - - if (onlineapplication == null) { - addActionError(LanguageHelper.getErrorString( - "errors.listOAs.noOA", request)); - return Constants.STRUTS_SUCCESS; - } - - List errors = new ArrayList(); - for (IOnlineApplicationData form : formList.values()) { - List error = form.parse(onlineapplication, authUser, - request); - if (error != null) - errors.addAll(error); - } - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - - setNewOA(false); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_OAID, oaid); - - return Constants.STRUTS_OA_EDIT; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String newOA() { - log.debug("insert new Online-Application"); - - try { - populateBasicInformations(); - - populateBasicNewOnlineApplicationInformation(); - - // prepare attribute helper list - ArrayList attributes = new ArrayList(); - - try { - for (StorkAttribute current : configuration.getDbRead() - .getMOAIDConfiguration().getAuthComponentGeneral() - .getForeignIdentities().getSTORK().getAttributes()) - attributes.add(new AttributeHelper(current)); - - - } catch (NullPointerException e) { - - } - - if (getStorkOA() != null) - getStorkOA().setHelperAttributes(attributes); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser - .getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null - && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString( - "error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - if (formList.get(new OAOAuth20Config().getName()) != null) - session.setAttribute( - Constants.SESSION_OAUTH20SECRET, - ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) - .getClientSecret()); - - if (getFormOA() != null) - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); - - - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - - return Constants.STRUTS_OA_EDIT; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String saveOA() { - - OnlineApplication onlineapplication = null; - - try { - populateBasicInformations(); - onlineapplication = preProcessSaveOnlineApplication(); - - List errors = new ArrayList(); - - // validate forms - for (IOnlineApplicationData form : formList.values()) - errors.addAll(form.validate(getGeneralOA(), authUser, request)); - - // Do not allow SSO in combination with special BKUSelection features - if (getSsoOA() != null && getSsoOA().isUseSSO() - && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() - .isShowMandateLoginButton())) { - log.warn("Special BKUSelection features can not be used in combination with SSO"); - errors.add(LanguageHelper.getErrorString( - "validation.general.bkuselection.specialfeatures.valid", - request)); - } - - if (errors.size() > 0) { - log.info("OAConfiguration with ID " - + getGeneralOA().getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - try { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true); - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - } - - } - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - if (onlineapplication.isIsAdminRequired()) { - int numoas = 0; - int numusers = 0; - - List openOAs = configuration.getDbRead() - .getAllNewOnlineApplications(); - if (openOAs != null) - numoas = openOAs.size(); - - List openUsers = configuration.getUserManagement().getAllNewUsers(); - if (openUsers != null) - numusers = openUsers.size(); - try { - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.success.admin", getGeneralOA() - .getIdentifier(), request)); - - if (numusers > 0 || numoas > 0) - MailHelper.sendAdminMail(numoas, numusers); - - } catch (ConfigurationException e) { - log.warn("Sending Mail to Admin failed.", e); - } - - } else - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.success", - getGeneralOA().getIdentifier(), request)); - - // remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String cancleAndBackOA() { - try { - populateBasicInformations(); - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), - request)); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String deleteOA() { - String oaidentifier = null; - try { - populateBasicInformations(); - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - oaidentifier = preProcessDeleteOnlineApplication(); - List onlineapplications = configuration.getDbRead() - .getOnlineApplications(oaidentifier); - - Long oaid = getOAIDFromSession(); - - OnlineApplication onlineapplication = null; - - if (onlineapplications != null && onlineapplications.size() > 1) { - log.info("Found more then one OA with PublicURLPrefix in configuration. " - + "Select OA with DB Id ..."); - - for (OnlineApplication oa : onlineapplications) { - if (oa.getHjid().equals(oaid)) { - if (onlineapplication == null) - onlineapplication = oa; - - else { - log.error("Found more then one OA with same PublicURLPrefix and same DBID."); - new BasicOAActionException( - "Found more then one OA with same PublicURLPrefix and same DBID.", - Constants.STRUTS_SUCCESS); - - } - } - } - - } else if (onlineapplications != null && onlineapplications.size() == 1) - onlineapplication = onlineapplications.get(0); - - request.getSession().setAttribute(Constants.SESSION_OAID, null); - + private static final long serialVersionUID = 1L; + + private String nextPage; + + public EditOAAction() { + super(); + + final OATargetConfiguration oaTarget = new OATargetConfiguration(); + formList.put(oaTarget.getName(), oaTarget); + + final OAAuthenticationData authOA = new OAAuthenticationData(); + formList.put(authOA.getName(), authOA); + + final OASAML1Config saml1OA = new OASAML1Config(); + formList.put(saml1OA.getName(), saml1OA); + + if (isMoaidMode) { + final OABPKEncryption bPKEncDec = new OABPKEncryption(); + formList.put(bPKEncDec.getName(), bPKEncDec); + + final OASSOConfig ssoOA = new OASSOConfig(); + formList.put(ssoOA.getName(), ssoOA); + + final OAPVP2Config pvp2OA = new OAPVP2Config(); + formList.put(pvp2OA.getName(), pvp2OA); + + final OAOAuth20Config oauth20OA = new OAOAuth20Config(); + formList.put(oauth20OA.getName(), oauth20OA); + + final OASTORKConfig storkOA = new OASTORKConfig(); + formList.put(storkOA.getName(), storkOA); + + final Map map = new HashMap<>(); + map.putAll(FormBuildUtils.getDefaultMap()); + final FormularCustomization formOA = new FormularCustomization(map); + formList.put(formOA.getName(), formOA); + + final OARevisionsLogData revisOA = new OARevisionsLogData(); + formList.put(revisOA.getName(), revisOA); + } + + } + + // STRUTS actions + public String inital() { + try { + populateBasicInformations(); + + final OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); + + if (onlineapplication == null) { + addActionError(LanguageHelper.getErrorString( + "errors.listOAs.noOA", request)); + return Constants.STRUTS_SUCCESS; + } + + final List errors = new ArrayList<>(); + for (final IOnlineApplicationData form : formList.values()) { + final List error = form.parse(onlineapplication, authUser, + request); + if (error != null) { + errors.addAll(error); + } + } + if (errors.size() > 0) { + for (final String el : errors) { + addActionError(el); + } + } + + setNewOA(false); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + + return Constants.STRUTS_OA_EDIT; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String newOA() { + log.debug("insert new Online-Application"); + + try { + populateBasicInformations(); + + populateBasicNewOnlineApplicationInformation(); + + // prepare attribute helper list + final ArrayList attributes = new ArrayList<>(); + + try { + for (final StorkAttribute current : configuration.getDbRead() + .getMOAIDConfiguration().getAuthComponentGeneral() + .getForeignIdentities().getSTORK().getAttributes()) { + attributes.add(new AttributeHelper(current)); + } + + } catch (final NullPointerException e) { + + } + + if (getStorkOA() != null) { + getStorkOA().setHelperAttributes(attributes); + } + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser + .getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null + && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString( + "error.editoa.mailverification", request)); + return Constants.STRUTS_SUCCESS; + } + + if (formList.get(new OAOAuth20Config().getName()) != null) { + session.setAttribute( + Constants.SESSION_OAUTH20SECRET, + ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) + .getClientSecret()); + } + + if (getFormOA() != null) { + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + } + + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + + return Constants.STRUTS_OA_EDIT; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String saveOA() { + + OnlineApplication onlineapplication = null; + + try { + populateBasicInformations(); + onlineapplication = preProcessSaveOnlineApplication(); + + final List errors = new ArrayList<>(); + + // validate forms + for (final IOnlineApplicationData form : formList.values()) { + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + } + + // Do not allow SSO in combination with special BKUSelection features + if (getSsoOA() != null && getSsoOA().isUseSSO() + && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() + .isShowMandateLoginButton())) { + log.warn("Special BKUSelection features can not be used in combination with SSO"); + errors.add(LanguageHelper.getErrorString( + "validation.general.bkuselection.specialfeatures.valid", + request)); + } + + if (errors.size() > 0) { + log.info("OAConfiguration with ID " + + getGeneralOA().getIdentifier() + " has some errors."); + for (final String el : errors) { + addActionError(el); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + try { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true); + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } + + } + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + if (onlineapplication.isIsAdminRequired()) { + int numoas = 0; + int numusers = 0; + + final List openOAs = configuration.getDbRead() + .getAllNewOnlineApplications(); + if (openOAs != null) { + numoas = openOAs.size(); + } + + final List openUsers = configuration.getUserManagement().getAllNewUsers(); + if (openUsers != null) { + numusers = openUsers.size(); + } + try { + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.success.admin", getGeneralOA() + .getIdentifier(), request)); + + if (numusers > 0 || numoas > 0) { + MailHelper.sendAdminMail(numoas, numusers); + } + + } catch (final ConfigurationException e) { + log.warn("Sending Mail to Admin failed.", e); + } + + } else { + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.success", + getGeneralOA().getIdentifier(), request)); + } + + // remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String cancleAndBackOA() { + try { + populateBasicInformations(); + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), + request)); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String deleteOA() { + String oaidentifier = null; + try { + populateBasicInformations(); + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + oaidentifier = preProcessDeleteOnlineApplication(); + final List onlineapplications = configuration.getDbRead() + .getOnlineApplications(oaidentifier); + + final Long oaid = getOAIDFromSession(); + + OnlineApplication onlineapplication = null; + + if (onlineapplications != null && onlineapplications.size() > 1) { + log.info("Found more then one OA with PublicURLPrefix in configuration. " + + "Select OA with DB Id ..."); + + for (final OnlineApplication oa : onlineapplications) { + if (oa.getHjid().equals(oaid)) { + if (onlineapplication == null) { + onlineapplication = oa; + } else { + log.error("Found more then one OA with same PublicURLPrefix and same DBID."); + new BasicOAActionException( + "Found more then one OA with same PublicURLPrefix and same DBID.", + Constants.STRUTS_SUCCESS); + + } + } + } + + } else if (onlineapplications != null && onlineapplications.size() == 1) { + onlineapplication = onlineapplications.get(0); + } + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + // try { // if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA() // .getOAPVP2().getMetadataURL())) { -// +// // MOAIDConfiguration moaconfig = configuration.getDbRead() // .getMOAIDConfiguration(); // moaconfig.setPvp2RefreshItem(new Date()); // ConfigurationDBUtils.saveOrUpdate(moaconfig); -// +// // } -// } catch (NullPointerException e) { +// } catch (NullPointerException e) { // log.debug("Found no MetadataURL in OA-Databaseconfig"); -// +// // } catch (Throwable e) { // log.info("Set metadata refresh flag FAILED.", e); // } - - if (onlineapplication != null && delete(onlineapplication)) { - - if (!authUser.isAdmin()) { - UserDatabase user = configuration.getUserManagement().getUserWithID(authUser - .getUserID()); - List useroas = user.getOnlineApplication(); - - for (String oa : useroas) { - if (oa.equals(onlineapplication.getHjid())) { - useroas.remove(oa); - } - } - - try { - configuration.getUserManagement().saveOrUpdate(user); - - } catch (MOADatabaseException e) { - log.warn("User information can not be updated in database", - e); - addActionError(LanguageHelper.getGUIString( - "error.db.oa.store", request)); - return Constants.STRUTS_ERROR; - } - } - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.delete.message", oaidentifier, request)); - - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getGUIString( - "webpages.oaconfig.delete.error", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - - } - - public OAAuthenticationData getAuthOA() { - return (OAAuthenticationData) formList.get(new OAAuthenticationData() - .getName()); - } - - public void setAuthOA(OAAuthenticationData generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - public OASAML1Config getSaml1OA() { - return (OASAML1Config) formList.get(new OASAML1Config().getName()); - } - - public void setSaml1OA(OASAML1Config saml1oa) { - formList.put(saml1oa.getName(), saml1oa); - } - - public OASSOConfig getSsoOA() { - return (OASSOConfig) formList.get(new OASSOConfig().getName()); - } - - public void setSsoOA(OASSOConfig ssoOA) { - formList.put(ssoOA.getName(), ssoOA); - } - - public OASTORKConfig getStorkOA() { - return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); - } - - public void setStorkOA(OASTORKConfig storkOA) { - formList.put(storkOA.getName(), storkOA); - } - - - public OARevisionsLogData getRevisionsLogOA() { - return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName()); - } - - public void setRevisionsLogOA(OARevisionsLogData storkOA) { - formList.put(storkOA.getName(), storkOA); - } - - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return (FormularCustomization) formList.get(new FormularCustomization( - null).getName()); - } - - /** - * @param formOA - * the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - formList.put(formOA.getName(), formOA); - } - - public OAOAuth20Config getOauth20OA() { - return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); - } - - public void setOauth20OA(OAOAuth20Config oauth20OA) { - formList.put(oauth20OA.getName(), oauth20OA); - } - - /** - * @return the formOA - */ - public OATargetConfiguration getTargetConfig() { - return (OATargetConfiguration) formList.get(new OATargetConfiguration() - .getName()); - } - - /** - * @param formOA - * the formOA to set - */ - public void setTargetConfig(OATargetConfiguration formOA) { - formList.put(formOA.getName(), formOA); - } - - /** - * @return the bPK encryption/decryption form - */ - public OABPKEncryption getBPKEncDecr() { - return (OABPKEncryption) formList.get(new OABPKEncryption().getName()); - } - - /** - * @param bPK encryption/decryption form - * the bPK encryption/decryption form to set - */ - public void setBPKEncDecr(OABPKEncryption formOA) { - formList.put(formOA.getName(), formOA); - } - + + if (onlineapplication != null && delete(onlineapplication)) { + + if (!authUser.isAdmin()) { + final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser + .getUserID()); + final List useroas = user.getOnlineApplication(); + + for (final String oa : useroas) { + if (oa.equals(onlineapplication.getHjid())) { + useroas.remove(oa); + } + } + + try { + configuration.getUserManagement().saveOrUpdate(user); + + } catch (final MOADatabaseException e) { + log.warn("User information can not be updated in database", + e); + addActionError(LanguageHelper.getGUIString( + "error.db.oa.store", request)); + return Constants.STRUTS_ERROR; + } + } + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.delete.message", oaidentifier, request)); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getGUIString( + "webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + + } + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData() + .getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + public OASAML1Config getSaml1OA() { + return (OASAML1Config) formList.get(new OASAML1Config().getName()); + } + + public void setSaml1OA(OASAML1Config saml1oa) { + formList.put(saml1oa.getName(), saml1oa); + } + + public OASSOConfig getSsoOA() { + return (OASSOConfig) formList.get(new OASSOConfig().getName()); + } + + public void setSsoOA(OASSOConfig ssoOA) { + formList.put(ssoOA.getName(), ssoOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + public OARevisionsLogData getRevisionsLogOA() { + return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName()); + } + + public void setRevisionsLogOA(OARevisionsLogData storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization( + null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OAOAuth20Config getOauth20OA() { + return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); + } + + public void setOauth20OA(OAOAuth20Config oauth20OA) { + formList.put(oauth20OA.getName(), oauth20OA); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration() + .getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the bPK encryption/decryption form + */ + public OABPKEncryption getBPKEncDecr() { + return (OABPKEncryption) formList.get(new OABPKEncryption().getName()); + } + + /** + * @param bPK encryption/decryption form the bPK encryption/decryption form to + * set + */ + public void setBPKEncDecr(OABPKEncryption formOA) { + formList.put(formOA.getName(), formOA); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java index e238c6d37..6a6cf1d27 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.LinkedHashMap; import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; -import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationConfig; /** @@ -35,22 +33,22 @@ import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationC */ public class IDPGatewayAction extends InterfederationIDPAction { - private static final long serialVersionUID = -2047128481980413334L; - - public IDPGatewayAction() { - super(); - formList.putAll(buildIDPGatewayFormList()); - } - - public static LinkedHashMap buildIDPGatewayFormList() { - - LinkedHashMap forms = - new LinkedHashMap(); - - PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig(); - forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig); - - return forms; - } + private static final long serialVersionUID = -2047128481980413334L; + + public IDPGatewayAction() { + super(); + formList.putAll(buildIDPGatewayFormList()); + } + + public static LinkedHashMap buildIDPGatewayFormList() { + + final LinkedHashMap forms = + new LinkedHashMap<>(); + + final PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig(); + forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig); + + return forms; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index d72505c0f..e2458a6a5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -38,7 +38,6 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; -import org.apache.log4j.Logger; import org.springframework.beans.BeansException; import at.gv.egiz.components.configuration.api.Configuration; @@ -52,472 +51,468 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class ImportExportAction extends BasicAction { - - private static final Logger log = Logger.getLogger(ImportExportAction.class); - private static final long serialVersionUID = 1L; - - private String formID; - private File fileUpload = null; - private String fileUploadContentType = null; - private String fileUploadFileName = null; - - private InputStream fileInputStream; - - public String init() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String importLegacyConfig() throws ConfigurationException { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - //load legacy config if it is configured - - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - Properties result = null; - - try { - log.warn("WARNING! The legacy import deletes the hole old config"); - - InputStream inStream = new FileInputStream(fileUpload); - // get config from xml file - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); - Unmarshaller m = jc.createUnmarshaller(); - MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); - - // serialize config to JSON properties - result = ConfigurationUtil.moaIdConfigToJsonProperties(config); - - if (result == null || result.isEmpty()) { - log.info("Legacy configuration has is empty"); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {"Empty Configuratiobn"}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - } catch (JAXBException | FileNotFoundException e) { - log.info("Legacy configuration has an Import Error", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - try { - //check if XML config should be use - log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - boolean isOverwriteData = true; - - List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); - - if (keys == null) { - log.info("Configuration is not readable."); - throw new MOADatabaseException("Configuration is not readable."); - } - - if (isOverwriteData) { - // remove existing entries - for (String key : keys) { - dbConfiguration.deleteIds(key); - } - } - - Enumeration propertyNames = result.propertyNames(); - - while (propertyNames.hasMoreElements()) { - String key = (String) propertyNames.nextElement(); - String json = result.getProperty(key); - - dbConfiguration.setStringValue(key, json); - } - - } catch (ConfigurationException | MOADatabaseException | at.gv.egiz.components.configuration.api.ConfigurationException e1) { - log.warn("General MOA-ID config can not be stored in Database", e1); - addActionError(e1.getMessage()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - finally { - - } - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - log.info("Legacy Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String downloadXMLConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - log.info("Write MOA-ID 3.x config"); - try { - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - Properties result = new Properties(); - String[] allConfigIDs = dbConfiguration.getConfigurationIds(); - for (String key : allConfigIDs) { - String value = dbConfiguration.getStringValue(key); - if (MiscUtil.isNotEmpty(value)) { - result.put(key, value); - log.debug("Put key: " + key + " with value: " + value + " to property file."); - - } else - log.info("Leave key: " + key + " Reason: Value is null or empty"); - - } - - - if (result.isEmpty()) { - log.info("No MOA-ID 3.x configruation available"); - addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - ByteArrayOutputStream output = new ByteArrayOutputStream(); - result.store(output, null); - fileInputStream = new ByteArrayInputStream(output.toByteArray()); - - } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) { - log.info("MOA-ID 3.x configruation could not be exported into file.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.export", - new Object[]{e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } catch (ConfigurationException | BeansException e) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - finally { - - } - - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - - public String importXMLConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - } - - log.info("Load configuration from MOA-ID 3.x XML configuration"); - - try { - - Properties inProperties = new Properties(); - inProperties.load(new FileInputStream(fileUpload)); - - //check if XML config should be use - log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - boolean isOverwriteData = true; - - List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); - - if (keys == null) { - log.info("Configuration is not readable."); - throw new MOADatabaseException("Configuration is not readable."); - } - - if (isOverwriteData) { - // remove existing entries - for (String key : keys) { - dbConfiguration.deleteIds(key); - } - } - - Enumeration propertyNames = inProperties.propertyNames(); - - while (propertyNames.hasMoreElements()) { - String key = (String) propertyNames.nextElement(); - String json = inProperties.getProperty(key); - - dbConfiguration.setStringValue(key, json); - } - - } catch (Exception e) { - log.warn("MOA-ID XML configuration can not be loaded from File.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.import", - new Object[]{e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - finally { - - } - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - log.info("XML Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - } - - /** - * @return the fileUpload - */ - public File getFileUpload() { - return fileUpload; - } - - - - /** - * @param fileUpload the fileUpload to set - */ - public void setFileUpload(File fileUpload) { - this.fileUpload = fileUpload; - } - - - - /** - * @return the fileUploadContentType - */ - public String getFileUploadContentType() { - return fileUploadContentType; - } - - - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(String fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - - - /** - * @return the fileUploadFileName - */ - public String getFileUploadFileName() { - return fileUploadFileName; - } - - - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(String fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - - public InputStream getFileInputStream() { - return fileInputStream; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - + + private static final long serialVersionUID = 1L; + + private String formID; + private File fileUpload = null; + private String fileUploadContentType = null; + private String fileUploadFileName = null; + + private InputStream fileInputStream; + + public String init() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String importLegacyConfig() throws ConfigurationException { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + // load legacy config if it is configured + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + Properties result = null; + + try { + log.warn("WARNING! The legacy import deletes the hole old config"); + + final InputStream inStream = new FileInputStream(fileUpload); + // get config from xml file + final JAXBContext jc = JAXBContext.newInstance( + "at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); + final Unmarshaller m = jc.createUnmarshaller(); + final MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); + + // serialize config to JSON properties + result = ConfigurationUtil.moaIdConfigToJsonProperties(config); + + if (result == null || result.isEmpty()) { + log.info("Legacy configuration has is empty"); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] { + "Empty Configuratiobn" }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + } catch (JAXBException | FileNotFoundException e) { + log.info("Legacy configuration has an Import Error", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] { e + .getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + try { + // check if XML config should be use + log.warn( + "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final boolean isOverwriteData = true; + + final List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); + + if (keys == null) { + log.info("Configuration is not readable."); + throw new MOADatabaseException("Configuration is not readable."); + } + + if (isOverwriteData) { + // remove existing entries + for (final String key : keys) { + dbConfiguration.deleteIds(key); + } + } + + final Enumeration propertyNames = result.propertyNames(); + + while (propertyNames.hasMoreElements()) { + final String key = (String) propertyNames.nextElement(); + final String json = result.getProperty(key); + + dbConfiguration.setStringValue(key, json); + } + + } catch (ConfigurationException | MOADatabaseException + | at.gv.egiz.components.configuration.api.ConfigurationException e1) { + log.warn("General MOA-ID config can not be stored in Database", e1); + addActionError(e1.getMessage()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + log.info("Legacy Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String downloadXMLConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + log.info("Write MOA-ID 3.x config"); + try { + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final Properties result = new Properties(); + final String[] allConfigIDs = dbConfiguration.getConfigurationIds(); + for (final String key : allConfigIDs) { + final String value = dbConfiguration.getStringValue(key); + if (MiscUtil.isNotEmpty(value)) { + result.put(key, value); + log.debug("Put key: " + key + " with value: " + value + " to property file."); + + } else { + log.info("Leave key: " + key + " Reason: Value is null or empty"); + } + + } + + if (result.isEmpty()) { + log.info("No MOA-ID 3.x configruation available"); + addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + final ByteArrayOutputStream output = new ByteArrayOutputStream(); + result.store(output, null); + fileInputStream = new ByteArrayInputStream(output.toByteArray()); + + } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) { + log.info("MOA-ID 3.x configruation could not be exported into file.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.export", + new Object[] { e.getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } catch (ConfigurationException | BeansException e) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String importXMLConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + } + + log.info("Load configuration from MOA-ID 3.x XML configuration"); + + try { + + final Properties inProperties = new Properties(); + inProperties.load(new FileInputStream(fileUpload)); + + // check if XML config should be use + log.warn( + "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final boolean isOverwriteData = true; + + final List keys = Arrays.asList(dbConfiguration.getConfigurationIds()); + + if (keys == null) { + log.info("Configuration is not readable."); + throw new MOADatabaseException("Configuration is not readable."); + } + + if (isOverwriteData) { + // remove existing entries + for (final String key : keys) { + dbConfiguration.deleteIds(key); + } + } + + final Enumeration propertyNames = inProperties.propertyNames(); + + while (propertyNames.hasMoreElements()) { + final String key = (String) propertyNames.nextElement(); + final String json = inProperties.getProperty(key); + + dbConfiguration.setStringValue(key, json); + } + + } catch (final Exception e) { + log.warn("MOA-ID XML configuration can not be loaded from File.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.import", + new Object[] { e.getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + log.info("XML Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } + + /** + * @return the fileUpload + */ + public File getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + public InputStream getFileInputStream() { + return fileInputStream; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 6f9d233b1..666785e24 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringEscapeUtils; -import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -78,817 +77,837 @@ import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class IndexAction extends BasicAction { - - /** - * @throws ConfigurationException - */ - - private static final long serialVersionUID = -2781497863862504896L; - - private static final Logger log = Logger.getLogger(IndexAction.class); - - private String password; - private String username; - private UserDatabaseFrom user = null; - private String formID; - - private String ssologouturl; - - private boolean pvp2LoginActiv = false; - - public IndexAction() throws BasicActionException { - super(); - } - - public String start() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - if (session.getAttribute(Constants.SESSION_I18n) == null) - session.setAttribute(Constants.SESSION_I18n, - Locale.forLanguageTag(configuration.getDefaultLanguage())); - - if (configuration.isLoginDeaktivated()) { - return "loginWithOutAuth"; - - } else { - return Constants.STRUTS_SUCCESS; - - } - } - - public String authenticate() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - String key = null; - - if (MiscUtil.isNotEmpty(username)) { - if (ValidationHelper.containsNotValidCharacter(username, false)) { - log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username)); - addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("Username is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - return Constants.STRUTS_ERROR; - } - - if (MiscUtil.isEmpty(password)) { - log.warn("Password is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - return Constants.STRUTS_ERROR; - - } else { - key = AuthenticationHelper.generateKeyFormPassword(password); - if (key == null) { - addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); - return Constants.STRUTS_ERROR; - } - } - - - UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username); - if (dbuser == null) { - log.warn("Unknown Username"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - - } else { - //TODO: maybe remove this default value in a later version - if (dbuser.isIsUsernamePasswordAllowed() == null) - dbuser.setIsUsernamePasswordAllowed(true); - - if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { - log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " is not active or Username/Password login is not allowed"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - if (!dbuser.getPassword().equals(key)) { - log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - //TODO: maybe remove this default value in a later version - boolean ismandateuser = false; - if (dbuser.isIsMandateUser() != null) - ismandateuser = dbuser.isIsMandateUser(); - - int sessionTimeOut = session.getMaxInactiveInterval(); - Date sessionExpired = new Date(new Date().getTime() + - (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); - - AuthenticatedUser authuser = new AuthenticatedUser(dbuser, - true, - ismandateuser, - false, - dbuser.getHjid()+"dbID", - "username/password", - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authuser); - - Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - if (date != null) - authuser.setLastLogin(date);; - - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - } catch (MOADatabaseException e) { - log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - finally { - } - - HttpSession session = generateNewJSession(request); - session.setAttribute(Constants.SESSION_AUTH, authuser); - - return Constants.STRUTS_SUCCESS; - } - } - - public String pvp2login() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String method = request.getMethod(); - if (session == null) { - log.info("NO HTTP Session"); - return Constants.STRUTS_ERROR; - } - - String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); - session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); - - if (method.equals("POST")) { - - try { - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - //Decode with HttpPost Binding - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); - decode.decode(messageContext); - - Response samlResponse = (Response) messageContext.getInboundMessage(); - - //ckeck InResponseTo matchs requestID - if (MiscUtil.isEmpty(authID)) { - log.info("NO AuthRequestID"); - return Constants.STRUTS_ERROR; - } - - if (!authID.equals(samlResponse.getInResponseTo())) { - log.warn("PVPRequestID does not match PVP2 Assertion ID!"); - return Constants.STRUTS_ERROR; - - } - - //check response destination - String serviceURL = configuration.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = samlResponse.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { - log.warn("PVPResponse destination does not match requested destination"); - return Constants.STRUTS_ERROR; - } - - //check if response is signed - Signature sign = samlResponse.getSignature(); - if (sign == null) { - log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - - //validate signature - PVP2Utils.validateSignature(samlResponse, configuration); - - log.info("PVP2 Assertion is valid"); - - if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - List saml2assertions = new ArrayList(); - - //check encrypted Assertion - List encryAssertionList = samlResponse.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - log.debug("Found encryped assertion. Start decryption ..."); - - KeyStore keyStore = configuration.getPVP2KeyStore(); - - X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( - keyStore, - configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(authDecCredential); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } - - log.debug("Assertion decryption finished. "); - - } else { - saml2assertions = samlResponse.getAssertions(); - - } - - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - Conditions conditions = saml2assertion.getConditions(); - DateTime notbefore = conditions.getNotBefore(); - DateTime notafter = conditions.getNotOnOrAfter(); - if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { - log.warn("PVP2 Assertion is out of Date"); - return Constants.STRUTS_ERROR; - - } - - Subject subject = saml2assertion.getSubject(); - if (subject == null) { - log.warn("Assertion has no Subject element"); - return Constants.STRUTS_ERROR; - - } - - NameID nameID = subject.getNameID(); - if (nameID == null) { - log.warn("No NameID element in PVP2 assertion!"); - return Constants.STRUTS_ERROR; - } - - String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); - - int sessionTimeOut = session.getMaxInactiveInterval(); - Date sessionExpired = new Date(new Date().getTime() + - (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); - - //search user - UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk); - if (dbuser == null) { - log.info("No user found with bpk/wbpk " + bpkwbpk); - - //read PVP2 assertion attributes; - user = new UserDatabaseFrom(); - user.setActive(false); - user.setAdmin(false); - user.setBpk(bpkwbpk); - user.setIsusernamepasswordallowed(false); - user.setIsmandateuser(false); - user.setPVPGenerated(true); - - //loop through the nodes to get what we want - List attributeStatements = saml2assertion.getAttributeStatements(); - for (int i = 0; i < attributeStatements.size(); i++) - { - List attributes = attributeStatements.get(i).getAttributes(); - for (int x = 0; x < attributes.size(); x++) - { - String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); - - if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) { - user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) { - user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) { - user.setIsmandateuser(true); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) { - user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - } - } - - //create AuthUser data element - authUser = AuthenticatedUser.generateUserRequestUser(user, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - //set Random value - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_FORM, user); - session.setAttribute(Constants.SESSION_AUTH, authUser); - - - return Constants.STRUTS_NEWUSER; - - } else { - if (!dbuser.isIsActive()) { - - if (!dbuser.isIsMailAddressVerified()) { - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - user = new UserDatabaseFrom(dbuser); - authUser = new AuthenticatedUser(dbuser, - false, - dbuser.isIsMandateUser(), - true, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - session.setAttribute(Constants.SESSION_FORM, user); - session.setAttribute(Constants.SESSION_AUTH, authUser); - - return Constants.STRUTS_NEWUSER; - - } - - log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); - addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request)); - return Constants.STRUTS_ERROR; - } - - //TODO: maybe remove this default value in a later version - boolean ismandateuser = false; - if (dbuser.isIsMandateUser() != null) - ismandateuser = dbuser.isIsMandateUser(); - - authUser = new AuthenticatedUser(dbuser, true, - ismandateuser, - true, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - if (date != null) - authUser.setLastLogin(date);; - - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - } catch (MOADatabaseException e) { - log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - finally { - } - - HttpSession newsession = generateNewJSession(request); - newsession.setAttribute(Constants.SESSION_AUTH, authUser); - return Constants.STRUTS_SUCCESS; - - } - } - - log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - - } else { - log.info("Receive Error Assertion."); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - - } catch (Exception e) { - log.warn("An internal error occurs.", e); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - } - - } else { - log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - } - } - - public String requestNewUser() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (session == null) { - log.warn("No active Session found"); - return Constants.STRUTS_ERROR; - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); - if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { - UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - authUser = (AuthenticatedUser) authUserObj; - - if (user == null) { - log.warn("No form transmited"); - return Constants.STRUTS_ERROR; - } - - //get UserID - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - String check; - if (!sessionform.isIsmandateuser()) { - check = user.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Organisation is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); - } - } - - check = user.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Mailaddress is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); - } - - check = user.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validatePhoneNumber(check)) { - log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Phonenumber is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); - } - - if (hasActionErrors()) { - log.info("Some form errors found. Send user back to form"); - - user.setPVPGenerated(true); - user.setFamilyName(sessionform.getFamilyName()); - user.setGivenName(sessionform.getGivenName()); - user.setIsmandateuser(sessionform.isIsmandateuser()); - user.setBpk(sessionform.getBpk()); - - if (sessionform.isIsmandateuser()) - user.setInstitut(sessionform.getInstitut()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_NEWUSER; - } - - UserDatabase dbuser; - - if (userID < 0) { - dbuser = new UserDatabase(); - dbuser.setBpk(sessionform.getBpk()); - dbuser.setFamilyname(sessionform.getFamilyName()); - dbuser.setGivenname(sessionform.getGivenName()); - - if (sessionform.isIsmandateuser()) - dbuser.setInstitut(sessionform.getInstitut()); - else - dbuser.setInstitut(user.getInstitut()); - - dbuser.setIsPVP2Generated(true); - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - dbuser.setIsActive(false); - dbuser.setIsAdmin(false); - dbuser.setIsMandateUser(sessionform.isIsmandateuser()); - dbuser.setIsUsernamePasswordAllowed(false); - - } else - dbuser = configuration.getUserManagement().getUserWithID(userID); - - dbuser.setMail(user.getMail()); - dbuser.setPhone(user.getPhone()); - dbuser.setIsAdminRequest(true); - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - MailHelper.sendUserMailAddressVerification(dbuser); - - } catch (MOADatabaseException e) { - log.warn("New UserRequest can not be stored in database", e); - return Constants.STRUTS_ERROR; - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send", request)); - return Constants.STRUTS_NEWUSER; - } - - finally { - session.setAttribute(Constants.SESSION_FORM, null); - session.setAttribute(Constants.SESSION_AUTH, null); - } - - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); - - session.invalidate(); - - return Constants.STRUTS_SUCCESS; - - } else { - log.warn("No SessionForm found"); - return Constants.STRUTS_ERROR; - } - - } - - public String mailAddressVerification() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); - if (MiscUtil.isNotEmpty(userrequesttokken)) { - - userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); - - try { - Long.parseLong(userrequesttokken); - - } catch (NumberFormatException e) { - log.warn("Verificationtokken has no number format."); - return Constants.STRUTS_ERROR; - } - - UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken); - if (dbuser != null) { - dbuser.setUserRequestTokken(null); - dbuser.setIsMailAddressVerified(true); - - if (dbuser.isIsActive()) - dbuser.setIsAdminRequest(false); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - int numoas = 0; - int numusers = 0; - - List openOAs = configuration.getDbRead().getAllNewOnlineApplications(); - if (openOAs != null) - numoas = openOAs.size(); - - List openUsers = configuration.getUserManagement().getAllNewUsers(); - if (openUsers != null) - numusers = openUsers.size(); - - if (numusers > 0 || numoas > 0) - MailHelper.sendAdminMail(numoas, numusers); - - } catch (MOADatabaseException e) { - log.warn("Userinformation can not be stored in Database.", e); - addActionError(LanguageHelper.getErrorString("error.mail.verification", request)); - - } catch (ConfigurationException e) { - log.warn("Send mail to admin failed.", e); - } - - finally { - } - - addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request)); - return Constants.STRUTS_SUCCESS; - } - } - - return Constants.STRUTS_ERROR; - } - - public String logout() { - HttpSession session = request.getSession(false); - - if (session != null) { - if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOSUCCESS))) - addActionMessage((String)session.getAttribute(Constants.SESSION_SLOSUCCESS)); - - if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOERROR))) - addActionError((String)session.getAttribute(Constants.SESSION_SLOERROR)); - - session.invalidate(); - - } - - return Constants.STRUTS_SUCCESS; - } - - private HttpSession generateNewJSession(HttpServletRequest request) { - HttpSession session = request.getSession(false); - - if (session != null) { - - HashMap attributes = new HashMap(); - - Enumeration enames = session.getAttributeNames(); - while (enames.hasMoreElements()) { - String name = enames.nextElement(); - if (!name.equals("JSESSIONID")) - attributes.put(name, session.getAttribute( name)); - } - session.invalidate(); - - session = request.getSession(true); - for (Entry et : attributes.entrySet()) - session.setAttribute( et.getKey(), et.getValue()); - - } else - session = request.getSession(true); - - return session; - } - - /** - * @return the password - */ - public String getPassword() { - return password; - } - - /** - * @param password the password to set - */ - public void setPassword(String password) { - this.password = password; - } - - /** - * @return the username - */ - public String getUsername() { - return username; - } - - /** - * @param username the username to set - */ - public void setUsername(String username) { - this.username = username; - } - - /** - * @return the user - */ - public UserDatabaseFrom getUser() { - return user; - } - - /** - * @param user the user to set - */ - public void setUser(UserDatabaseFrom user) { - this.user = user; - } - - /** - * @return the ssologouturl - */ - public String getSsologouturl() { - return ssologouturl; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - /** - * @return the pvp2LoginActiv - */ - public boolean isPvp2LoginActiv() { - return pvp2LoginActiv; - } - - + + /** + * @throws ConfigurationException + */ + + private static final long serialVersionUID = -2781497863862504896L; + + private String password; + private String username; + private UserDatabaseFrom user = null; + private String formID; + + private String ssologouturl; + + private boolean pvp2LoginActiv = false; + + public IndexAction() throws BasicActionException { + super(); + } + + public String start() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + if (session.getAttribute(Constants.SESSION_I18n) == null) { + session.setAttribute(Constants.SESSION_I18n, + Locale.forLanguageTag(configuration.getDefaultLanguage())); + } + + if (configuration.isLoginDeaktivated()) { + return "loginWithOutAuth"; + + } else { + return Constants.STRUTS_SUCCESS; + + } + } + + public String authenticate() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + String key = null; + + if (MiscUtil.isNotEmpty(username)) { + if (ValidationHelper.containsNotValidCharacter(username, false)) { + log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username)); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("Username is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + return Constants.STRUTS_ERROR; + } + + if (MiscUtil.isEmpty(password)) { + log.warn("Password is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + return Constants.STRUTS_ERROR; + + } else { + key = AuthenticationHelper.generateKeyFormPassword(password); + if (key == null) { + addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); + return Constants.STRUTS_ERROR; + } + } + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username); + if (dbuser == null) { + log.warn("Unknown Username"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + + } else { + // TODO: maybe remove this default value in a later version + if (dbuser.isIsUsernamePasswordAllowed() == null) { + dbuser.setIsUsernamePasswordAllowed(true); + } + + if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + + " is not active or Username/Password login is not allowed"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + if (!dbuser.getPassword().equals(key)) { + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + // TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) { + ismandateuser = dbuser.isIsMandateUser(); + } + + final int sessionTimeOut = session.getMaxInactiveInterval(); + final Date sessionExpired = new Date(new Date().getTime() + + sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS); + + final AuthenticatedUser authuser = new AuthenticatedUser(dbuser, + true, + ismandateuser, + false, + dbuser.getHjid() + "dbID", + "username/password", + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authuser); + + final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) { + authuser.setLastLogin(date); + } + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } finally { + } + + final HttpSession session = generateNewJSession(request); + session.setAttribute(Constants.SESSION_AUTH, authuser); + + return Constants.STRUTS_SUCCESS; + } + } + + public String pvp2login() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final String method = request.getMethod(); + if (session == null) { + log.info("NO HTTP Session"); + return Constants.STRUTS_ERROR; + } + + final String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); + session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); + + if (method.equals("POST")) { + + try { + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + // Decode with HttpPost Binding + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + final Response samlResponse = (Response) messageContext.getInboundMessage(); + + // ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(authID)) { + log.info("NO AuthRequestID"); + return Constants.STRUTS_ERROR; + } + + if (!authID.equals(samlResponse.getInResponseTo())) { + log.warn("PVPRequestID does not match PVP2 Assertion ID!"); + return Constants.STRUTS_ERROR; + + } + + // check response destination + String serviceURL = configuration.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = samlResponse.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { + log.warn("PVPResponse destination does not match requested destination"); + return Constants.STRUTS_ERROR; + } + + // check if response is signed + final Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } + + // validate signature + PVP2Utils.validateSignature(samlResponse, configuration); + + log.info("PVP2 Assertion is valid"); + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + List saml2assertions = + new ArrayList<>(); + + // check encrypted Assertion + final List encryAssertionList = samlResponse.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + // decrypt assertions + + log.debug("Found encryped assertion. Start decryption ..."); + + final KeyStore keyStore = configuration.getPVP2KeyStore(); + + final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( + keyStore, + configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + + final StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver()); + + final Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (final EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + log.debug("Assertion decryption finished. "); + + } else { + saml2assertions = samlResponse.getAssertions(); + + } + + for (final org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + final Conditions conditions = saml2assertion.getConditions(); + final DateTime notbefore = conditions.getNotBefore(); + final DateTime notafter = conditions.getNotOnOrAfter(); + if (notbefore.isAfterNow() || notafter.isBeforeNow()) { + log.warn("PVP2 Assertion is out of Date"); + return Constants.STRUTS_ERROR; + + } + + final Subject subject = saml2assertion.getSubject(); + if (subject == null) { + log.warn("Assertion has no Subject element"); + return Constants.STRUTS_ERROR; + + } + + final NameID nameID = subject.getNameID(); + if (nameID == null) { + log.warn("No NameID element in PVP2 assertion!"); + return Constants.STRUTS_ERROR; + } + + final String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); + + final int sessionTimeOut = session.getMaxInactiveInterval(); + final Date sessionExpired = new Date(new Date().getTime() + + sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS); + + // search user + final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk); + if (dbuser == null) { + log.info("No user found with bpk/wbpk " + bpkwbpk); + + // read PVP2 assertion attributes; + user = new UserDatabaseFrom(); + user.setActive(false); + user.setAdmin(false); + user.setBpk(bpkwbpk); + user.setIsusernamepasswordallowed(false); + user.setIsmandateuser(false); + user.setPVPGenerated(true); + + // loop through the nodes to get what we want + final List attributeStatements = saml2assertion.getAttributeStatements(); + for (final AttributeStatement attributeStatement : attributeStatements) { + final List attributes = attributeStatement.getAttributes(); + for (final Attribute attribute : attributes) { + final String strAttributeName = attribute.getDOM().getAttribute("Name"); + + if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) { + user.setFamilyName(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) { + user.setGivenName(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) { + user.setIsmandateuser(true); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) { + user.setInstitut(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + } + } + + // create AuthUser data element + authUser = AuthenticatedUser.generateUserRequestUser(user, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + // set Random value + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } else { + if (!dbuser.isIsActive()) { + + if (!dbuser.isIsMailAddressVerified()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + user = new UserDatabaseFrom(dbuser); + authUser = new AuthenticatedUser(dbuser, + false, + dbuser.isIsMandateUser(), + true, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } + + log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); + addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request)); + return Constants.STRUTS_ERROR; + } + + // TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) { + ismandateuser = dbuser.isIsMandateUser(); + } + + authUser = new AuthenticatedUser(dbuser, true, + ismandateuser, + true, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) { + authUser.setLastLogin(date); + } + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } finally { + } + + final HttpSession newsession = generateNewJSession(request); + newsession.setAttribute(Constants.SESSION_AUTH, authUser); + return Constants.STRUTS_SUCCESS; + + } + } + + log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + + } else { + log.info("Receive Error Assertion."); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } + + } catch (final Exception e) { + log.warn("An internal error occurs.", e); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + } + + } else { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + } + } + + public String requestNewUser() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (session == null) { + log.warn("No active Session found"); + return Constants.STRUTS_ERROR; + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); + if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { + final UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; + + final Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (user == null) { + log.warn("No form transmited"); + return Constants.STRUTS_ERROR; + } + + // get UserID + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + String check; + if (!sessionform.isIsmandateuser()) { + check = user.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml( + check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Organisation is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); + } + } + + check = user.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Mailaddress is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); + } + + check = user.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Phonenumber is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); + } + + if (hasActionErrors()) { + log.info("Some form errors found. Send user back to form"); + + user.setPVPGenerated(true); + user.setFamilyName(sessionform.getFamilyName()); + user.setGivenName(sessionform.getGivenName()); + user.setIsmandateuser(sessionform.isIsmandateuser()); + user.setBpk(sessionform.getBpk()); + + if (sessionform.isIsmandateuser()) { + user.setInstitut(sessionform.getInstitut()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NEWUSER; + } + + UserDatabase dbuser; + + if (userID < 0) { + dbuser = new UserDatabase(); + dbuser.setBpk(sessionform.getBpk()); + dbuser.setFamilyname(sessionform.getFamilyName()); + dbuser.setGivenname(sessionform.getGivenName()); + + if (sessionform.isIsmandateuser()) { + dbuser.setInstitut(sessionform.getInstitut()); + } else { + dbuser.setInstitut(user.getInstitut()); + } + + dbuser.setIsPVP2Generated(true); + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + dbuser.setIsActive(false); + dbuser.setIsAdmin(false); + dbuser.setIsMandateUser(sessionform.isIsmandateuser()); + dbuser.setIsUsernamePasswordAllowed(false); + + } else { + dbuser = configuration.getUserManagement().getUserWithID(userID); + } + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + dbuser.setIsAdminRequest(true); + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("New UserRequest can not be stored in database", e); + return Constants.STRUTS_ERROR; + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); + return Constants.STRUTS_NEWUSER; + } + + finally { + session.setAttribute(Constants.SESSION_FORM, null); + session.setAttribute(Constants.SESSION_AUTH, null); + } + + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); + + session.invalidate(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("No SessionForm found"); + return Constants.STRUTS_ERROR; + } + + } + + public String mailAddressVerification() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); + if (MiscUtil.isNotEmpty(userrequesttokken)) { + + userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); + + try { + Long.parseLong(userrequesttokken); + + } catch (final NumberFormatException e) { + log.warn("Verificationtokken has no number format."); + return Constants.STRUTS_ERROR; + } + + final UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken); + if (dbuser != null) { + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(true); + + if (dbuser.isIsActive()) { + dbuser.setIsAdminRequest(false); + } + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + int numoas = 0; + int numusers = 0; + + final List openOAs = configuration.getDbRead().getAllNewOnlineApplications(); + if (openOAs != null) { + numoas = openOAs.size(); + } + + final List openUsers = configuration.getUserManagement().getAllNewUsers(); + if (openUsers != null) { + numusers = openUsers.size(); + } + + if (numusers > 0 || numoas > 0) { + MailHelper.sendAdminMail(numoas, numusers); + } + + } catch (final MOADatabaseException e) { + log.warn("Userinformation can not be stored in Database.", e); + addActionError(LanguageHelper.getErrorString("error.mail.verification", request)); + + } catch (final ConfigurationException e) { + log.warn("Send mail to admin failed.", e); + } + + finally { + } + + addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request)); + return Constants.STRUTS_SUCCESS; + } + } + + return Constants.STRUTS_ERROR; + } + + public String logout() { + final HttpSession session = request.getSession(false); + + if (session != null) { + if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOSUCCESS))) { + addActionMessage((String) session.getAttribute(Constants.SESSION_SLOSUCCESS)); + } + + if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOERROR))) { + addActionError((String) session.getAttribute(Constants.SESSION_SLOERROR)); + } + + session.invalidate(); + + } + + return Constants.STRUTS_SUCCESS; + } + + private HttpSession generateNewJSession(HttpServletRequest request) { + HttpSession session = request.getSession(false); + + if (session != null) { + + final HashMap attributes = new HashMap<>(); + + final Enumeration enames = session.getAttributeNames(); + while (enames.hasMoreElements()) { + final String name = enames.nextElement(); + if (!name.equals("JSESSIONID")) { + attributes.put(name, session.getAttribute(name)); + } + } + session.invalidate(); + + session = request.getSession(true); + for (final Entry et : attributes.entrySet()) { + session.setAttribute(et.getKey(), et.getValue()); + } + + } else { + session = request.getSession(true); + } + + return session; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the ssologouturl + */ + public String getSsologouturl() { + return ssologouturl; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + + /** + * @return the pvp2LoginActiv + */ + public boolean isPvp2LoginActiv() { + return pvp2LoginActiv; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 180f32235..3918dfc16 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; @@ -46,438 +44,444 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class InterfederationIDPAction extends BasicOAAction { - private static final Logger log = Logger.getLogger(InterfederationIDPAction.class); - private static final long serialVersionUID = 2879192135387083131L; - - public static final String STRUTS_IDP_VIDP = "-VIDP"; - public static final String STRUTS_IDP_MOA = "-MOAIDP"; - public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY"; - - private List formOAs; - - private String interfederationType; - - public InterfederationIDPAction() { - super(); - - } - - public String listAllIDPs() { - try { - populateBasicInformations(); - - if (authUser.isAdmin()) { - List dbOAs = configuration.getDbRead().getAllOnlineApplications(); - - if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - return Constants.STRUTS_SUCCESS; - - } else { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String newIDP() { - log.debug("insert new interfederation IDP"); - - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - populateBasicNewOnlineApplicationInformation(); - - if (STRUTS_IDP_MOA.equals(interfederationType)) { - formList.putAll(MOAIDPAction.buildMOAIDPFormList()); - - } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) { - formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); - - } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { - formList.putAll(VIDPAction.buildVIDPFormList()); - getStorkOA().setVidpEnabled(true); - getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); - - } else { - log.warn("Unkown interfederation IDP type"); - addActionError("Unkown interfederation IDP type"); - return Constants.STRUTS_ERROR; - } - - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - - return Constants.STRUTS_OA_EDIT + interfederationType; - - } - - public String loadIDPInformation() { - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - OnlineApplication oa = populateOnlineApplicationFromRequest(); - - if (oa.isIsInterfederationIDP() != null - && oa.isIsInterfederationIDP()) { - - formList.putAll(MOAIDPAction.buildMOAIDPFormList()); - interfederationType = STRUTS_IDP_MOA; - - } else if (oa.getAuthComponentOA().getOASTORK() != null - && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { - - formList.putAll(VIDPAction.buildVIDPFormList()); - if (getStorkOA().getAttributeProviderPlugins() == null || - getStorkOA().getAttributeProviderPlugins().size() == 0) - getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); - interfederationType = STRUTS_IDP_VIDP; - - } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) { - formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); - interfederationType = STRUTS_IDP_GATEWAY; - - } else { - log.warn("Requested application is not an interfederation IDP."); - return Constants.STRUTS_NOTALLOWED; - } - - parseOAToForm(oa); - return Constants.STRUTS_SUCCESS + interfederationType; - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String saveIDP() { - - OnlineApplication onlineapplication= null; - - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - onlineapplication = preProcessSaveOnlineApplication(); - - if ( onlineapplication != null && - !((onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()) || - (onlineapplication.isIsInterfederationGateway() != null && onlineapplication.isIsInterfederationGateway()) || - (onlineapplication.getAuthComponentOA().getOASTORK() != null - && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { - log.warn("IDP which should be stored is not of type interfederation IDP."); - addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); - return Constants.STRUTS_ERROR; - - } - - List errors = new ArrayList(); - - //validate forms - for (IOnlineApplicationData form : formList.values()) - errors.addAll(form.validate(getGeneralOA(), authUser, request)); - - - if (getPvp2OA() != null) { - boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL()); - if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { - log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice", - new Object[] {getPvp2OA().getMetaDataURL()}, request )); - getGeneralOA().setBusinessService(true); - - } - } - - - if (errors.size() > 0) { - log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication, - !(this instanceof MOAIDPAction)); - - //set default Target interfederated nameID caluclation - if (getPvp2OA() != null) { - if (getGeneralOA().isBusinessService()) { - IdentificationNumber businessID = onlineapplication.getAuthComponentOA().getIdentificationNumber(); - if (businessID == null) { - businessID = new IdentificationNumber(); - onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); - } - businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); - } else - onlineapplication.setTarget("MOA-IDP"); - - try { - save(onlineapplication); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - } - } - } - - //remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), request)); - return Constants.STRUTS_SUCCESS; - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String cancleAndBackIDP() { - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - session.setAttribute(Constants.SESSION_OAID, null); - addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), request)); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String deleteIDP() { - String oaidentifier = null; - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - oaidentifier = preProcessDeleteOnlineApplication(); - - session.setAttribute(Constants.SESSION_OAID, null); - OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); - + + private static final long serialVersionUID = 2879192135387083131L; + + public static final String STRUTS_IDP_VIDP = "-VIDP"; + public static final String STRUTS_IDP_MOA = "-MOAIDP"; + public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY"; + + private List formOAs; + + private String interfederationType; + + public InterfederationIDPAction() { + super(); + + } + + public String listAllIDPs() { + try { + populateBasicInformations(); + + if (authUser.isAdmin()) { + final List dbOAs = configuration.getDbRead().getAllOnlineApplications(); + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String newIDP() { + log.debug("insert new interfederation IDP"); + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + populateBasicNewOnlineApplicationInformation(); + + if (STRUTS_IDP_MOA.equals(interfederationType)) { + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + + } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) { + formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); + + } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { + formList.putAll(VIDPAction.buildVIDPFormList()); + getStorkOA().setVidpEnabled(true); + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + + } else { + log.warn("Unkown interfederation IDP type"); + addActionError("Unkown interfederation IDP type"); + return Constants.STRUTS_ERROR; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + + return Constants.STRUTS_OA_EDIT + interfederationType; + + } + + public String loadIDPInformation() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + final OnlineApplication oa = populateOnlineApplicationFromRequest(); + + if (oa.isIsInterfederationIDP() != null + && oa.isIsInterfederationIDP()) { + + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + interfederationType = STRUTS_IDP_MOA; + + } else if (oa.getAuthComponentOA().getOASTORK() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + + formList.putAll(VIDPAction.buildVIDPFormList()); + if (getStorkOA().getAttributeProviderPlugins() == null || + getStorkOA().getAttributeProviderPlugins().size() == 0) { + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + } + interfederationType = STRUTS_IDP_VIDP; + + } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) { + formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); + interfederationType = STRUTS_IDP_GATEWAY; + + } else { + log.warn("Requested application is not an interfederation IDP."); + return Constants.STRUTS_NOTALLOWED; + } + + parseOAToForm(oa); + return Constants.STRUTS_SUCCESS + interfederationType; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String saveIDP() { + + OnlineApplication onlineapplication = null; + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + onlineapplication = preProcessSaveOnlineApplication(); + + if (onlineapplication != null && + !(onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP() + || + onlineapplication.isIsInterfederationGateway() != null && onlineapplication + .isIsInterfederationGateway() || + onlineapplication.getAuthComponentOA().getOASTORK() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled())) { + log.warn("IDP which should be stored is not of type interfederation IDP."); + addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); + return Constants.STRUTS_ERROR; + + } + + final List errors = new ArrayList<>(); + + // validate forms + for (final IOnlineApplicationData form : formList.values()) { + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + } + + if (getPvp2OA() != null) { + final boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA() + .getMetaDataURL()); + if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { + log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); + errors.add(LanguageHelper.getErrorString( + "validation.interfederation.moaidp.metadataurl.publicservice", + new Object[] { getPvp2OA().getMetaDataURL() }, request)); + getGeneralOA().setBusinessService(true); + + } + } + + if (errors.size() > 0) { + log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); + for (final String el : errors) { + addActionError(el); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, + !(this instanceof MOAIDPAction)); + + // set default Target interfederated nameID caluclation + if (getPvp2OA() != null) { + if (getGeneralOA().isBusinessService()) { + IdentificationNumber businessID = onlineapplication.getAuthComponentOA() + .getIdentificationNumber(); + if (businessID == null) { + businessID = new IdentificationNumber(); + onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); + } + businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); + } else { + onlineapplication.setTarget("MOA-IDP"); + } + + try { + save(onlineapplication); + + } catch (final MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + } + } + + // remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), + request)); + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String cancleAndBackIDP() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + session.setAttribute(Constants.SESSION_OAID, null); + addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), + request)); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String deleteIDP() { + String oaidentifier = null; + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + oaidentifier = preProcessDeleteOnlineApplication(); + + session.setAttribute(Constants.SESSION_OAID, null); + final OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication( + oaidentifier); + // try { // if (onlineapplication.getAuthComponentOA().getOAPVP2() != null && // MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { // MOAIDConfiguration moaconfig = configuration.getDbRead().getMOAIDConfiguration(); // moaconfig.setPvp2RefreshItem(new Date()); // ConfigurationDBUtils.saveOrUpdate(moaconfig); -// +// // } // } catch (Throwable e) { // log.info("Found no MetadataURL in OA-Databaseconfig!", e); // } - - if (delete(onlineapplication)) { - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - - } - - /** - * @param oa - */ - private void parseOAToForm(OnlineApplication oa) { - List errors = new ArrayList(); - for (IOnlineApplicationData form : formList.values()) { - List error = form.parse(oa, authUser, request); - if (error != null) - errors.addAll(error); - } - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - setNewOA(false); - + if (delete(onlineapplication)) { + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, + request)); + return Constants.STRUTS_SUCCESS; - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_OAID, oaid); - } - - /** - * @return the formOAs - */ - public List getFormOAs() { - return formOAs; - } - - public OAMOAIDPInterfederationConfig getMoaIDP() { - return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); - } + } else { + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } - public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { - formList.put(pvp2oa.getName(), pvp2oa); - } + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; - public PVPGatewayInterfederationConfig getPVPGateway() { - return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName()); - } - - public void setPVPGateway(PVPGatewayInterfederationConfig val) { - formList.put(val.getName(), val); - } - - /** - * @return the formOA - */ - public OATargetConfiguration getTargetConfig() { - return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); - } + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); - /** - * @param formOA the formOA to set - */ - public void setTargetConfig(OATargetConfiguration formOA) { - formList.put(formOA.getName(), formOA); - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); - } + } finally { - /** - * @param formOA the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - formList.put(formOA.getName(), formOA); - } - - public OASTORKConfig getStorkOA() { - return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); } - public void setStorkOA(OASTORKConfig storkOA) { - formList.put(storkOA.getName(), storkOA); + } + + /** + * @param oa + */ + private void parseOAToForm(OnlineApplication oa) { + final List errors = new ArrayList<>(); + for (final IOnlineApplicationData form : formList.values()) { + final List error = form.parse(oa, authUser, request); + if (error != null) { + errors.addAll(error); + } } - - - public OAAuthenticationData getAuthOA() { - return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + if (errors.size() > 0) { + for (final String el : errors) { + addActionError(el); + } } - public void setAuthOA(OAAuthenticationData generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - - /** - * @return the interfederationType - */ - public String getInterfederationType() { - return interfederationType; - } - - /** - * @param interfederationType the interfederationType to set - */ - public void setInterfederationType(String interfederationType) { - this.interfederationType = interfederationType; - } - - - + setNewOA(false); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + } + + /** + * @return the formOAs + */ + public List getFormOAs() { + return formOAs; + } + + public OAMOAIDPInterfederationConfig getMoaIDP() { + return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); + } + + public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + public PVPGatewayInterfederationConfig getPVPGateway() { + return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName()); + } + + public void setPVPGateway(PVPGatewayInterfederationConfig val) { + formList.put(val.getName(), val); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + /** + * @return the interfederationType + */ + public String getInterfederationType() { + return interfederationType; + } + + /** + * @param interfederationType the interfederationType to set + */ + public void setInterfederationType(String interfederationType) { + this.interfederationType = interfederationType; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index ca018d5b0..11be61bb6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -25,179 +25,162 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - -import com.opensymphony.xwork2.ActionSupport; - -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class ListOAsAction extends BasicAction { - - private final Logger log = Logger.getLogger(ListOAsAction.class); - - private static final long serialVersionUID = 1L; - - private List formOAs; - private String friendlyname; - - public ListOAsAction() throws ConfigurationException { + + private static final long serialVersionUID = 1L; + + private List formOAs; + private String friendlyname; + + public ListOAsAction() throws ConfigurationException { // configuration = ConfigurationProvider.getInstance(); - } - - - public String listAllOnlineAppliactions() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - List dbOAs = null; - - if (authUser.isAdmin()) { - dbOAs = configuration.getDbRead().getAllOnlineApplications(); - - } else { - UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - - if (authUserDB != null) { - for (String el : authUserDB.getOnlineApplication()) { - dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el))); - - } - } - } - - if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - - return Constants.STRUTS_SUCCESS; - } - - public String searchOAInit() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - formOAs = null; - friendlyname = ""; - - return Constants.STRUTS_SUCCESS; - - } - - public String searchOA() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (MiscUtil.isEmpty(friendlyname)) { - log.info("SearchOA textfield is empty"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - return Constants.STRUTS_SUCCESS; - - } else { - if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) { - log.warn("SearchOA textfield contains potential XSS characters"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request)); - return Constants.STRUTS_SUCCESS; - } - } - - List dbOAs = null; - - if (authUser.isAdmin()) { - dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname); - - } else { - UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (authUserDB != null) { - List alldbOAs = authUserDB.getOnlineApplication(); - - dbOAs = new ArrayList(); - - for (String el : alldbOAs) { - OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el)); - - if (oa.getPublicURLPrefix() - .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) - dbOAs.add(oa); - } - } - } - - if (dbOAs == null || dbOAs.size() == 0) { - log.debug("No IDPs found with Identifier " + friendlyname); - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - - } - - - return Constants.STRUTS_SUCCESS; - } - - /** - * @return the formOAs - */ - public List getFormOAs() { - return formOAs; - } - - - /** - * @return the friendlyname - */ - public String getFriendlyname() { - return friendlyname; - } - - - /** - * @param friendlyname the friendlyname to set - */ - public void setFriendlyname(String friendlyname) { - this.friendlyname = friendlyname; - } - - + } + + public String listAllOnlineAppliactions() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + List dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = configuration.getDbRead().getAllOnlineApplications(); + + } else { + final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (authUserDB != null) { + for (final String el : authUserDB.getOnlineApplication()) { + dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el))); + + } + } + } + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + return Constants.STRUTS_SUCCESS; + } + + public String searchOAInit() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + formOAs = null; + friendlyname = ""; + + return Constants.STRUTS_SUCCESS; + + } + + public String searchOA() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (MiscUtil.isEmpty(friendlyname)) { + log.info("SearchOA textfield is empty"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + return Constants.STRUTS_SUCCESS; + + } else { + if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) { + log.warn("SearchOA textfield contains potential XSS characters"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + return Constants.STRUTS_SUCCESS; + } + } + + List dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname); + + } else { + final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (authUserDB != null) { + final List alldbOAs = authUserDB.getOnlineApplication(); + + dbOAs = new ArrayList<>(); + + for (final String el : alldbOAs) { + final OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el)); + + if (oa.getPublicURLPrefix() + .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) { + dbOAs.add(oa); + } + } + } + } + + if (dbOAs == null || dbOAs.size() == 0) { + log.debug("No IDPs found with Identifier " + friendlyname); + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + + } + + return Constants.STRUTS_SUCCESS; + } + + /** + * @return the formOAs + */ + public List getFormOAs() { + return formOAs; + } + + /** + * @return the friendlyname + */ + public String getFriendlyname() { + return friendlyname; + } + + /** + * @param friendlyname the friendlyname to set + */ + public void setFriendlyname(String friendlyname) { + this.friendlyname = friendlyname; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java index 8c04a382a..ce3af689d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java @@ -34,26 +34,25 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; */ public class MOAIDPAction extends InterfederationIDPAction { - private static final long serialVersionUID = -2047128481980413334L; - - public MOAIDPAction() { - super(); - formList.putAll(buildMOAIDPFormList()); - } - - public static LinkedHashMap buildMOAIDPFormList() { - - LinkedHashMap forms = - new LinkedHashMap(); - - - OAPVP2Config pvp2OA = new OAPVP2Config(); - forms.put(pvp2OA.getName(), pvp2OA); - - OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); - forms.put(moaidp.getName(), moaidp); - - return forms; - } + private static final long serialVersionUID = -2047128481980413334L; + + public MOAIDPAction() { + super(); + formList.putAll(buildMOAIDPFormList()); + } + + public static LinkedHashMap buildMOAIDPFormList() { + + final LinkedHashMap forms = + new LinkedHashMap<>(); + + final OAPVP2Config pvp2OA = new OAPVP2Config(); + forms.put(pvp2OA.getName(), pvp2OA); + + final OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); + forms.put(moaidp.getName(), moaidp); + + return forms; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index ea6f17fc7..785eb583a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -22,41 +22,41 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MainAction extends BasicAction { - - private static final long serialVersionUID = 221178766809263908L; - - private static final Logger log = Logger.getLogger(MainAction.class); - - public String changeLanguage() { - - return Constants.STRUTS_SUCCESS; - } - - public String generateMainFrame() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (hasActionMessages()) - setActionMessages(getActionMessages()); - - if (hasActionErrors()) - setActionErrors(getActionErrors()); - - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - return Constants.STRUTS_SUCCESS; - } - + + private static final long serialVersionUID = 221178766809263908L; + + public String changeLanguage() { + + return Constants.STRUTS_SUCCESS; + } + + public String generateMainFrame() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (hasActionMessages()) { + setActionMessages(getActionMessages()); + } + + if (hasActionErrors()) { + setActionErrors(getActionErrors()); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + return Constants.STRUTS_SUCCESS; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java index 26d4e13ab..e1965e951 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -24,81 +24,68 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; +import lombok.extern.slf4j.Slf4j; -import com.opensymphony.xwork2.ActionSupport; - +@Slf4j public class OpenAdminRequestsAction extends BasicAction { - - private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class); - - private static final long serialVersionUID = 1L; - - private List formOAs = null; - private List userlist = null; - - - public String init() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - List dbOAs = configuration.getDbRead().getAllNewOnlineApplications(); - if (dbOAs != null) { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - } - - List dbUsers = configuration.getUserManagement().getAllNewUsers(); - if (dbUsers != null){ - userlist = FormDataHelper.addFormUsers(dbUsers); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); - - return Constants.STRUTS_SUCCESS; - } else { - log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); - return Constants.STRUTS_NOTALLOWED; - } - - } - - - /** - * @return the formOAs - */ - public List getFormOAs() { - return formOAs; - } - - - /** - * @return the userlist - */ - public List getUserlist() { - return userlist; - } - + + private static final long serialVersionUID = 1L; + + private List formOAs = null; + private List userlist = null; + + public String init() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + final List dbOAs = configuration.getDbRead().getAllNewOnlineApplications(); + if (dbOAs != null) { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + } + + final List dbUsers = configuration.getUserManagement().getAllNewUsers(); + if (dbUsers != null) { + userlist = FormDataHelper.addFormUsers(dbUsers); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); + return Constants.STRUTS_NOTALLOWED; + } + + } + + /** + * @return the formOAs + */ + public List getFormOAs() { + return formOAs; + } + + /** + * @return the userlist + */ + public List getUserlist() { + return userlist; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 26afb0205..6a60b6816 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -26,14 +26,6 @@ import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -49,564 +41,570 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; -import com.opensymphony.xwork2.ActionSupport; - +@Slf4j public class UserManagementAction extends BasicAction { - - private static final Logger log = Logger.getLogger(UserManagementAction.class); - - private static final long serialVersionUID = 1L; - - private List userlist = null; - private UserDatabaseFrom user = null; - - private String useridobj = null; - private static boolean newUser = false; - private InputStream stream; - private String nextPage; - private String formID; - - public String init() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - if (authUser.isAdmin()) { - - log.info("Show NewserRequests"); - - log.info("Show UserList"); - - List dbuserlist = configuration.getUserManagement().getAllUsers(); - - if (dbuserlist != null) { - userlist = FormDataHelper.addFormUsers(dbuserlist); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (dbuser == null) { - return Constants.STRUTS_REAUTHENTICATE; - } - user = new UserDatabaseFrom(dbuser); - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_NOTALLOWED; - } - } - - public String createuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - - if (authUser.isAdmin()) { - - user = new UserDatabaseFrom(); - - newUser = true; - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_SUCCESS; - - } else { - return Constants.STRUTS_NOTALLOWED; - } - } - - public String edituser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - if (authUser.isAdmin()) { - long userid = -1; - - if (!ValidationHelper.validateOAID(useridobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - userid = Long.valueOf(useridobj); - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid); - if (dbuser == null) { - log.info("No User with ID " + userid + " in Database");; - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - user = new UserDatabaseFrom(dbuser); - - newUser = false; - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - user = new UserDatabaseFrom(dbuser); - return Constants.STRUTS_SUCCESS; - } - } - - public String saveuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); - - if( dbuser == null) { - dbuser = new UserDatabase(); - dbuser.setIsMandateUser(false); - dbuser.setIsAdminRequest(false); - dbuser.setIsPVP2Generated(false); - dbuser.setUserRequestTokken(null); - dbuser.setIsMailAddressVerified(false); - dbuser.setUsername(user.getUsername()); - } - - List errors; - UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); - - boolean ispvp2 = false; - boolean ismandate = false; - if (dbuser.isIsPVP2Generated() != null) - ispvp2 = dbuser.isIsPVP2Generated(); - - if (dbuser.isIsMandateUser() != null) - ismandate = dbuser.isIsMandateUser(); - - errors = validator.validate(user, userID, ispvp2, ismandate, request); - - if (errors.size() > 0) { - log.info("UserDataForm has some erros."); - for (String el : errors) - addActionError(el); - user.setPassword(""); - - if (MiscUtil.isEmpty(user.getUsername())) - newUser = true; - - user.setIsmandateuser(ismandate); - user.setPVPGenerated(ispvp2); - if (dbuser.isIsUsernamePasswordAllowed() != null) - user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - } - - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - } - - if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - MailHelper.sendUserMailAddressVerification(dbuser); - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send", request)); - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - - if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && - user.isActive()) { - dbuser.setIsAdminRequest(false); - try { - if (dbuser.isIsMandateUser()) - MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), - dbuser.getInstitut(), user.getMail()); - else - MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), - null, user.getMail()); - - } catch (ConfigurationException e) { - log.warn("Send UserAccountActivation mail failed", e); - } - } - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - String error = saveFormToDB(dbuser); - - if (error != null) { - log.warn("UserData can not be stored in Database"); - addActionError(error); - return Constants.STRUTS_SUCCESS; - } - - return Constants.STRUTS_SUCCESS; - } - - public String deleteuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); - if (dbuser != null) { - dbuser.setOaIDs(null); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - configuration.getUserManagement().delete(dbuser); - - if (authUser.isAdmin()) { - MailHelper.sendUserAccountRevocationMail(dbuser); - } - - if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) { - return Constants.STRUTS_REAUTHENTICATE; - } - - } catch (MOADatabaseException e) { - log.warn("UserData can not be deleted from Database", e); - addActionError(e.getMessage()); - return Constants.STRUTS_SUCCESS; - - } catch (ConfigurationException e) { - log.warn("Information mail sending failed.", e); - addActionError(e.getMessage()); - return Constants.STRUTS_SUCCESS; - } - - finally { - } - } - - - return Constants.STRUTS_SUCCESS; - } - - public String sendVerificationMail () { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String message = LanguageHelper.getErrorString("error.mail.send", request); - - if (authUser != null) { - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - - if (dbuser != null) { - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - MailHelper.sendUserMailAddressVerification(dbuser); - - message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - message = LanguageHelper.getErrorString("error.mail.send", request); - - } catch (MOADatabaseException e) { - log.warn("Access UserInformationDatabase failed.", e); - } - } - } - - stream = new ByteArrayInputStream(message.getBytes()); - - return SUCCESS; - } - - private String saveFormToDB(UserDatabase dbuser) { - - dbuser.setMail(user.getMail()); - dbuser.setPhone(user.getPhone()); - - if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { - dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); - - if (authUser.isAdmin()) { - dbuser.setIsActive(user.isActive()); - dbuser.setIsAdmin(user.isAdmin()); - - } - } - - if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { - dbuser.setFamilyname(user.getFamilyName()); - dbuser.setGivenname(user.getGivenName()); - dbuser.setInstitut(user.getInstitut()); - - if (authUser.isAdmin()) { - dbuser.setBpk(user.getBpk()); - if ( user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_FN) || - user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_ZVR) || - user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { - dbuser.setIsMandateUser(true); - } - } - - } else { - if (!dbuser.isIsMandateUser()) - dbuser.setInstitut(user.getInstitut()); - } - - if (dbuser.isIsUsernamePasswordAllowed()) { - - if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) - dbuser.setUsername(user.getUsername()); - - if (MiscUtil.isNotEmpty(user.getPassword())) { - String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); - if (key == null) { - return LanguageHelper.getErrorString("errors.edit.user.save", request); - } - dbuser.setPassword(key); - } - } - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - } catch (MOADatabaseException e) { - log.warn("User information can not be stored in Database.", e); - return LanguageHelper.getErrorString("errors.edit.user.save", request); - } - - return null; - } - - - /** - * @return the userlist - */ - public List getUserlist() { - return userlist; - } - - /** - * @param userlist the userlist to set - */ - public void setUserlist(List userlist) { - this.userlist = userlist; - } - - /** - * @return the user - */ - public UserDatabaseFrom getUser() { - return user; - } - - /** - * @param user the user to set - */ - public void setUser(UserDatabaseFrom user) { - this.user = user; - } - - /** - * @return the useridobj - */ - public String getUseridobj() { - return useridobj; - } - - /** - * @param useridobj the useridobj to set - */ - public void setUseridobj(String useridobj) { - this.useridobj = useridobj; - } - - /** - * @return the newUser - */ - public boolean isNewUser() { - return newUser; - } - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - + + private static final long serialVersionUID = 1L; + + private List userlist = null; + private UserDatabaseFrom user = null; + + private String useridobj = null; + private static boolean newUser = false; + private InputStream stream; + private String nextPage; + private String formID; + + public String init() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + if (authUser.isAdmin()) { + + log.info("Show NewserRequests"); + + log.info("Show UserList"); + + final List dbuserlist = configuration.getUserManagement().getAllUsers(); + + if (dbuserlist != null) { + userlist = FormDataHelper.addFormUsers(dbuserlist); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (dbuser == null) { + return Constants.STRUTS_REAUTHENTICATE; + } + user = new UserDatabaseFrom(dbuser); + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NOTALLOWED; + } + } + + public String createuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + + if (authUser.isAdmin()) { + + user = new UserDatabaseFrom(); + + newUser = true; + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; + + } else { + return Constants.STRUTS_NOTALLOWED; + } + } + + public String edituser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + if (authUser.isAdmin()) { + long userid = -1; + + if (!ValidationHelper.validateOAID(useridobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + userid = Long.valueOf(useridobj); + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid); + if (dbuser == null) { + log.info("No User with ID " + userid + " in Database"); + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + user = new UserDatabaseFrom(dbuser); + + newUser = false; + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + user = new UserDatabaseFrom(dbuser); + return Constants.STRUTS_SUCCESS; + } + } + + public String saveuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); + + if (dbuser == null) { + dbuser = new UserDatabase(); + dbuser.setIsMandateUser(false); + dbuser.setIsAdminRequest(false); + dbuser.setIsPVP2Generated(false); + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(false); + dbuser.setUsername(user.getUsername()); + } + + List errors; + final UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); + + boolean ispvp2 = false; + boolean ismandate = false; + if (dbuser.isIsPVP2Generated() != null) { + ispvp2 = dbuser.isIsPVP2Generated(); + } + + if (dbuser.isIsMandateUser() != null) { + ismandate = dbuser.isIsMandateUser(); + } + + errors = validator.validate(user, userID, ispvp2, ismandate, request); + + if (errors.size() > 0) { + log.info("UserDataForm has some erros."); + for (final String el : errors) { + addActionError(el); + } + user.setPassword(""); + + if (MiscUtil.isEmpty(user.getUsername())) { + newUser = true; + } + + user.setIsmandateuser(ismandate); + user.setPVPGenerated(ispvp2); + if (dbuser.isIsUsernamePasswordAllowed() != null) { + user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + } + + if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + MailHelper.sendUserMailAddressVerification(dbuser); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); + } + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + + if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && + user.isActive()) { + dbuser.setIsAdminRequest(false); + try { + if (dbuser.isIsMandateUser()) { + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), user.getMail()); + } else { + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + null, user.getMail()); + } + + } catch (final ConfigurationException e) { + log.warn("Send UserAccountActivation mail failed", e); + } + } + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + final String error = saveFormToDB(dbuser); + + if (error != null) { + log.warn("UserData can not be stored in Database"); + addActionError(error); + return Constants.STRUTS_SUCCESS; + } + + return Constants.STRUTS_SUCCESS; + } + + public String deleteuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); + if (dbuser != null) { + dbuser.setOaIDs(null); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + configuration.getUserManagement().delete(dbuser); + + if (authUser.isAdmin()) { + MailHelper.sendUserAccountRevocationMail(dbuser); + } + + if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) { + return Constants.STRUTS_REAUTHENTICATE; + } + + } catch (final MOADatabaseException e) { + log.warn("UserData can not be deleted from Database", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + + } catch (final ConfigurationException e) { + log.warn("Information mail sending failed.", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + } + + finally { + } + } + + return Constants.STRUTS_SUCCESS; + } + + public String sendVerificationMail() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + String message = LanguageHelper.getErrorString("error.mail.send", request); + + if (authUser != null) { + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (dbuser != null) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + message = LanguageHelper.getErrorString("error.mail.send", request); + + } catch (final MOADatabaseException e) { + log.warn("Access UserInformationDatabase failed.", e); + } + } + } + + stream = new ByteArrayInputStream(message.getBytes()); + + return SUCCESS; + } + + private String saveFormToDB(UserDatabase dbuser) { + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + + if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { + dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); + + if (authUser.isAdmin()) { + dbuser.setIsActive(user.isActive()); + dbuser.setIsAdmin(user.isAdmin()); + + } + } + + if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { + dbuser.setFamilyname(user.getFamilyName()); + dbuser.setGivenname(user.getGivenName()); + dbuser.setInstitut(user.getInstitut()); + + if (authUser.isAdmin()) { + dbuser.setBpk(user.getBpk()); + if (user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_FN) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ZVR) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { + dbuser.setIsMandateUser(true); + } + } + + } else { + if (!dbuser.isIsMandateUser()) { + dbuser.setInstitut(user.getInstitut()); + } + } + + if (dbuser.isIsUsernamePasswordAllowed()) { + + if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) { + dbuser.setUsername(user.getUsername()); + } + + if (MiscUtil.isNotEmpty(user.getPassword())) { + final String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); + if (key == null) { + return LanguageHelper.getErrorString("errors.edit.user.save", request); + } + dbuser.setPassword(key); + } + } + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + } catch (final MOADatabaseException e) { + log.warn("User information can not be stored in Database.", e); + return LanguageHelper.getErrorString("errors.edit.user.save", request); + } + + return null; + } + + /** + * @return the userlist + */ + public List getUserlist() { + return userlist; + } + + /** + * @param userlist the userlist to set + */ + public void setUserlist(List userlist) { + this.userlist = userlist; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the useridobj + */ + public String getUseridobj() { + return useridobj; + } + + /** + * @param useridobj the useridobj to set + */ + public void setUseridobj(String useridobj) { + this.useridobj = useridobj; + } + + /** + * @return the newUser + */ + public boolean isNewUser() { + return newUser; + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java index c00eb46a5..5f03d89c1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java @@ -39,37 +39,36 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; */ public class VIDPAction extends InterfederationIDPAction { - private static final long serialVersionUID = 1981465294474566533L; + private static final long serialVersionUID = 1981465294474566533L; + + public VIDPAction() { + super(); + formList.putAll(buildVIDPFormList()); + } + + /** + * @return + * + */ + public static LinkedHashMap buildVIDPFormList() { + final LinkedHashMap forms = + new LinkedHashMap<>(); + + final OATargetConfiguration oaTarget = new OATargetConfiguration(); + forms.put(oaTarget.getName(), oaTarget); + + final OAAuthenticationData authOA = new OAAuthenticationData(); + forms.put(authOA.getName(), authOA); + + final OASTORKConfig storkOA = new OASTORKConfig(); + forms.put(storkOA.getName(), storkOA); + + final Map map = new HashMap<>(); + map.putAll(FormBuildUtils.getDefaultMap()); + final FormularCustomization formOA = new FormularCustomization(map); + forms.put(formOA.getName(), formOA); + + return forms; + } - - public VIDPAction() { - super(); - formList.putAll(buildVIDPFormList()); - } - - /** - * @return - * - */ - public static LinkedHashMap buildVIDPFormList() { - LinkedHashMap forms = - new LinkedHashMap(); - - OATargetConfiguration oaTarget = new OATargetConfiguration(); - forms.put(oaTarget.getName(), oaTarget); - - OAAuthenticationData authOA = new OAAuthenticationData(); - forms.put(authOA.getName(), authOA); - - OASTORKConfig storkOA = new OASTORKConfig(); - forms.put(storkOA.getName(), storkOA); - - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - forms.put(formOA.getName(), formOA); - - return forms; - } - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java index 08cd7c59d..e26e67196 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java @@ -33,47 +33,51 @@ import at.gv.egovernment.moa.logging.Logger; */ public class ConfigurationEncryptionUtils extends AbstractEncrytionUtil { - private static ConfigurationEncryptionUtils instance = null; - private static String key = null; - - public static ConfigurationEncryptionUtils getInstance() { - if (instance == null) { - try { - key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey(); - instance = new ConfigurationEncryptionUtils(); - - } catch (Exception e) { - Logger.warn("MOAConfiguration encryption initialization FAILED.", e); - - } - } - return instance; - } - - /** - * @throws DatabaseEncryptionException - */ - public ConfigurationEncryptionUtils() throws DatabaseEncryptionException { - super(); - - } + private static ConfigurationEncryptionUtils instance = null; + private static String key = null; - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() - */ - @Override - protected String getSalt() { - return "Configuration-Salt"; - - } + public static ConfigurationEncryptionUtils getInstance() { + if (instance == null) { + try { + key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey(); + instance = new ConfigurationEncryptionUtils(); - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() - */ - @Override - protected String getKey() { - return key; - - } + } catch (final Exception e) { + Logger.warn("MOAConfiguration encryption initialization FAILED.", e); + + } + } + return instance; + } + + /** + * @throws DatabaseEncryptionException + */ + public ConfigurationEncryptionUtils() throws DatabaseEncryptionException { + super(); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() + */ + @Override + protected String getSalt() { + return "Configuration-Salt"; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() + */ + @Override + protected String getKey() { + return key; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java index eca4c05ef..c4a9894ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -32,7 +32,6 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import org.opensaml.Configuration; import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObjectBuilder; import org.opensaml.xml.XMLObjectBuilderFactory; @@ -41,59 +40,59 @@ import org.opensaml.xml.io.MarshallingException; public class SAML2Utils { - static { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - factory.setValidating(false); - try { - builder = factory.newDocumentBuilder(); - } catch (ParserConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } + static { + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setValidating(false); + try { + builder = factory.newDocumentBuilder(); + } catch (final ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } - private static DocumentBuilder builder; + private static DocumentBuilder builder; - public static T createSAMLObject(final Class clazz) { - try { + public static T createSAMLObject(final Class clazz) { + try { - XMLObjectBuilderFactory builderFactory = Configuration - .getBuilderFactory(); + final XMLObjectBuilderFactory builderFactory = org.opensaml.xml.Configuration + .getBuilderFactory(); - QName defaultElementName = (QName) clazz.getDeclaredField( - "DEFAULT_ELEMENT_NAME").get(null); - Map builder = builderFactory.getBuilders(); - Iterator it = builder.keySet().iterator(); + final QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + final Map builder = builderFactory.getBuilders(); + final Iterator it = builder.keySet().iterator(); - while (it.hasNext()) { - QName qname = it.next(); - if (qname.equals(defaultElementName)) { - System.out.printf("Builder for: %s\n", qname.toString()); - } - } - XMLObjectBuilder xmlBuilder = builderFactory - .getBuilder(defaultElementName); - - T object = (T) xmlBuilder.buildObject(defaultElementName); - return object; - } catch (Throwable e) { - System.out.printf("Failed to create object for: %s\n", - clazz.toString()); - e.printStackTrace(); - return null; - } - } + while (it.hasNext()) { + final QName qname = it.next(); + if (qname.equals(defaultElementName)) { + System.out.printf("Builder for: %s\n", qname.toString()); + } + } + final XMLObjectBuilder xmlBuilder = builderFactory + .getBuilder(defaultElementName); + + final T object = (T) xmlBuilder.buildObject(defaultElementName); + return object; + } catch (final Throwable e) { + System.out.printf("Failed to create object for: %s\n", + clazz.toString()); + e.printStackTrace(); + return null; + } + } + + public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + final org.w3c.dom.Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } - public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException { - org.w3c.dom.Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - } - // public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException { // MetadataCredentialResolver resolver; // @@ -113,7 +112,5 @@ public class SAML2Utils { // return engine; // // } - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java index 5f55a61d5..a78de7362 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java @@ -26,68 +26,66 @@ import java.util.Calendar; import java.util.Date; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class UserRequestCleaner implements Runnable { - private static final Logger log = Logger.getLogger(UserRequestCleaner.class); - - private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min - - public void run() { - while (true) { - try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - - //clean up user request storage - List userrequests = config.getUserManagement().getAllOpenUsersRequests(); - if (userrequests != null) { - Calendar cal = Calendar.getInstance(); - cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1); - Date cleanupdate = cal.getTime(); - - for(UserDatabase dbuser : userrequests) { - Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - - if (requestdate != null && requestdate.after(cleanupdate)) { - log.info("Remove UserRequest from Database"); - config.getUserManagement().delete(dbuser); - } - - } - } - - //clean up active user storage - AuthenticationManager.getInstance().removeAllUsersAfterTimeOut(); - - Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); - - } catch (ConfigurationException e) { - log.info("UserRequestCleaner can not load configuration", e); - - } catch (InterruptedException e) { - - } - } - } - - /** - * start the sessionCleaner - */ - public static void start() { - // start the session cleanup thread - Thread sessionCleaner = new Thread(new UserRequestCleaner()); - sessionCleaner.setName("UserRequestCleaner"); - sessionCleaner.setDaemon(true); - sessionCleaner.setPriority(Thread.MIN_PRIORITY); - sessionCleaner.start(); - } - + private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min + + @Override + public void run() { + while (true) { + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + + // clean up user request storage + final List userrequests = config.getUserManagement().getAllOpenUsersRequests(); + if (userrequests != null) { + final Calendar cal = Calendar.getInstance(); + cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay() * -1); + final Date cleanupdate = cal.getTime(); + + for (final UserDatabase dbuser : userrequests) { + final Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + + if (requestdate != null && requestdate.after(cleanupdate)) { + log.info("Remove UserRequest from Database"); + config.getUserManagement().delete(dbuser); + } + + } + } + + // clean up active user storage + AuthenticationManager.getInstance().removeAllUsersAfterTimeOut(); + + Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); + + } catch (final ConfigurationException e) { + log.info("UserRequestCleaner can not load configuration", e); + + } catch (final InterruptedException e) { + + } + } + } + + /** + * start the sessionCleaner + */ + public static void start() { + // start the session cleanup thread + final Thread sessionCleaner = new Thread(new UserRequestCleaner()); + sessionCleaner.setName("UserRequestCleaner"); + sessionCleaner.setDaemon(true); + sessionCleaner.setPriority(Thread.MIN_PRIORITY); + sessionCleaner.start(); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java index b96b1e4b0..cbba90a6b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java @@ -28,51 +28,53 @@ import at.gv.egovernment.moa.id.configuration.Constants; public class CompanyNumberValidator implements IdentificationNumberValidator { - public boolean validate(String commercialRegisterNumber) { - - String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); - if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) - normalizedNumber = normalizedNumber.substring(2); - - return checkCommercialRegisterNumber(normalizedNumber); - } + @Override + public boolean validate(String commercialRegisterNumber) { - private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { - if (commercialRegisterNumber == null) { - return false; - } - commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, - '0'); - if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { - return false; - } - String digits = commercialRegisterNumber.substring(0, - commercialRegisterNumber.length() - 1); - char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber - .length() - 1); - boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; - return result; - } + String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); + if (normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + normalizedNumber = normalizedNumber.substring(2); + } - public static char calcCheckDigitFromCommercialRegisterNumber( - String commercialRegisterDigits) { - final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; - final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', - 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; - if (commercialRegisterDigits == null) { - throw new NullPointerException("Commercial register number missing."); - } - commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, - '0'); - if (!commercialRegisterDigits.matches("\\d{6}")) { - throw new IllegalArgumentException( - "Invalid commercial register number provided."); - } - int sum = 0; - for (int i = 0; i < commercialRegisterDigits.length(); i++) { - int value = commercialRegisterDigits.charAt(i) - '0'; - sum += WEIGHT[i] * value; - } - return CHECKDIGIT[sum % 17]; - } + return checkCommercialRegisterNumber(normalizedNumber); + } + + private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { + if (commercialRegisterNumber == null) { + return false; + } + commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, + '0'); + if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { + return false; + } + final String digits = commercialRegisterNumber.substring(0, + commercialRegisterNumber.length() - 1); + final char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber + .length() - 1); + final boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; + return result; + } + + public static char calcCheckDigitFromCommercialRegisterNumber( + String commercialRegisterDigits) { + final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; + final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', + 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; + if (commercialRegisterDigits == null) { + throw new NullPointerException("Commercial register number missing."); + } + commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, + '0'); + if (!commercialRegisterDigits.matches("\\d{6}")) { + throw new IllegalArgumentException( + "Invalid commercial register number provided."); + } + int sum = 0; + for (int i = 0; i < commercialRegisterDigits.length(); i++) { + final int value = commercialRegisterDigits.charAt(i) - '0'; + sum += WEIGHT[i] * value; + } + return CHECKDIGIT[sum % 17]; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index 4ef4bc762..318492e66 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -27,149 +27,155 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class FormularCustomizationValitator { - - private static final Logger log = Logger.getLogger(FormularCustomizationValitator.class); - - public List validate(FormularCustomization form, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { - log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); - errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", request)); - } - - check = form.getBackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request)); - } - } - - check = form.getFrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("BKUSelectionFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request)); - } - } - - check = form.getHeader_BackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("HeaderBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request)); - } - } - - check = form.getHeader_FrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("HeaderFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request)); - } - } - - check = form.getHeader_text(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("HeaderText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getButton_BackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request)); - } - } - - check = form.getButton_BackGroundColorFocus(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request)); - } - } - - check = form.getButton_FrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request)); - } - } - - check = form.getAppletRedirectTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!FormularCustomization.appletRedirectTargetList.contains(check)) { - log.warn("AppletRedirectTarget has not valid value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request)); - } - } - - check = form.getFontType(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.warn("FontType contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check = form.getApplet_height(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Applet height "+ check + " is no valid number"); - errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check = form.getApplet_width(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Applet width "+ check + " is no valid number"); - errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - return errors; - - } + + public List validate(FormularCustomization form, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { + log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", + request)); + } + + check = form.getBackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request)); + } + } + + check = form.getFrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request)); + } + } + + check = form.getHeader_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request)); + } + } + + check = form.getHeader_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request)); + } + } + + check = form.getHeader_text(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getButton_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request)); + } + } + + check = form.getButton_BackGroundColorFocus(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request)); + } + } + + check = form.getButton_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request)); + } + } + + check = form.getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!FormularCustomization.appletRedirectTargetList.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request)); + } + } + + check = form.getFontType(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getApplet_height(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height " + check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getApplet_width(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width " + check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + return errors; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java index d66c0da3a..84993f464 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java @@ -24,6 +24,6 @@ package at.gv.egovernment.moa.id.configuration.validation; public interface IdentificationNumberValidator { - boolean validate(String idNumber); - + boolean validate(String idNumber); + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index f0594c38d..13708c257 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; @@ -38,163 +36,161 @@ import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class UserDatabaseFormValidator { - private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); - - public List validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, - boolean isMandateUser, HttpServletRequest request) { - List errors = new ArrayList(); - - String check = null; - FileBasedUserConfiguration newConfigRead = null; - try { - newConfigRead = ConfigurationProvider.getInstance().getUserManagement(); - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - errors.add("Internal Server Error"); - return errors; - - } - - if (!isPVP2Generated) { - check = form.getGivenName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("GivenName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("GivenName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); - } - - - check = form.getFamilyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("FamilyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("FamilyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); - } - } - - if (!isMandateUser) { - check = form.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Organisation is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); - } - } - - check = form.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - log.warn("Mailaddress is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Mailaddress is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); - } - - check = form.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Phonenumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Phonenumber is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); - } - - if (form.isIsusernamepasswordallowed()) { - check = form.getUsername(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Username contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } else { - UserDatabase dbuser = newConfigRead.getUserWithUserName(check); - if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID ))) { - log.warn("Username " + check + " exists in UserDatabase"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); - form.setUsername(""); - } - } - } else { - if (userID == -1) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - } else { - UserDatabase dbuser = newConfigRead.getUserWithID(userID); - if (dbuser == null) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - } else { - form.setUsername(dbuser.getUsername()); - } - } - } - - check = form.getPassword(); - - if (MiscUtil.isEmpty(check)) { - if (userID == -1) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - } else { - UserDatabase dbuser = newConfigRead.getUserWithID(userID); - if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - } - } - - } else { - - if (check.equals(form.getPassword_second())) { - - String key = AuthenticationHelper.generateKeyFormPassword(check); - if (key == null) { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); - } - - } - else { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); - } - } - } - - check = form.getBpk(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.warn("BPK contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", - new Object[] {ValidationHelper.getNotValidIdentityLinkSignerCharacters()}, request )); - } - } - - return errors; - - } + public List validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, + boolean isMandateUser, HttpServletRequest request) { + final List errors = new ArrayList<>(); + + String check = null; + FileBasedUserConfiguration newConfigRead = null; + try { + newConfigRead = ConfigurationProvider.getInstance().getUserManagement(); + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + errors.add("Internal Server Error"); + return errors; + + } + + if (!isPVP2Generated) { + check = form.getGivenName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("GivenName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("GivenName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); + } + + check = form.getFamilyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("FamilyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("FamilyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); + } + } + + if (!isMandateUser) { + check = form.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Organisation is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); + } + } + + check = form.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Mailaddress is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); + } + + check = form.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Phonenumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Phonenumber is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); + } + + if (form.isIsusernamepasswordallowed()) { + check = form.getUsername(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Username contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + + } else { + final UserDatabase dbuser = newConfigRead.getUserWithUserName(check); + if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID))) { + log.warn("Username " + check + " exists in UserDatabase"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); + form.setUsername(""); + } + } + } else { + if (userID == -1) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + } else { + final UserDatabase dbuser = newConfigRead.getUserWithID(userID); + if (dbuser == null) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + } else { + form.setUsername(dbuser.getUsername()); + } + } + } + + check = form.getPassword(); + + if (MiscUtil.isEmpty(check)) { + if (userID == -1) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + } else { + final UserDatabase dbuser = newConfigRead.getUserWithID(userID); + if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + } + } + + } else { + + if (check.equals(form.getPassword_second())) { + + final String key = AuthenticationHelper.generateKeyFormPassword(check); + if (key == null) { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); + } + + } else { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); + } + } + } + + check = form.getBpk(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.warn("BPK contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", + new Object[] { ValidationHelper.getNotValidIdentityLinkSignerCharacters() }, request)); + } + } + + return errors; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 247004b75..62d53ab56 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -32,7 +32,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; @@ -41,114 +40,115 @@ import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MOAConfigValidator { - private static final Logger log = Logger.getLogger(MOAConfigValidator.class); - - public List validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { - - List errors = new ArrayList(); - - log.debug("Validate general MOA configuration"); - - - String check = form.getSaml1SourceID(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("SAML1 SourceID contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPublicURLPrefix(); - if (MiscUtil.isNotEmpty(check)) { - String[] publicURLPreFix = check.split(","); - if (form.isVirtualPublicURLPrefixEnabled()) { - for (String el : publicURLPreFix) { - if (!ValidationHelper.validateURL( - StringUtils.chomp(el.trim()))) { - log.info("Public URL Prefix " + el + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request)); - } - } - - } else { - if (!ValidationHelper.validateURL( - StringUtils.chomp(publicURLPreFix[0].trim()))) { - log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request)); - - } - - } - } else { - log.info("PublicURL Prefix is empty."); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); - } - - check = form.getTimeoutAssertion(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Assertion Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionCreated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionCreated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionUpdated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionUpdated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - + public List validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { + + final List errors = new ArrayList<>(); + + log.debug("Validate general MOA configuration"); + + String check = form.getSaml1SourceID(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("SAML1 SourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPublicURLPrefix(); + if (MiscUtil.isNotEmpty(check)) { + final String[] publicURLPreFix = check.split(","); + if (form.isVirtualPublicURLPrefixEnabled()) { + for (final String el : publicURLPreFix) { + if (!ValidationHelper.validateURL( + StringUtils.chomp(el.trim()))) { + log.info("Public URL Prefix " + el + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", + new Object[] { el }, request)); + } + } + + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(publicURLPreFix[0].trim()))) { + log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[] { + publicURLPreFix[0] }, request)); + + } + + } + } else { + log.info("PublicURL Prefix is empty."); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); + } + + check = form.getTimeoutAssertion(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Assertion Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionCreated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionCreated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionUpdated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionUpdated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + // check = form.getCertStoreDirectory(); // if (MiscUtil.isNotEmpty(check)) { // if (ValidationHelper.isValidOAIdentifier(check)) { // log.warn("CertStoreDirectory contains potentail XSS characters: " + check); -// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", +// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", // new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); // } // } else { // log.info("CertStoreDirectory is empty."); // errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); // } - - check = form.getDefaultBKUHandy(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); - } - } - - check = form.getDefaultBKULocal(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); - } - } - - check = form.getDefaultBKUOnline(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); - } - } - + + check = form.getDefaultBKUHandy(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check = form.getDefaultBKULocal(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check = form.getDefaultBKUOnline(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + // check = form.getDefaultchainigmode(); // if (MiscUtil.isEmpty(check)) { // log.info("Empty Defaultchainigmode"); @@ -160,166 +160,169 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request)); // } // } - - check = form.getMandateURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] misURLs = check.split(","); - for (String el : misURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getElgaMandateServiceURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] elgaServiceURLs = check.split(","); - for (String el : elgaServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getEidSystemServiceURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] eidServiceURLs = check.split(","); - for (String el : eidServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid E-ID System Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getMoaspssAuthTransformations(); - List authtranslist = new ArrayList(); - if (isMOAIDMode) { - if (MiscUtil.isEmpty(check)) { - log.info("Empty MoaspssAuthTransformation"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); - } else { - - //is only required if more then one transformation is in use - // check = StringHelper.formatText(check); - // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); - // int i=1; - // for(String el : list) { - // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { - // log.info("IdentityLinkSigners is not valid: " + el); - // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", - // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); - // - // } else { - // if (MiscUtil.isNotEmpty(el.trim())) - // authtranslist.add(el.trim()); - // } - // i++; - // } - authtranslist.add(check.trim()); - } - } - form.setAuthTransformList(authtranslist); - - if (isMOAIDMode) { - check = form.getMoaspssAuthTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssAuthTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - - check = form.getMoaspssURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MOA-SP/SS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); - } - } - } - - check = form.getPvp2IssuerName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 IssuerName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgDisplayName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation display name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("PVP2 organisation URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); - } - } - + + check = form.getMandateURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] misURLs = check.split(","); + for (final String el : misURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getElgaMandateServiceURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] elgaServiceURLs = check.split(","); + for (final String el : elgaServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getEidSystemServiceURL(); + if (MiscUtil.isNotEmpty(check)) { + final String[] eidServiceURLs = check.split(","); + for (final String el : eidServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid E-ID System Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getMoaspssAuthTransformations(); + final List authtranslist = new ArrayList<>(); + if (isMOAIDMode) { + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", + request)); + } else { + + // is only required if more then one transformation is in use + // check = StringHelper.formatText(check); + // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + // int i=1; + // for(String el : list) { + // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + // log.info("IdentityLinkSigners is not valid: " + el); + // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + // + // } else { + // if (MiscUtil.isNotEmpty(el.trim())) + // authtranslist.add(el.trim()); + // } + // i++; + // } + authtranslist.add(check.trim()); + } + } + form.setAuthTransformList(authtranslist); + + if (isMOAIDMode) { + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssAuthTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + } + } + } + + check = form.getPvp2IssuerName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 IssuerName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgDisplayName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation display name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 organisation URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); + } + } + // check = form.getPvp2PublicUrlPrefix(); // if (MiscUtil.isNotEmpty(check)) { // if (!ValidationHelper.validateURL(check)) { @@ -327,175 +330,175 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid")); // } // } - - if (isMOAIDMode) { - check = form.getSLRequestTemplateHandy(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Handy-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); - } - } - - check = form.getSLRequestTemplateLocal(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate local BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate local BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); - } - } - - check = form.getSLRequestTemplateOnline(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Online-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); - } - } - - check = form.getSsoFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("SSO friendlyname is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - // check = form.getSsoIdentificationNumber(); - // if (MiscUtil.isNotEmpty(check)) { - // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - // log.info("SSO IdentificationNumber is not valid: " + check); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", - // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - // } - // } - - // check = form.getSsoPublicUrl(); - // if (MiscUtil.isNotEmpty(check)) { - // if (!ValidationHelper.validateURL(check)) { - // log.info("SSO Public URL is not valid"); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); - // } - // } - - check = form.getSsoSpecialText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.info("SSO SpecialText is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", - new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); - } - } - - check = form.getSsoTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SSO Target"); - //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - - } else { - if (!ValidationHelper.isValidAdminTarget(check)) { - - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - - String num = check.replaceAll(" ", ""); - - if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || - num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || - num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { - - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); - } - - } - } - - check = form.getSzrgwURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] szrGWServiceURLs = check.split(","); - for (String el : szrGWServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{el}, request)); - } - } - } - } - - check = form.getTrustedCACerts(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); - - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("Not valid TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - - - if (isMOAIDMode) { - if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { - HashMap map = new HashMap(); - for (int i=0; i map = new HashMap<>(); + for (int i = 0; i < form.getFileUploadFileName().size(); i++) { + final String filename = form.getFileUploadFileName().get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsNotValidCharacter(filename, false)) { + log.info("SL Transformation Filename is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", + request)); + + } else { + try { + final File file = form.getFileUpload().get(i); + final FileInputStream stream = new FileInputStream(file); + map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + + } catch (final IOException e) { + log.info("SecurtiyLayerTransformation with FileName " + + filename + " can not be loaded.", e); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", + new Object[] { filename }, request)); + } + } + } + } + + form.setSecLayerTransformation(map); + + } else { + if (form.getSecLayerTransformation() == null) { + log.info("AuthBlock Transformation file is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); + + } + } + } + + final ContactForm contact = form.getPvp2Contact(); + if (contact != null) { + final PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); + errors.addAll(pvp2validator.validate(contact, request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index f7edbee71..f6deb6b09 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -28,76 +28,76 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class PVP2ContactValidator { - public static final List AllowedTypes= Arrays.asList( - "technical", - "support", - "administrative", - "billing", - "other"); - - private static final Logger log = Logger.getLogger(PVP2ContactValidator.class); - - public Listvalidate(ContactForm contact, HttpServletRequest request) { - List errors = new ArrayList(); - - String check = contact.getCompany(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: Company is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getGivenname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: GivenName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getSurname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: SureName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getType(); - if (MiscUtil.isNotEmpty(check)) { - if (!AllowedTypes.contains(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", request)); - } - } - - check = contact.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", request)); - } - } - - check = contact.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validatePhoneNumber(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", request)); - } - } - - return errors; - } + public static final List AllowedTypes = Arrays.asList( + "technical", + "support", + "administrative", + "billing", + "other"); + + public List validate(ContactForm contact, HttpServletRequest request) { + final List errors = new ArrayList<>(); + + String check = contact.getCompany(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: Company is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getGivenname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: GivenName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getSurname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: SureName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getType(); + if (MiscUtil.isNotEmpty(check)) { + if (!AllowedTypes.contains(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", + request)); + } + } + + check = contact.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", + request)); + } + } + + check = contact.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", + request)); + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 41fce8e60..088e377b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -5,8 +5,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; @@ -14,108 +12,117 @@ import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class StorkConfigValidator { - private static final Logger log = Logger.getLogger(StorkConfigValidator.class); + public List validate(GeneralStorkConfig form, HttpServletRequest request) { - public List validate(GeneralStorkConfig form, HttpServletRequest request) { + final List errors = new ArrayList<>(); - List errors = new ArrayList(); + log.debug("Validate general STORK configuration"); - log.debug("Validate general STORK configuration"); + // check peps list - // check peps list - // if (form.getCpepslist() != null) { // for(CPEPS current : form.getCpepslist()) { - if (form.getRawCPEPSList() != null) { - for(CPEPS current : form.getRawCPEPSList()) { - // if an existing record got deleted - if(null == current) - continue; - - // check country code - String check = current.getCountryCode(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { - log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {check}, request )); - } - - // check url - check = current.getURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("CPEPS config URL is invalid : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); - } - } else { - log.warn("CPEPS config url is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); - } - - } else { - log.warn("CPEPS config countrycode is empty : " + check); + if (form.getRawCPEPSList() != null) { + for (final CPEPS current : form.getRawCPEPSList()) { + // if an existing record got deleted + if (null == current) { + continue; + } + + // check country code + String check = current.getCountryCode(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + if (!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { check }, request)); + } + + // check url + check = current.getURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("CPEPS config URL is invalid : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); + } + } else { + log.warn("CPEPS config url is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] { check }, request)); + } + + } else { + log.warn("CPEPS config countrycode is empty : " + check); // errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", // new Object[] {check}, request )); - } - - } - - if (form.getCpepslist() != null) { - // ensure uniqueness of country code - for (CPEPS one : form.getCpepslist()) - for (CPEPS another : form.getCpepslist()) - if (null != one && null != another && one.getCountryCode() != null) - if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); - break; - } - } - } - - // check qaa - String qaa = form.getDefaultQaa(); - if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { - log.warn("eIDAS LoA is not allowed : " + qaa); - errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}, request )); - } - - // check attributes - if (MiscUtil.isNotEmpty(form.getAttributes())) { - for(StorkAttribute check : form.getAttributes()) { - if (check != null && MiscUtil.isNotEmpty(check.getName())) { - String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? - if (ValidationHelper.containsNotValidCharacter(tmp, true)) { - log.warn("default attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { - log.warn("default attributes do not match the requested format : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check}, request )); - } - - } - } - - //TODO: STORK attributes check if no attribute is set + } + + } + + if (form.getCpepslist() != null) { + // ensure uniqueness of country code + for (final CPEPS one : form.getCpepslist()) { + for (final CPEPS another : form.getCpepslist()) { + if (null != one && null != another && one.getCountryCode() != null) { + if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); + break; + } + } + } + } + } + } + + // check qaa + final String qaa = form.getDefaultQaa(); + if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] { qaa }, request)); + } + + // check attributes + if (MiscUtil.isNotEmpty(form.getAttributes())) { + for (final StorkAttribute check : form.getAttributes()) { + if (check != null && MiscUtil.isNotEmpty(check.getName())) { + final String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come + // with a "/", we need to + // exclude them from + // validation. TODO Or should + // we require the admin to + // escape them in the UI? + if (ValidationHelper.containsNotValidCharacter(tmp, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + if (!tmp.toLowerCase().matches("^[A-Za-z]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { check }, request)); + } + + } + } + + // TODO: STORK attributes check if no attribute is set // } else { // log.warn("no attributes specified"); // errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty", // new Object[] {} )); - } + } - return errors; - } + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index 5a31d8f47..9c5b145b8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -28,233 +28,228 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAAuthenticationDataValidation { - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - - - //Check BKU URLs - if (isAdmin) { - check =form.getBkuHandyURL(); - if (MiscUtil.isNotEmpty(check)) { + public List validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + // Check BKU URLs + if (isAdmin) { + check = form.getBkuHandyURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Handy-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); - } - } - - check =form.getBkuLocalURL(); - if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check = form.getBkuLocalURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Local-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); - } - } - - check =form.getBkuOnlineURL(); - if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check = form.getBkuOnlineURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Online-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); - } - } - } - - if (isAdmin) { - //check KeyBoxIdentifier - check = form.getKeyBoxIdentifier(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty KeyBoxIdentifier"); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); - } else { - Map list = form.getKeyBoxIdentifierList(); - if (!list.containsKey(check)) { - log.info("Not valid KeyBoxIdentifier " + check); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); - } - } - - //check LegacyMode SLTemplates - if (form.isLegacy()) { - if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && - MiscUtil.isEmpty(form.getSLTemplateURL2()) && - MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { - log.info("Empty OA-specific SecurityLayer Templates"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); - - } else { - check = form.getSLTemplateURL1(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("First OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); - } - check = form.getSLTemplateURL2(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("Second OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); - } - check = form.getSLTemplateURL3(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("Third OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); - } - } - } - } - - //check Mandate Profiles - check = form.getMandateProfiles(); - if (MiscUtil.isNotEmpty(check)) { - - if (!form.isUseMandates()) { - log.info("MandateProfiles configured but useMandates is false."); - errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); - } - - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.warn("MandateProfiles contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check =form.getMisServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MIS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", - new Object[]{check}, request)); - } - } - - check =form.getElgaServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid ELGA Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", - new Object[]{check}, request)); - } - } - - check =form.getSzrgwServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid SZR-GW Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{check}, request)); - } - } - - check =form.getEidServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid E-ID Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", - new Object[]{check}, request)); - } - } - - if (form.isEnableTestCredentials() - && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { - for (String el : form.getTestCredialOIDList()) { - if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) { - log.warn("Test credential OID does not start with test credential root OID"); - errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", - new Object[] {el}, request )); - } - } - - - } - - if (form.isSl20Active()) { - if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { - log.debug("Validate SL2.0 configuration ... "); - List sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); - if (sl20Endpoints.size() == 1) { - String value = sl20Endpoints.get(0); - - if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && - value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { - log.warn("SL2.0 endpoint '" + value + "' has wrong format"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {value}, request )); - - } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && - !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { - log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); - form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); - - } - - } else { - boolean findDefault = false; - for (String el : sl20Endpoints) { - if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { - log.warn("SL2.0 endpoint '" + el + "' has wrong format"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {el}, request )); - - } else { - if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { - log.debug("Find default endpoint."); - findDefault = true; - - } else { - String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; - try { - Integer.valueOf(firstPart); - - } catch (NumberFormatException e) { - log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {el}, request )); - - } - } - } - } - - if (!findDefault) { - log.warn("SL2.0 endpoints contains NO default endpoint"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", - new Object[] {}, request )); - - } - } - } - } - - return errors; - } + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + } + + if (isAdmin) { + // check KeyBoxIdentifier + check = form.getKeyBoxIdentifier(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); + } else { + final Map list = form.getKeyBoxIdentifierList(); + if (!list.containsKey(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); + } + } + + // check LegacyMode SLTemplates + if (form.isLegacy()) { + if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && + MiscUtil.isEmpty(form.getSLTemplateURL2()) && + MiscUtil.isEmpty(form.getSLTemplateURL3())) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); + + } else { + check = form.getSLTemplateURL1(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); + } + check = form.getSLTemplateURL2(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); + } + check = form.getSLTemplateURL3(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); + } + } + } + } + + // check Mandate Profiles + check = form.getMandateProfiles(); + if (MiscUtil.isNotEmpty(check)) { + + if (!form.isUseMandates()) { + log.info("MandateProfiles configured but useMandates is false."); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); + } + + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getMisServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MIS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[] { check }, request)); + } + } + + check = form.getElgaServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid ELGA Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[] { check }, request)); + } + } + + check = form.getSzrgwServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid SZR-GW Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[] { check }, request)); + } + } + + check = form.getEidServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid E-ID Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[] { check }, request)); + } + } + + if (form.isEnableTestCredentials() + && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { + for (final String el : form.getTestCredialOIDList()) { + if (!el.startsWith(MOAIDConstants.TESTCREDENTIALROOTOID)) { + log.warn("Test credential OID does not start with test credential root OID"); + errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", + new Object[] { el }, request)); + } + } + + } + + if (form.isSl20Active()) { + if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { + log.debug("Validate SL2.0 configuration ... "); + final List sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); + if (sl20Endpoints.size() == 1) { + final String value = sl20Endpoints.get(0); + + if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + value + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { value }, request)); + + } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + !value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); + form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); + + } + + } else { + boolean findDefault = false; + for (final String el : sl20Endpoints) { + if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { el }, request)); + + } else { + if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { + log.debug("Find default endpoint."); + findDefault = true; + + } else { + final String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; + try { + Integer.valueOf(firstPart); + + } catch (final NumberFormatException e) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { el }, request)); + + } + } + } + } + + if (!findDefault) { + log.warn("SL2.0 endpoints contains NO default endpoint"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", + new Object[] {}, request)); + + } + } + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java index 2011a07f1..951b89753 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -27,67 +27,62 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.io.IOUtils; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAFileUploadValidation { - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List validate(List fileName, List files, - String errorMsgPreFix, Map output, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (fileName != null) { - - if (fileName.size() > 1) { - log.info("Only one BKU-selecten template file can be stored"); - errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request)); - } - - for (int i=0; i validate(List fileName, List files, + String errorMsgPreFix, Map output, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (fileName != null) { + + if (fileName.size() > 1) { + log.info("Only one BKU-selecten template file can be stored"); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request)); + } + + for (int i = 0; i < fileName.size(); i++) { + final String filename = fileName.get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsNotValidCharacter(filename, false)) { + log.info("Filename is not valid"); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request)); + + } else { + try { + final File file = files.get(i); + final InputStream stream = new FileInputStream(file); + output.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + stream.close(); + + } catch (final IOException e) { + log.info("File with FileName " + + filename + " can not be loaded.", e); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid", + new Object[] { filename }, request)); + } + } + } + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java index c30c11f5a..205e792fa 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java @@ -28,30 +28,29 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAOAUTH20ConfigValidation { - - private static final Logger log = Logger.getLogger(OAOAUTH20ConfigValidation.class); - - public List validate(OAOAuth20Config form, HttpServletRequest request) { - - List errors = new ArrayList(); - - // validate secret + + public List validate(OAOAuth20Config form, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + // validate secret // if (StringUtils.isEmpty(form.getClientSecret())) { // errors.add(LanguageHelper.getErrorString("error.oa.oauth.clientSecret")); // } - - // validate redirectUri - if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); - } - - return errors; - } + + // validate redirectUri + if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index cbb7c88b2..8e9865a3a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -33,7 +33,6 @@ import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; -import org.apache.log4j.Logger; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataFilterChain; @@ -57,186 +56,189 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAPVP2ConfigValidation { - private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); - - public List validate(OAPVP2Config form, String oaID, HttpServletRequest request) { - - Timer timer = null; - MOAHttpClient httpClient = null; - HTTPMetadataProvider httpProvider = null; - - List errors = new ArrayList(); - try { - byte[] certSerialized = null; - if (form.getFileUpload() != null) - certSerialized = form.getCertificate(); - - else { - try { - //Some databases does not allow the selection of a lob in SQL where expression - String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); - boolean backupVersion = false; - if (MiscUtil.isNotEmpty(dbDriver)) { - for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { - if (dbDriver.startsWith(el)) { - backupVersion = true; - log.debug("JDBC driver '" + dbDriver - + "' is blacklisted --> Switch to alternative DB access methode implementation."); - - } - - } - } - - Map oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion); - if (oa != null && - MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) { - certSerialized = Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false); - form.setStoredCert(certSerialized); - } - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - } - - String check = form.getMetaDataURL(); - if (MiscUtil.isNotEmpty(check)) { - - if (!ValidationHelper.validateURL(check)) { - log.info("MetaDataURL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); - - } else { - if (certSerialized == null) { - log.info("No certificate for metadata validation"); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - - } else { - if (form.getMetaDataURL().startsWith("http")) { - X509Certificate cert = new X509Certificate(certSerialized); - BasicX509Credential credential = new BasicX509Credential(); - credential.setEntityCertificate(cert); - - timer = new Timer(); - httpClient = new MOAHttpClient(); - - if (form.getMetaDataURL().startsWith("https:")) - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - true, - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - false); - - httpClient.setCustomSSLTrustStore( - form.getMetaDataURL(), - protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); - - } catch (ConfigurationException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); - - } - - List filterList = new ArrayList(); - filterList.add(new MetaDataVerificationFilter(credential)); - - try { - filterList.add(new SchemaValidationFilter( - ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); - - } catch (ConfigurationException e) { - log.warn("Configuration access FAILED!", e); - - } - - MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - httpProvider = - new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); - httpProvider.setParserPool(new BasicParserPool()); - httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(filter); - httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes - httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - - httpProvider.setRequireValidMetadata(true); - - httpProvider.initialize(); - - - - - if (httpProvider.getMetadata() == null) { - log.info("Metadata could be received but validation FAILED."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); - } - - } else { - log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL()); - - } - - } - } - } - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - - } catch (IOException e) { - log.info("Metadata can not be loaded from URL", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); - - } catch (MetadataProviderException e) { - - try { - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - log.info("SSL Server certificate not trusted.", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); - - } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); - - } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); - - } else { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - } - - } catch (Exception e1) { - log.info("MetaDate verification failed", e1); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - - } - - } finally { - if (httpProvider != null) - httpProvider.destroy(); - - if (timer != null) - timer.cancel(); - - } - - return errors; - } + public List validate(OAPVP2Config form, String oaID, HttpServletRequest request) { + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; + + final List errors = new ArrayList<>(); + try { + byte[] certSerialized = null; + if (form.getFileUpload() != null) { + certSerialized = form.getCertificate(); + } else { + try { + // Some databases does not allow the selection of a lob in SQL where expression + final String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties() + .getProperty("hibernate.connection.driver_class"); + boolean backupVersion = false; + if (MiscUtil.isNotEmpty(dbDriver)) { + for (final String el : MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + backupVersion = true; + log.debug("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + + } + } + + final Map oa = ConfigurationProvider.getInstance().getDbRead() + .getOnlineApplicationKeyValueWithId(oaID, backupVersion); + if (oa != null && + MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) { + certSerialized = Base64Utils.decode(oa.get( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false); + form.setStoredCert(certSerialized); + } + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + } + + final String check = form.getMetaDataURL(); + if (MiscUtil.isNotEmpty(check)) { + + if (!ValidationHelper.validateURL(check)) { + log.info("MetaDataURL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); + + } else { + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + + } else { + if (form.getMetaDataURL().startsWith("http")) { + final X509Certificate cert = new X509Certificate(certSerialized); + final BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (form.getMetaDataURL().startsWith("https:")) { + try { + final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + true, + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[] { "crl" }, + false); + + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); + + } catch (final MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } catch (final ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); + + } + } + + final List filterList = new ArrayList<>(); + filterList.add(new MetaDataVerificationFilter(credential)); + + try { + filterList.add(new SchemaValidationFilter( + ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (final ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes + httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours + + httpProvider.setRequireValidMetadata(true); + + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } + + } else { + log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form + .getMetaDataURL()); + + } + + } + } + } + + } catch (final CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + + } catch (final IOException e) { + log.info("Metadata can not be loaded from URL", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); + + } catch (final MetadataProviderException e) { + + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + } + + } catch (final Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + + } + + } finally { + if (httpProvider != null) { + httpProvider.destroy(); + } + + if (timer != null) { + timer.cancel(); + } + + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java index 95104b929..903e8899a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java @@ -27,25 +27,23 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASAML1ConfigValidation { - private static final Logger log = Logger.getLogger(OASAML1ConfigValidation.class); - - public List validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) { - - List errors = new ArrayList(); - - if (general.isBusinessService() && form.isProvideStammZahl()) { - log.info("ProvideStammZahl can not be used with BusinessService applications"); - errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request)); - } - - return errors; - } + public List validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + if (general.isBusinessService() && form.isProvideStammZahl()) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index 971e11cc4..109257551 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -27,33 +27,31 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASSOConfigValidation { - - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) { - - List errors = new ArrayList(); - - String urlString = form.getSingleLogOutURL(); - if (MiscUtil.isEmpty(urlString)) { - log.info("No Single Log-Out URL"); - //TODO: set error if it is implemented - //errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty")); - } else { - if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { - log.info("Single Log-Out url validation error"); - errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request)); - } - } - - return errors; - } + + public List validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + final String urlString = form.getSingleLogOutURL(); + if (MiscUtil.isEmpty(urlString)) { + log.info("No Single Log-Out URL"); + // TODO: set error if it is implemented + // errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty")); + } else { + if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { + log.info("Single Log-Out url validation error"); + errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request)); + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 00ccdca8c..a8836145a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -28,60 +28,59 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASTORKConfigValidation { - private static final Logger log = Logger.getLogger(OASTORKConfigValidation.class); + public List validate(OASTORKConfig oageneral, HttpServletRequest request) { + + final List errors = new ArrayList<>(); + + // check qaa + final String qaa = oageneral.getQaa(); + if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] { qaa }, request)); + } + + if (oageneral.isVidpEnabled()) { + final Iterator interator = oageneral.getAttributeProviderPlugins().iterator(); + while (interator.hasNext()) { + final AttributeProviderPlugin current = interator.next(); + if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); + } + if (MiscUtil.isEmpty(current.getName())) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request)); - public List validate(OASTORKConfig oageneral, HttpServletRequest request) { + } else { + if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request)); + } + } - List errors = new ArrayList(); + if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches( + "[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request)); + } + } - // check qaa - String qaa = oageneral.getQaa(); - if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { - log.warn("eIDAS LoA is not allowed : " + qaa); - errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}, request )); - } - - if (oageneral.isVidpEnabled()) { - Iterator interator = oageneral.getAttributeProviderPlugins().iterator(); - while (interator.hasNext()) { - AttributeProviderPlugin current = interator.next(); - if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { - log.info("AttributeProviderPlugin URL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); - } - if (MiscUtil.isEmpty(current.getName())) { - log.info("AttributeProviderPlugin Name is empty."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request)); - - } else { - if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { - log.info("AttributeProviderPlugin Name is not supported."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request)); - } - } - - if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { - log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request)); - } - } - - } else { - oageneral.setAttributeProviderPlugins(null); - } + } else { + oageneral.setAttributeProviderPlugins(null); + } - return errors; - } + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java index 4807d479e..3e1ed0a38 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -29,8 +29,6 @@ import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; @@ -38,133 +36,133 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OATargetConfigValidation { - private static final Logger log = Logger.getLogger(OATargetConfigValidation.class); - - public List validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) { - - List errors = new ArrayList(); - String check; - - if (general.isBusinessService()) { - - //check identification type - check = form.getIdentificationType(); - if (!form.getIdentificationTypeList().contains(check)) { - log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); - } - - //check identification number - check = form.getIdentificationNumber(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty IdentificationNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - - if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { - CompanyNumberValidator val = new CompanyNumberValidator(); - if (!val.validate(check)) { - log.info("Not valid CompanyNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); - } - - } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { - Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}"); - Matcher matcher = pattern.matcher(check); - if (!matcher.matches()) { - log.info("Not valid eIDAS Target"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid", request)); - - } - - } - } - - } else { - - check = form.getTarget_subsector(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target-Subsector"); - errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); - } - } - - - if (!isAdmin) { - //check PublicURL Prefix allows PublicService - if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { - log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); - errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", - new Object[] {general.getIdentifier()}, request )); - general.setBusinessService(true); - return errors; - - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - - } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - } else { - - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - //check Admin Target - check = form.getTarget_admin(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); - } - } - } - } - - - //foreign bPK configuration - - - return errors; - } + public List validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, + HttpServletRequest request) { + + final List errors = new ArrayList<>(); + String check; + + if (general.isBusinessService()) { + + // check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); + } + + // check identification number + check = form.getIdentificationNumber(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { + final CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", + request)); + } + + } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { + final Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}"); + final Matcher matcher = pattern.matcher(check); + if (!matcher.matches()) { + log.info("Not valid eIDAS Target"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid", + request)); + + } + + } + } + + } else { + + check = form.getTarget_subsector(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); + } + } + + if (!isAdmin) { + // check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] { general.getIdentifier() }, request)); + general.setBusinessService(true); + return errors; + + } + + // check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + } else { + + // check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + } + + // check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + // check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); + } + } + } + } + + // foreign bPK configuration + + return errors; + } } diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 36275beea..7bc933703 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -60,9 +60,9 @@ - - org.slf4j - slf4j-log4j12 + + org.apache.logging.log4j + log4j-slf4j-impl diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index e78ebd175..f6fb3ecd7 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -38,6 +38,17 @@ default https://git.egiz.gv.at/EAAF-Components/plain/eaaf_modules/eaaf_module_moa-sig/repository + + egiz-commons + https://apps.egiz.gv.at/maven + + true + ignore + + + false + + @@ -57,37 +68,37 @@ - MOA.spss.server - moa-sig-lib - 3.1.3 - - - commons-logging - commons-logging - - - * - axis - - + moaSig + moa-sig-lib + 3.1.4 + + + commons-logging + commons-logging + + + * + axis + + - MOA.spss - common - 3.1.3 + moaSig + common + 3.1.4 - MOA.spss - tsl_lib - 2.0.3 + at.gv.egovernment.moa.sig + tsl-lib + 2.0.5 iaik.prod iaik_cms - 5.1 + 5.1.1 iaik.prod @@ -129,7 +140,7 @@ iaik.prod iaik_moa - 2.06 + 2.07 iaik.prod @@ -162,8 +173,10 @@ 2.14_moa - - + + joda-time + joda-time + javax.mail diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 2897de96b..6dfd29b59 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -98,10 +98,10 @@ org.slf4j slf4j-api - - org.slf4j - slf4j-log4j12 - + + org.apache.logging.log4j + log4j-slf4j-impl + MOA.id.server diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java index 07edb250d..5db37d2f7 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java @@ -35,7 +35,6 @@ import java.util.Timer; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.HttpClient; -import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.xml.parse.BasicParserPool; @@ -45,11 +44,10 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.MetaDataVerificationFilter; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class Configuration { - - private static final Logger log = Logger.getLogger(Configuration.class); private Properties props; private static final String SYSTEM_PROP_CONFIG = "moa.id.demoOA"; diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index d4c67cfae..040ec330c 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -48,12 +48,10 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; -import org.opensaml.saml2.common.Extensions; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; @@ -64,12 +62,10 @@ import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.io.Unmarshaller; import org.opensaml.xml.io.UnmarshallingException; -import org.opensaml.xml.schema.XSAny; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; @@ -82,296 +78,299 @@ import org.xml.sax.SAXException; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; -import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver; import at.gv.egovernment.moa.id.demoOA.Configuration; import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - - /** * Servlet implementation class Authenticate */ public class Authenticate extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - - /** - * @see HttpServlet#HttpServlet() - */ - public Authenticate() { - super(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - builder = factory.newDocumentBuilder(); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - } - } - - DocumentBuilder builder; - - - //generate AuthenticationRequest - protected void process(HttpServletRequest request, - HttpServletResponse response, Map legacyParameter) throws ServletException, IOException { - try { - - Configuration config = Configuration.getInstance(); - config.initializePVP2Login(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - String relayState = String.valueOf(RandomUtils.nextLong()); - - if (config.useRedirectBindingResponse()) - authReq.setAssertionConsumerServiceIndex(1); - else - authReq.setAssertionConsumerServiceIndex(0); - - authReq.setAttributeConsumingServiceIndex(0); - - authReq.setIssueInstant(new DateTime()); + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public Authenticate() { + super(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + } + } + + DocumentBuilder builder; + + // generate AuthenticationRequest + protected void process(HttpServletRequest request, + HttpServletResponse response, Map legacyParameter) throws ServletException, + IOException { + try { + + final Configuration config = Configuration.getInstance(); + config.initializePVP2Login(); + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + final String relayState = String.valueOf(RandomUtils.nextLong()); + + if (config.useRedirectBindingResponse()) { + authReq.setAssertionConsumerServiceIndex(1); + } else { + authReq.setAssertionConsumerServiceIndex(0); + } + + authReq.setAttributeConsumingServiceIndex(0); + + authReq.setIssueInstant(new DateTime()); // Subject subject = SAML2Utils.createSAMLObject(Subject.class); // NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - //name.setValue(serviceURL); - issuer.setValue(serviceURL); - + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + // name.setValue(serviceURL); + issuer.setValue(serviceURL); + // subject.setNameID(name); // authReq.setSubject(subject); - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - - if (config.setNameIdPolicy()) { - NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); - } - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config.useRedirectBindingRequest()) { - redirectEndpoint = sss; - } - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config.useRedirectBindingRequest()) { - redirectEndpoint = sss; - } - - } - - if (redirectEndpoint == null) { - log.warn("Can not find valid EndPoint for SAML2 response"); - throw new ConfigurationException("Can not find valid EndPoint for SAML2 response"); - - } - - authReq.setDestination(redirectEndpoint.getLocation()); - - //authReq.setDestination("http://test.test.test"); - - if (config.setAuthnContextClassRef()) { - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { - authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); - - } else { - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - } - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - authReq.setRequestedAuthnContext(reqAuthContext); - } - - if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { - Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); - RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); - requesterId.setRequesterID(config.getScopeRequesterId()); - scope.getRequesterIDs().add(requesterId ); - authReq.setScoping(scope ); - - } - - if (config.isEidasProxySimulatorEnabled()) { - authReq = injectEidasMsProxyAttributes(request, authReq); - - } - - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - authReq.setSignature(signer); - - - if (!config.useRedirectBindingRequest()) { - //generate Http-POST Binding message - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - engine.init(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "templates/pvp_postbinding_template.html"); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(authReq); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - encoder.encode(context); - - } else { - //generate Redirect Binding message - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(redirectEndpoint.getLocation()); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(authReq); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - encoder.encode(context); - - } - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - - private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq) - throws SAXException, IOException, ParserConfigurationException, MarshallingException, UnmarshallingException { - - //build extension from template - String xmlTemplate = IOUtils.toString( - Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"), - StandardCharsets.UTF_8); - - String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, "eidasCountry", "DE"); - String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high"); - String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", "test"); - String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + + if (config.setNameIdPolicy()) { + final NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameIDType.PERSISTENT); + authReq.setNameIDPolicy(policy); + } + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleSignOnService redirectEndpoint = null; + for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleSignOnServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config + .useRedirectBindingRequest()) { + redirectEndpoint = sss; + } + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config + .useRedirectBindingRequest()) { + redirectEndpoint = sss; + } + + } + + if (redirectEndpoint == null) { + log.warn("Can not find valid EndPoint for SAML2 response"); + throw new ConfigurationException("Can not find valid EndPoint for SAML2 response"); + + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + // authReq.setDestination("http://test.test.test"); + + if (config.setAuthnContextClassRef()) { + final RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + final AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { + authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); + + } else { + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + } + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + } + + if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { + final Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); + final RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); + requesterId.setRequesterID(config.getScopeRequesterId()); + scope.getRequesterIDs().add(requesterId); + authReq.setScoping(scope); + + } + + if (config.isEidasProxySimulatorEnabled()) { + authReq = injectEidasMsProxyAttributes(request, authReq); + + } + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + authReq.setSignature(signer); + + if (!config.useRedirectBindingRequest()) { + // generate Http-POST Binding message + final VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + engine.init(); + + final HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "templates/pvp_postbinding_template.html"); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } else { + // generate Redirect Binding message + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq) + throws SAXException, IOException, ParserConfigurationException, MarshallingException, + UnmarshallingException { + + // build extension from template + final String xmlTemplate = IOUtils.toString( + Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"), + StandardCharsets.UTF_8); + + final String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, + "eidasCountry", "DE"); + final String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high"); + final String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", + "test"); + final String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector); log.debug("Formated requested attributes: " + xmlString); - - Document extension = DOMUtils.parseDocument(xmlString, false, null, null); - - - //marshalle, inject, and unmarshalle request to set extension - //TODO: find better solution, be it is good enough for a first simple test + + final Document extension = DOMUtils.parseDocument(xmlString, false, null, null); + + // marshalle, inject, and unmarshalle request to set extension + // TODO: find better solution, be it is good enough for a first simple test DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(authReq); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(authReq); out.marshall(authReq, document); - - Node extElement = document.importNode(extension.getDocumentElement(), true); - //document.getDocumentElement().appendChild(extElement); + + final Node extElement = document.importNode(extension.getDocumentElement(), true); + // document.getDocumentElement().appendChild(extElement); document.getDocumentElement().insertBefore(extElement, document.getChildNodes().item(2)); - - Unmarshaller in = org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(document.getDocumentElement()); + + final Unmarshaller in = org.opensaml.xml.Configuration.getUnmarshallerFactory().getUnmarshaller(document + .getDocumentElement()); return (AuthnRequest) in.unmarshall(document.getDocumentElement()); - + } - - + private String getParameterOrDefault(HttpServletRequest request, String paramName, String defaultValue) { - String reqParam = request.getParameter(paramName); + final String reqParam = request.getParameter(paramName); if (MiscUtil.isEmpty(reqParam)) { return defaultValue; - + } else { return reqParam; - + } - + } + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response, null); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response, null); - } + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index d28f94fd6..005291082 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -42,7 +42,6 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; @@ -75,267 +74,263 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class BuildMetadata extends HttpServlet { - Logger log = Logger.getLogger(BuildMetadata.class); - - private static final long serialVersionUID = 1L; - - private static final int VALIDUNTIL_IN_HOURS = 24; - - /** - * @see HttpServlet#HttpServlet() - */ - public BuildMetadata() { - super(); - } - - protected static Signature getSignature(Credential credentials) { - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - Configuration config = Configuration.getInstance(); - - SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); - - EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. - createSAMLObject(EntitiesDescriptor.class); - - DateTime date = new DateTime(); - spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); - - String name = config.getPVP2MetadataEntitiesName(); - if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); - throw new ConfigurationException("NO Metadata EntitiesName configurated"); - } - - spEntitiesDescriptor.setName(name); - spEntitiesDescriptor.setID(idGen.generateIdentifier()); - - //set period of validity for metadata information - DateTime validUntil = new DateTime(); - spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); - - - EntityDescriptor spEntityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); - - spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); - - //set OA-ID (PublicURL Prefix) as identifier - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - log.debug("Set OnlineApplicationURL to " + serviceURL); - spEntityDescriptor.setEntityID(serviceURL); - - SPSSODescriptor spSSODescriptor = SAML2Utils - .createSAMLObject(SPSSODescriptor.class); - - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(true); - - X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityCertificate(true); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential signingcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreMetadataKeyAlias(), - config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - - - log.debug("Set Metadata key information"); - //Set MetaData Signing key - KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); - entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); - Signature entitiesSignature = getSignature(signingcredential); - spEntitiesDescriptor.setSignature(entitiesSignature); - - - //Set AuthRequest Signing certificate - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - - //set AuthRequest encryption certificate - if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) || - MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) { - X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - - //set encryption methode + + private static final long serialVersionUID = 1L; + + private static final int VALIDUNTIL_IN_HOURS = 24; + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final Configuration config = Configuration.getInstance(); + + final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + final DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + + final String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + // set period of validity for metadata information + final DateTime validUntil = new DateTime(); + spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); + + final EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + // set OA-ID (PublicURL Prefix) as identifier + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + final SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + log.debug("Set Metadata key information"); + // Set MetaData Signing key + final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + final Signature entitiesSignature = getSignature(signingcredential); + spEntitiesDescriptor.setSignature(entitiesSignature); + + // Set AuthRequest Signing certificate + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + final KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + // set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) || + MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) { + final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + final KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + + // set encryption methode // EncryptionMethod encMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class); -// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); +// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); // encryKeyDescriptor.getEncryptionMethods().add(encMethode); -// +// // EncryptionMethod keyencMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class); -// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); +// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); // encryKeyDescriptor.getEncryptionMethods().add(keyencMethode); - - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - - NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); - - spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); - - NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientnameIDFormat.setFormat(NameIDType.TRANSIENT); - - spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); - - NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - - //set HTTP-POST Binding assertion consumer service - AssertionConsumerService postassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - //set HTTP-Redirect Binding assertion consumer service - AssertionConsumerService redirectassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - redirectassertionConsumerService.setIndex(1); - redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); - - //set Single Log-Out service - SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT); - spSSODescriptor.getSingleLogoutServices().add(sloService); - - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - - AttributeConsumingService attributeService = - SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "de")); - attributeService.getNames().add(serviceName); - - //set attributes which are requested - attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - - //build metadata - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); - out.marshall(spEntitiesDescriptor, document); - - Signer.signObject(entitiesSignature); - - Transformer transformer = TransformerFactory.newInstance().newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - String metadataXML = sw.toString(); - - response.setContentType("text/xml"); - response.getOutputStream().write(metadataXML.getBytes()); - - response.getOutputStream().close(); - - } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - } + + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + // set HTTP-POST Binding assertion consumer service + final AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + // set HTTP-Redirect Binding assertion consumer service + final AssertionConsumerService redirectassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + // set Single Log-Out service + final SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT); + spSSODescriptor.getSingleLogoutServices().add(sloService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + final AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + // set attributes which are requested + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + // build metadata + DocumentBuilder builder; + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + final Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + final StringWriter sw = new StringWriter(); + final StreamResult sr = new StreamResult(sw); + final DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + final String metadataXML = sw.toString(); + + response.setContentType("text/xml"); + response.getOutputStream().write(metadataXML.getBytes()); + + response.getOutputStream().close(); + + } catch (final ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (final Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } } \ No newline at end of file diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index df58fbc7a..e4acd8152 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; @@ -85,280 +84,285 @@ import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.PVPConstants; import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class DemoApplication extends HttpServlet { - Logger log = Logger.getLogger(DemoApplication.class); - - private static final long serialVersionUID = -2129228304760706063L; - - - - private void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - - ApplicationBean bean = new ApplicationBean(); - - log.debug("Receive request on secure-area endpoint ..."); - - String method = request.getMethod(); - HttpSession session = request.getSession(); - if (session == null) { - log.info("NO HTTP Session"); - bean.setErrorMessage("NO HTTP session"); - setAnser(request, response, bean); - return; - } - - try { - Configuration config = Configuration.getInstance(); - Response samlResponse = null; - - if (method.equals("GET")) { - log.debug("Find possible SAML2 Redirect-Binding response ..."); - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - - messageContext.setMetadataProvider(config.getMetaDataProvier()); - - MetadataCredentialResolver resolver = new MetadataCredentialResolver(config.getMetaDataProvier()); - List keyInfoProvider = new ArrayList(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( - resolver, keyInfoResolver); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(engine); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy); - messageContext.setSecurityPolicyResolver(resolver1); - - decode.decode(messageContext); - - log.info("PVP2 Assertion with Redirect-Binding is valid"); - - } else if (method.equals("POST")) { - log.debug("Find possible SAML2 Post-Binding response ..."); - //Decode with HttpPost Binding - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); - decode.decode(messageContext); - - samlResponse = (Response) messageContext.getInboundMessage(); - - Signature sign = samlResponse.getSignature(); - if (sign == null) { - log.info("Only http POST Requests can be used"); - bean.setErrorMessage("Only http POST Requests can be used"); - setAnser(request, response, bean); - return; - } - - //Validate Signature - SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); - profileValidator.validate(sign); - - //Verify Signature - List keyInfoProvider = new ArrayList(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); - MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); - criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); - criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); - - ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); - trustEngine.validate(sign, criteriaSet); - - log.info("PVP2 Assertion with POST-Binding is valid"); - - } else { - bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); - setAnser(request, response, bean); - return; - - } - - - if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - List saml2assertions = new ArrayList(); - - //check encrypted Assertion - List encryAssertionList = samlResponse.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - log.debug("Found encryped assertion. Start decryption ..."); - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(authDecCredential); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion); - samlResponse.getAssertions().add(decryptedAssertion); - log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument(decryptedAssertion))); - - } - - log.debug("Assertion decryption finished. "); - - } else { - log.debug("Assertiojn is not encryted. Use it as it is"); - - } - - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - - String principleId = null; - String givenName = null; - String familyName = null; - String birthday = null; - - log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption"); - - for (org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) { - - try { - principleId = saml2assertion.getSubject().getNameID().getValue(); - - } catch (Exception e) { - log.warn("Can not read SubjectNameId", e); - } - - //loop through the nodes to get what we want - List attributeStatements = saml2assertion.getAttributeStatements(); - for (int i = 0; i < attributeStatements.size(); i++) - { - List attributes = attributeStatements.get(i).getAttributes(); - for (int x = 0; x < attributes.size(); x++) - { - - - String strAttributeName = attributes.get(x).getName(); - - log.debug("Find attribute with name: " + strAttributeName + " and value: " - + attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue()); - - if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { - familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - - if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { - givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - - if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { - birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - - if (strAttributeName.equals(PVPConstants.BPK_NAME)) { - principleId = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - } - } - } - request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, - saml2assertion.getSubject().getNameID().getFormat()); - request.getSession().setAttribute(Constants.SESSION_NAMEID, - saml2assertion.getSubject().getNameID().getValue()); - - } - - bean.setPrincipleId(principleId); - bean.setDateOfBirth(birthday); - bean.setFamilyName(familyName); - bean.setGivenName(givenName); - bean.setLogin(true); - - setAnser(request, response, bean); - return; - - - } else { - bean.setErrorMessage("Der Anmeldevorgang wurde abgebrochen.
Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion."); - setAnser(request, response, bean); - return; - - } - - } catch (Exception e) { - log.warn(e); - bean.setErrorMessage("Internal Error: " + e.getMessage()); - setAnser(request, response, bean); - return; - } - - } - - private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException { - // store bean in session - request.setAttribute("answers", answersBean); - - // you now can forward to some view, for example some results.jsp - request.getRequestDispatcher("demoapp.jsp").forward(request, response); - - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + + private static final long serialVersionUID = -2129228304760706063L; + + private void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + final ApplicationBean bean = new ApplicationBean(); + + log.debug("Receive request on secure-area endpoint ..."); + + final String method = request.getMethod(); + final HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + bean.setErrorMessage("NO HTTP session"); + setAnser(request, response, bean); + return; + } + + try { + final Configuration config = Configuration.getInstance(); + Response samlResponse = null; + + if (method.equals("GET")) { + log.debug("Find possible SAML2 Redirect-Binding response ..."); + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + messageContext.setMetadataProvider(config.getMetaDataProvier()); + + final MetadataCredentialResolver resolver = new MetadataCredentialResolver(config + .getMetaDataProvier()); + final List keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + final ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( + resolver, keyInfoResolver); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + engine); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy); + messageContext.setSecurityPolicyResolver(resolver1); + + decode.decode(messageContext); + + log.info("PVP2 Assertion with Redirect-Binding is valid"); + + } else if (method.equals("POST")) { + log.debug("Find possible SAML2 Post-Binding response ..."); + // Decode with HttpPost Binding + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + samlResponse = (Response) messageContext.getInboundMessage(); + + final Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + bean.setErrorMessage("Only http POST Requests can be used"); + setAnser(request, response, bean); + return; + } + + // Validate Signature + final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + profileValidator.validate(sign); + + // Verify Signature + final List keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory + .getFactory(); + final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config + .getMetaDataProvier()); + + final CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine( + credentialResolver, keyInfoResolver); + trustEngine.validate(sign, criteriaSet); + + log.info("PVP2 Assertion with POST-Binding is valid"); + + } else { + bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); + setAnser(request, response, bean); + return; + + } + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + final List saml2assertions = + new ArrayList<>(); + + // check encrypted Assertion + final List encryAssertionList = samlResponse.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + // decrypt assertions + + log.debug("Found encryped assertion. Start decryption ..."); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + + final StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver()); + + final Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (final EncryptedAssertion encAssertion : encryAssertionList) { + final Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion); + samlResponse.getAssertions().add(decryptedAssertion); + log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument( + decryptedAssertion))); + + } + + log.debug("Assertion decryption finished. "); + + } else { + log.debug("Assertiojn is not encryted. Use it as it is"); + + } + + // set assertion + final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + final String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + String principleId = null; + String givenName = null; + String familyName = null; + String birthday = null; + + log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption"); + + for (final org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) { + + try { + principleId = saml2assertion.getSubject().getNameID().getValue(); + + } catch (final Exception e) { + log.warn("Can not read SubjectNameId", e); + } + + // loop through the nodes to get what we want + final List attributeStatements = saml2assertion.getAttributeStatements(); + for (final AttributeStatement attributeStatement : attributeStatements) { + final List attributes = attributeStatement.getAttributes(); + for (final Attribute attribute : attributes) { + + final String strAttributeName = attribute.getName(); + + log.debug("Find attribute with name: " + strAttributeName + " and value: " + + attribute.getAttributeValues().get(0).getDOM().getNodeValue()); + + if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { + familyName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { + givenName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { + birthday = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.BPK_NAME)) { + principleId = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + } + } + request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, + saml2assertion.getSubject().getNameID().getFormat()); + request.getSession().setAttribute(Constants.SESSION_NAMEID, + saml2assertion.getSubject().getNameID().getValue()); + + } + + bean.setPrincipleId(principleId); + bean.setDateOfBirth(birthday); + bean.setFamilyName(familyName); + bean.setGivenName(givenName); + bean.setLogin(true); + + setAnser(request, response, bean); + return; + + } else { + bean.setErrorMessage( + "Der Anmeldevorgang wurde abgebrochen.
Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion."); + setAnser(request, response, bean); + return; + + } + + } catch (final Exception e) { + log.warn(e.getMessage(), e); + bean.setErrorMessage("Internal Error: " + e.getMessage()); + setAnser(request, response, bean); + return; + } + + } + + private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) + throws ServletException, IOException { + // store bean in session + request.setAttribute("answers", answersBean); + + // you now can forward to some view, for example some results.jsp + request.getRequestDispatcher("demoapp.jsp").forward(request, response); + + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java index bac3e1949..1b0eb35c9 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java @@ -90,241 +90,240 @@ import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +public class Index extends HttpServlet { + private static final long serialVersionUID = -2129228304760706063L; + private static final Logger log = LoggerFactory + .getLogger(Index.class); -public class Index extends HttpServlet { + private void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + final ApplicationBean bean = new ApplicationBean(); + + final String method = request.getMethod(); + final HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + bean.setErrorMessage("NO HTTP session"); + setAnser(request, response, bean); + return; + } + + if (method.equals("GET")) { + try { + final Configuration config = Configuration.getInstance(); + + // Decode with HttpPost Binding + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + final BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + decode.decode(messageContext); + + messageContext.setMetadataProvider(config.getMetaDataProvier()); + final CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory + .getFactory(); + final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config + .getMetaDataProvier()); + + // Verify Signature + final List keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine( + credentialResolver, keyInfoResolver); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + trustEngine); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setSecurityPolicyResolver(resolver); + + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + signatureRule.evaluate(messageContext); + + final SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage(); + + log.info("PVP2 statusrequest or statusresponse is valid"); + + if (samlResponse instanceof LogoutResponse) { + + final LogoutResponse sloResp = (LogoutResponse) samlResponse; + + // set assertion + final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + final String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden."); + + setAnser(request, response, bean); + return; + + } else { + bean.setErrorMessage( + "Der Single Log-Out Vorgang war nicht erfolgreich.
Bitte schließen Sie aus sicherheitsgründen den Browser!"); + setAnser(request, response, bean); + return; + + } + + } else if (samlResponse instanceof LogoutRequest) { + // invalidate user session + request.getSession().invalidate(); + + // build LogOutResponse + final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloResp.setID(gen.generateIdentifier()); + sloResp.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloResp.setIssuer(issuer); + + final Status status = SAML2Utils.createSAMLObject(Status.class); + sloResp.setStatus(status); + final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(StatusCode.SUCCESS_URI); + status.setStatusCode(statusCode); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } + } + sloResp.setDestination(redirectEndpoint.getLocation()); + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + sloResp.setSignature(signer); + + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation()); + + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(sloResp); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(messageContext.getRelayState()); + + encoder.encode(context); + + } else { + bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response"); + setAnser(request, response, bean); + return; + + } + + } catch (final Exception e) { + log.warn("Internal error", e); + bean.setErrorMessage("Internal Error: " + e.getMessage()); + setAnser(request, response, bean); + return; + } + + } else { + bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); + setAnser(request, response, bean); + return; + + } + } + + private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) + throws ServletException, IOException { + // store bean in session + request.setAttribute("answers", answersBean); + + // you now can forward to some view, for example some results.jsp + request.getRequestDispatcher("demoapp.jsp").forward(request, response); + + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } - private static final long serialVersionUID = -2129228304760706063L; - private static final Logger log = LoggerFactory - .getLogger(Index.class); - - - private void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - - ApplicationBean bean = new ApplicationBean(); - - - String method = request.getMethod(); - HttpSession session = request.getSession(); - if (session == null) { - log.info("NO HTTP Session"); - bean.setErrorMessage("NO HTTP session"); - setAnser(request, response, bean); - return; - } - - if (method.equals("GET")) { - try { - Configuration config = Configuration.getInstance(); - - //Decode with HttpPost Binding - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(request)); - - decode.decode(messageContext); - - messageContext.setMetadataProvider(config.getMetaDataProvier()); - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); - criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); - criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); - - MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); - MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); - - //Verify Signature - List keyInfoProvider = new ArrayList(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - - ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); - - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - trustEngine); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setSecurityPolicyResolver(resolver); - - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - - signatureRule.evaluate(messageContext); - - SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage(); - - - - log.info("PVP2 statusrequest or statusresponse is valid"); - - - if (samlResponse instanceof LogoutResponse) { - - LogoutResponse sloResp = (LogoutResponse) samlResponse; - - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - - if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden."); - - setAnser(request, response, bean); - return; - - } else { - bean.setErrorMessage("Der Single Log-Out Vorgang war nicht erfolgreich.
Bitte schließen Sie aus sicherheitsgründen den Browser!"); - setAnser(request, response, bean); - return; - - } - - } else if (samlResponse instanceof LogoutRequest) { - //invalidate user session - request.getSession().invalidate(); - - //build LogOutResponse - LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloResp.setID(gen.generateIdentifier()); - sloResp.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloResp.setIssuer(issuer); - - Status status = SAML2Utils.createSAMLObject(Status.class); - sloResp.setStatus(status); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - statusCode.setValue(StatusCode.SUCCESS_URI); - status.setStatusCode(statusCode ); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - redirectEndpoint = sss; - } - } - sloResp.setDestination(redirectEndpoint.getLocation()); - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - sloResp.setSignature(signer); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(sloResp); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(messageContext.getRelayState()); - - encoder.encode(context); - - } else { - bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response"); - setAnser(request, response, bean); - return; - - } - - - } catch (Exception e) { - log.warn("Internal error", e); - bean.setErrorMessage("Internal Error: " + e.getMessage()); - setAnser(request, response, bean); - return; - } - - } else { - bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); - setAnser(request, response, bean); - return; - - } - } - - private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException { - // store bean in session - request.setAttribute("answers", answersBean); - - // you now can forward to some view, for example some results.jsp - request.getRequestDispatcher("demoapp.jsp").forward(request, response); - - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java index 9bd0ff2e3..49d7b2cc6 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java @@ -62,156 +62,158 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - /** * Servlet implementation class Authenticate */ public class SingleLogOut extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(SingleLogOut.class); - - /** - * @see HttpServlet#HttpServlet() - */ - public SingleLogOut() { - super(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - builder = factory.newDocumentBuilder(); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - } - } - - DocumentBuilder builder; - - - //generate AuthenticationRequest - protected void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - - Configuration config = Configuration.getInstance(); - config.initializePVP2Login(); - - String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT); - String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID); - - if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { - log.warn("No user information found. Single Log-Out not possible"); - throw new ServletException("No user information found. Single Log-Out not possible"); - - } else - log.info("Fount user information for user nameID: " + nameID - + " , nameIDFormat: " + nameIDFormat - + ". Build Single Log-Out request ..."); - - //invalidate local session - request.getSession().invalidate(); - - //build Single LogOut request - LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloReq.setID(gen.generateIdentifier()); - sloReq.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloReq.setIssuer(issuer); - - NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); - sloReq.setNameID(userNameID); - userNameID.setFormat(nameIDFormat); - userNameID.setValue(nameID); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - redirectEndpoint = sss; - } - } - sloReq.setDestination(redirectEndpoint.getLocation()); - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - sloReq.setSignature(signer); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response - , true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(redirectEndpoint.getLocation()); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(sloReq); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(SingleLogOut.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public SingleLogOut() { + super(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + } + } + + DocumentBuilder builder; + + // generate AuthenticationRequest + protected void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + + final Configuration config = Configuration.getInstance(); + config.initializePVP2Login(); + + final String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT); + final String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID); + + if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { + log.warn("No user information found. Single Log-Out not possible"); + throw new ServletException("No user information found. Single Log-Out not possible"); + + } else { + log.info("Fount user information for user nameID: " + nameID + + " , nameIDFormat: " + nameIDFormat + + ". Build Single Log-Out request ..."); + } + + // invalidate local session + request.getSession().invalidate(); + + // build Single LogOut request + final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloReq.setID(gen.generateIdentifier()); + sloReq.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloReq.setIssuer(issuer); + + final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); + sloReq.setNameID(userNameID); + userNameID.setFormat(nameIDFormat); + userNameID.setValue(nameID); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } + } + sloReq.setDestination(redirectEndpoint.getLocation()); + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + sloReq.setSignature(signer); + + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(sloReq); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index e8b194f3f..4314bd3fd 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -287,6 +287,10 @@ bcprov-jdk15on org.bouncycastle + + log4j + log4j +
@@ -321,7 +325,17 @@ test-jar tests 1.0.0 - test + test + + + log4j + log4j + + + org.slf4j + slf4j-log4j12 + + - 3.3.0 + 3.7.1
- - org.hibernate diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 4db2aa3ad..014759b5c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -12,12 +12,12 @@ org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 org.bouncycastle bcpkix-jdk15on - 1.52 + 1.70 diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index eabb1fc18..a83a065fa 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -237,14 +237,14 @@ org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 com.ibm.icu icu4j - 58.2 + 70.1 diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 6f9463710..15d129dcb 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -32,7 +32,6 @@ javax.servlet javax.servlet-api - 3.1.0 provided diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index a7a4dad1b..bed0ef11c 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -38,13 +38,13 @@ com.google.http-client google-http-client-jackson2 - 1.22.0 + 1.40.1 test com.google.oauth-client google-oauth-client-jetty - 1.22.0 + 1.32.1 test @@ -78,7 +78,6 @@ com.google.guava guava - 19.0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 1f7606e1d..4734bb3a6 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -53,18 +53,18 @@ com.google.code.gson gson - 2.8.2 + 2.8.9 org.bitbucket.b_c jose4j - 0.6.3 + 0.7.9 org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 759d9c838..6bf297a4e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -13,7 +13,6 @@ import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; -import org.apache.log4j.Logger; import org.jose4j.base64url.Base64Url; import com.google.gson.JsonElement; @@ -23,328 +22,347 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class SL20JSONExtractorUtils { - private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class); - - /** - * Extract String value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsString(); - else - return null; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); - - } - } - - /** - * Extract Boolean value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsBoolean(); - else - return defaultValue; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); - - } - } - - /** - * Extract JSONObject value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsJsonObject(); - else - return null; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); - - } - } - - /** - * Extract a List of String elements from a JSON element - * - * @param input - * @return - * @throws SLCommandoParserException - */ - public static List getListOfStringElements(JsonElement input) throws SLCommandoParserException { - List result = new ArrayList(); - if (input != null) { - if (input.isJsonArray()) { - Iterator arrayIterator = input.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - JsonElement next = arrayIterator.next(); - if (next.isJsonPrimitive()) - result.add(next.getAsString()); - } - - } else if (input.isJsonPrimitive()) { - result.add(input.getAsString()); - - } else { - log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); - throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); - - } - } - - return result; - } - - /** - * Extract Map of Key/Value pairs from a JSON Element - * - * @param input parent JSON object - * @param keyID KeyId of the child that should be parsed - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static Map getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonElement internal = getAndCheck(input, keyID, isRequired); - return getMapOfStringElements(internal); - - } - - /** - * Extract Map of Key/Value pairs from a JSON Element - * - * @param input - * @return - * @throws SLCommandoParserException - */ - public static Map getMapOfStringElements(JsonElement input) throws SLCommandoParserException { - Map result = new HashMap(); - - if (input != null) { - if (input.isJsonArray()) { - Iterator arrayIterator = input.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - JsonElement next = arrayIterator.next(); - Iterator> entry = next.getAsJsonObject().entrySet().iterator(); - entitySetToMap(result, entry); - - } - - } else if (input.isJsonObject()) { - Iterator> objectKeys = input.getAsJsonObject().entrySet().iterator(); - entitySetToMap(result, objectKeys); - - } else - throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); - - } - - return result; - } - - private static void entitySetToMap(Map result, Iterator> entry) { - while (entry.hasNext()) { - Entry el = entry.next(); - if (result.containsKey(el.getKey())) - log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); - - result.put(el.getKey(), el.getValue().getAsString()); - - } - - } - - - public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { - JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); - JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); - - if (result == null && encryptedResult == null) - throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); - - else if (encryptedResult == null && mustBeEncrypted) - throw new SLCommandoParserException("result MUST be signed."); - - else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { - try { - return decrypter.decryptPayload(encryptedResult.getAsString()); - - } catch (Exception e) { - log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); - if (!mustBeEncrypted) { - log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); - - //dummy code - try { - String[] signedPayload = encryptedResult.toString().split("\\."); - JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); - return payLoad; - - } catch (Exception e1) { - log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); - throw new SL20Exception(e.getMessage(), null, e); - - } - - } else - throw e; - - } - - } else if (result != null) { - return result; - - } else - throw new SLCommandoParserException("Internal build error"); - - - } - - /** - * Extract payLoad from generic transport container - * - * @param container - * @param joseTools - * @return - * @throws SLCommandoParserException - */ - public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception { - - JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); - JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); - - if (mustBeSigned && joseTools == null) - throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); - - if (sl20Payload == null && sl20SignedPayload == null) - throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); - - else if (sl20SignedPayload == null && mustBeSigned) - throw new SLCommandoParserException("payLoad MUST be signed."); - - else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { - return joseTools.validateSignature(sl20SignedPayload.getAsString()); - - } else if (sl20Payload != null) - return new VerificationResult(sl20Payload.getAsJsonObject()); - - else - throw new SLCommandoParserException("Internal build error"); - - - } - - - /** - * Extract generic transport container from httpResponse - * - * @param httpResp - * @return - * @throws SLCommandoParserException - */ - public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException { - try { - JsonObject sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 307) { - Header[] locationHeader = httpResp.getHeaders("Location"); - if (locationHeader == null) - throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); - - String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); - sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject(); - - } else if (httpResp.getStatusLine().getStatusCode() == 200) { - if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) - throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - } else if ( (httpResp.getStatusLine().getStatusCode() == 500) || - (httpResp.getStatusLine().getStatusCode() == 401) || - (httpResp.getStatusLine().getStatusCode() == 400) ) { - log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() - + ". Search for error message"); - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - - } else - throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); - - log.info("Find JSON object in http response"); - return sl20Resp; - - } catch (Exception e) { - throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); - - } - } - - private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { - if (resp != null && resp.getContent() != null) { - JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); - if (sl20Resp != null && sl20Resp.isJsonObject()) { - return sl20Resp.getAsJsonObject(); - - } else - throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); - - - } else - throw new SLCommandoParserException("Can NOT find content in http response"); - - } - - - private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonElement internal = input.get(keyID); - - if (internal == null && isRequired) - throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); - - return internal; - - } + + /** + * Extract String value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static String getStringValue(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsString(); + } else { + return null; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); + + } + } + + /** + * Extract Boolean value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, + boolean defaultValue) throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsBoolean(); + } else { + return defaultValue; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract JSONObject value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsJsonObject(); + } else { + return null; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract a List of String elements from a JSON element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static List getListOfStringElements(JsonElement input) throws SLCommandoParserException { + final List result = new ArrayList<>(); + if (input != null) { + if (input.isJsonArray()) { + final Iterator arrayIterator = input.getAsJsonArray().iterator(); + while (arrayIterator.hasNext()) { + final JsonElement next = arrayIterator.next(); + if (next.isJsonPrimitive()) { + result.add(next.getAsString()); + } + } + + } else if (input.isJsonPrimitive()) { + result.add(input.getAsString()); + + } else { + log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); + + } + } + + return result; + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static Map getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + return getMapOfStringElements(internal); + + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static Map getMapOfStringElements(JsonElement input) + throws SLCommandoParserException { + final Map result = new HashMap<>(); + + if (input != null) { + if (input.isJsonArray()) { + final Iterator arrayIterator = input.getAsJsonArray().iterator(); + while (arrayIterator.hasNext()) { + final JsonElement next = arrayIterator.next(); + final Iterator> entry = next.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, entry); + + } + + } else if (input.isJsonObject()) { + final Iterator> objectKeys = input.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, objectKeys); + + } else { + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); + } + + } + + return result; + } + + private static void entitySetToMap(Map result, Iterator> entry) { + while (entry.hasNext()) { + final Entry el = entry.next(); + if (result.containsKey(el.getKey())) { + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + } + + result.put(el.getKey(), el.getValue().getAsString()); + + } + + } + + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, + boolean mustBeEncrypted) throws SL20Exception { + final JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); + final JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + + if (result == null && encryptedResult == null) { + throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); + } else if (encryptedResult == null && mustBeEncrypted) { + throw new SLCommandoParserException("result MUST be signed."); + } else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { + try { + return decrypter.decryptPayload(encryptedResult.getAsString()); + + } catch (final Exception e) { + log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); + if (!mustBeEncrypted) { + log.warn( + "Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + + // dummy code + try { + final String[] signedPayload = encryptedResult.toString().split("\\."); + final JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode( + signedPayload[1]))); + return payLoad; + + } catch (final Exception e1) { + log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); + throw new SL20Exception(e.getMessage(), null, e); + + } + + } else { + throw e; + } + + } + + } else if (result != null) { + return result; + + } else { + throw new SLCommandoParserException("Internal build error"); + } + + } + + /** + * Extract payLoad from generic transport container + * + * @param container + * @param joseTools + * @return + * @throws SLCommandoParserException + */ + public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, + boolean mustBeSigned) throws SL20Exception { + + final JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); + final JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); + + if (mustBeSigned && joseTools == null) { + throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); + } + + if (sl20Payload == null && sl20SignedPayload == null) { + throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); + } else if (sl20SignedPayload == null && mustBeSigned) { + throw new SLCommandoParserException("payLoad MUST be signed."); + } else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { + return joseTools.validateSignature(sl20SignedPayload.getAsString()); + + } else if (sl20Payload != null) { + return new VerificationResult(sl20Payload.getAsJsonObject()); + } else { + throw new SLCommandoParserException("Internal build error"); + } + + } + + /** + * Extract generic transport container from httpResponse + * + * @param httpResp + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) + throws SLCommandoParserException { + try { + JsonObject sl20Resp = null; + if (httpResp.getStatusLine().getStatusCode() == 307) { + final Header[] locationHeader = httpResp.getHeaders("Location"); + if (locationHeader == null) { + throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); + } + + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0) + .getValue(); + sl20Resp = new JsonParser().parse(Base64Url.encode(sl20RespString.getBytes())).getAsJsonObject(); + + } else if (httpResp.getStatusLine().getStatusCode() == 200) { + if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp + .getEntity().getContentType().getValue()); + } + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else if (httpResp.getStatusLine().getStatusCode() == 500 || + httpResp.getStatusLine().getStatusCode() == 401 || + httpResp.getStatusLine().getStatusCode() == 400) { + log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + ". Search for error message"); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else { + throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine() + .getStatusCode()); + } + + log.info("Find JSON object in http response"); + return sl20Resp; + + } catch (final Exception e) { + throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); + + } + } + + private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + final JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); + if (sl20Resp != null && sl20Resp.isJsonObject()) { + return sl20Resp.getAsJsonObject(); + + } else { + throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); + } + + } else { + throw new SLCommandoParserException("Can NOT find content in http response"); + } + + } + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + final JsonElement internal = input.get(keyID); + + if (internal == null && isRequired) { + throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); + } + + return internal; + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index dbf91dccf..458eb3f85 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -36,14 +36,14 @@ org.bouncycastle bcprov-jdk15on - 1.52 + 1.70 org.bouncycastle bcpkix-jdk15on - 1.52 + 1.70 -- cgit v1.2.3 From 0e8975416c90c44b6b73add7a9b6e0cb2a7b49be Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 21 Sep 2021 16:12:27 +0200 Subject: change errorhandling in SSLTrustManager in case of an invalid file in truststore. --- .../egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'id') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index dd606ea18..4da6888a9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -156,8 +156,8 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { certList.add(cert); } catch (Exception e) { - Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath() - + " is not loadable, Reason: " + e.getMessage()); + Logger.warn("Can NOT import Certificate: " + certFile.getPath() + + " into SSLTrustManager. Reason: " + e.getMessage()); if (Logger.isDebugEnabled()) { try { @@ -171,13 +171,13 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { } } - throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e); + //throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e); } finally { if (fis != null) fis.close(); - } + } } // store acceptedServerCertificates -- cgit v1.2.3 From 2368c13ce76e0c1e543fc9cb3f41747625f0cadc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Dec 2021 10:20:58 +0100 Subject: update some more third-party libs --- id/moa-id-webgui/pom.xml | 173 +++++++++++---------- id/server/idserverlib/pom.xml | 4 + id/server/moa-id-commons/pom.xml | 5 + .../modules/moa-id-module-E-ID_connector/pom.xml | 8 +- 4 files changed, 106 insertions(+), 84 deletions(-) (limited to 'id') diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 7bc933703..8791ba3bb 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -1,92 +1,99 @@ - - - - MOA - id - 4.1.6-SNAPSHOT - - - 4.0.0 - MOA.id - moa-id-webgui - 1.0 - MOA-ID WebGUI Module - - - ${basedir}/../../repository - - - + + + + + MOA + id + 4.1.6-SNAPSHOT + + + 4.0.0 + MOA.id + moa-id-webgui + 1.0 + MOA-ID WebGUI Module + + + ${basedir}/../../repository + + + shibboleth.internet2.edu Internet2 https://apps.egiz.gv.at/shibboleth_nexus/ - - - src/main/java - - - maven-compiler-plugin - - 1.7 - 1.7 - - - - - - - - at.gv.egiz.components - egiz-configuration-meta-api - 0.3 - - - at.gv.egiz.components - egiz-spring-api - 0.1 - - - - MOA.id.server - moa-id-commons - - - hyperjaxb3-ejb-runtime - org.jvnet.hyperjaxb3 - - - - + + + src/main/java + + + maven-compiler-plugin + + 1.7 + 1.7 + + + + + + - org.apache.logging.log4j - log4j-slf4j-impl + at.gv.egiz.components + egiz-configuration-meta-api + 0.3 - - - org.opensaml - opensaml - - - org.slf4j - log4j-over-slf4j - - - - - org.opensaml - xmltooling - - - org.slf4j - log4j-over-slf4j - - - - - - - + + at.gv.egiz.components + egiz-spring-api + + + + MOA.id.server + moa-id-commons + + + hyperjaxb3-ejb-runtime + org.jvnet.hyperjaxb3 + + + + + + org.apache.commons + commons-collections4 + + + + org.apache.logging.log4j + log4j-slf4j-impl + + + + org.opensaml + opensaml + + + org.slf4j + log4j-over-slf4j + + + + + org.opensaml + xmltooling + + + org.slf4j + log4j-over-slf4j + + + + + + + \ No newline at end of file diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 4314bd3fd..ebdb70782 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -228,6 +228,10 @@ junit test + + commons-beanutils + commons-beanutils + - + + org.bouncycastle + bcprov-jdk15on + 1.70 + -- cgit v1.2.3 From 2b5d22176ff2483e6a682069ee09609dc5aa0a2b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Dec 2021 16:27:24 +0100 Subject: update default configuration --- id/server/data/deploy/conf/moa-id/moa-id.properties | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 0a579a53d..03640b252 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -226,6 +226,14 @@ modules.elga_mandate.request.sign.password=password modules.elga_mandate.response.encryption.alias=pvp_assertion modules.elga_mandate.response.encryption.password=password +######## EHVD Service module +modules.ehvd.enabled=false +#modules.ehvd.sp.1= +#modules.ehvd.sp.2= +modules.ehvd.service.url= +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ +modules.ehvd.role.pvp=EPI-GDA() + ######## SSO Interfederation client module ######## modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 modules.federatedAuth.keystore.password=password @@ -280,4 +288,4 @@ service.egovutil.szr.ssl.laxhostnameverification=false ## Additonal encryption keys can be added by add a ney configuration line, like ## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1') ######## -#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... \ No newline at end of file +#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... -- cgit v1.2.3 From 335060fb575f08e4cac68270745046a6cb369615 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Dec 2021 16:30:32 +0100 Subject: add release-notes for 4.1.6 and update history.txt --- id/history.txt | 2 +- id/readme_4.1.6.txt | 574 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 575 insertions(+), 1 deletion(-) create mode 100644 id/readme_4.1.6.txt (limited to 'id') diff --git a/id/history.txt b/id/history.txt index 46b13e6a5..4041d463a 100644 --- a/id/history.txt +++ b/id/history.txt @@ -2,6 +2,7 @@ Dieses Dokument zeigt die Ver Version MOA-ID Release 4.1.6: Änderungen seit Version MOA-ID 4.1.5 - Änderungen + - Erfordert mindestens Java 8 - Optionale Erweiterung für Gesundheitsanwendungen hinzugefügt - Update von Libraries > org.springframework 5.3.13.RELEASE @@ -24,7 +25,6 @@ Version MOA-ID Release 4.1.6: > iaik_jce_full 5.62_moa > moa-spss 3.1.4 - Version MOA-ID Release 4.1.5: Änderungen seit Version MOA-ID 4.1.4 - Änderungen - Anpassung der E-ID Proxy Implementierung an eine zusätzliche Anforderungen an das E-ID System diff --git a/id/readme_4.1.6.txt b/id/readme_4.1.6.txt new file mode 100644 index 000000000..15973c13d --- /dev/null +++ b/id/readme_4.1.6.txt @@ -0,0 +1,574 @@ +=============================================================================== +MOA ID Version Release 4.1.6 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 4.1.6 unterstützt MOA-ID nun wieder Authentifizierung mittels +Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum +zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis. +Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch +history.txt im gleichen Verzeichnis). + + - Änderungen + - Erfordert mindestens Java 8 + - Aktualisierung von Dritthersteller Bibliotheken + +Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen + Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader + im Tomcat Appliactionsserver kommen kann. + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend +übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter +nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist +ein Löschen der bestehenden Konfiguration nicht zwingend notwendig. +Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue +E-ID Proxy Authentifizierungsmodul hinzugefügt wurde. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x. + +............................................................................... +B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +6.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + > -Dhttp.nonProxyHosts= + +7. Neue Zertifikate für die Anbindung an das E-ID System +7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +7.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +7.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +7.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +8. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System +9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System +10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + eid_metadata + trustProfiles/EID_metadata + + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + + 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + + 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + eid_metadata + trustProfiles/EID_metadata + + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + + +12. Optionale Updates: +12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + + +............................................................................... +B.6 Durchführung eines Updates von Version < 3.0.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + -- cgit v1.2.3 From 595129ee21197f5c03bedb6369dda7ee62178d8d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Dec 2021 16:32:45 +0100 Subject: switch to next release version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-dummyAuth/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-ehvd_integration/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 90ec43a39..6da2d573f 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.6-RC1 + 4.1.6 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index d18f62795..3f08f2b2c 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.6-RC1 + 4.1.6 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index c6ddcdffa..199ac0370 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.6-RC1 + 4.1.6 MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 955f055a2..2158efd0f 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.6-RC1 + 4.1.6 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index f0073bddb..e501c68c3 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.6-RC1 + 4.1.6 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index fc21b4a2c..3129f4af7 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index e00efaa87..4048afeea 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index c9fd1d195..f32748f37 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 1aac6b397..aa27d464b 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index d35b62e20..ae87362da 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 04b999d40..081dae139 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index a879ed310..8df6c8028 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index c31b907fe..a92b31b8e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 824197950..a647ca6ed 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index 545f39be7..b6f49bba1 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 7388fae05..5115e25bb 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml index 96cff5dde..7c74bc95c 100644 --- a/id/server/modules/moa-id-module-dummyAuth/pom.xml +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-dummy-authenticatiuon ${moa-id-dummy-auth.version} diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 11aa9c09c..226245acf 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 1327a33a7..168278fd2 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-ehvd_integration ${moa-id-ehvd_integration.version} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 51b80a200..dddaab777 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 06e4983ee..9799c88cd 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 4d65efce2..8efe975c0 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 3aed208e4..9f173fb4e 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index d4183ab2e..b998bad05 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 2272559f6..c6e77de29 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index c84a11aae..0beb00edb 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6-RC1 + 4.1.6 moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 33db31267..2bd1bb87e 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.6-RC1 + 4.1.6 MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index 88529fed5..89d5428a2 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.6-RC1 + 4.1.6 4.0.0 -- cgit v1.2.3 From 0278635fdf6a524afd44aa5336c5a147b78546e0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Dec 2021 17:55:46 +0100 Subject: switch to next snapshot version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-dummyAuth/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-ehvd_integration/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 6da2d573f..988e38517 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.6 + 4.1.7-SNAPSHOT 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 3f08f2b2c..be4a82dfb 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.6 + 4.1.7-SNAPSHOT 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index 199ac0370..d5bef8942 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.6 + 4.1.7-SNAPSHOT MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 2158efd0f..08f04d0c0 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.6 + 4.1.7-SNAPSHOT 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index e501c68c3..43cb91ed3 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.6 + 4.1.7-SNAPSHOT 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 3129f4af7..0fbac9369 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 4048afeea..361cda9a8 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index f32748f37..3f21c17ba 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index aa27d464b..723ad1225 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index ae87362da..ed69118f1 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 081dae139..ca5916559 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index 8df6c8028..a9113475d 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index a92b31b8e..f1a2e4af7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index a647ca6ed..a3da881b8 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index b6f49bba1..f66674012 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 5115e25bb..8bd94942a 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml index 7c74bc95c..2d874db35 100644 --- a/id/server/modules/moa-id-module-dummyAuth/pom.xml +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-dummy-authenticatiuon ${moa-id-dummy-auth.version} diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 226245acf..6605944e5 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 168278fd2..519353d78 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-ehvd_integration ${moa-id-ehvd_integration.version} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index dddaab777..59891a9be 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 9799c88cd..5d84519e7 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 8efe975c0..80f1c29fa 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 9f173fb4e..5918ce729 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index b998bad05..11e0ce41a 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index c6e77de29..ae61ffca3 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 0beb00edb..07a20f89a 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.6 + 4.1.7-SNAPSHOT moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 2bd1bb87e..90d0729fe 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.6 + 4.1.7-SNAPSHOT MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index 89d5428a2..c6fa1f3f0 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.6 + 4.1.7-SNAPSHOT 4.0.0 -- cgit v1.2.3 From 67e60ddadd062dde4e6ecdf0ef0f574439eb280e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Dec 2021 17:56:40 +0100 Subject: update test dependencies to fix warnings during security checks --- id/moa-id-webgui/pom.xml | 5 +++++ .../modules/moa-id-module-ehvd_integration/pom.xml | 26 +++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) (limited to 'id') diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index be4a82dfb..491171770 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -62,6 +62,11 @@ + + org.springframework + spring-context + + org.apache.commons commons-collections4 diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 519353d78..a38ebea3d 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -35,6 +35,16 @@ provided + + org.apache.cxf + cxf-rt-frontend-jaxws + provided + + + org.apache.cxf + cxf-rt-transports-http + provided + org.springframework @@ -62,9 +72,19 @@ com.github.skjolber mockito-soap-cxf 1.2.0 - test + test - + + org.apache.cxf + cxf-rt-transports-http-jetty + test + + + org.apache.tomcat + tomcat-servlet-api + 9.0.56 + test +
@@ -72,7 +92,7 @@ org.apache.cxf cxf-codegen-plugin - 3.4.1 + 3.3.12 xerces -- cgit v1.2.3 From 84f2fe6eaebb2370c063eef22fbb463751d08026 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Dec 2021 08:20:27 +0100 Subject: update one more test dependency --- id/server/modules/moa-id-module-ehvd_integration/pom.xml | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'id') diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index a38ebea3d..e4b5338fc 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -80,6 +80,11 @@ test + org.apache.cxf + cxf-rt-rs-extension-providers + test + + org.apache.tomcat tomcat-servlet-api 9.0.56 -- cgit v1.2.3 From bc9c2cd35c6295ec49725c79e481b42a7d37fa1c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Dec 2021 08:24:42 +0100 Subject: add release notes and update history --- id/history.txt | 7 +- id/readme_4.1.7.txt | 574 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 579 insertions(+), 2 deletions(-) create mode 100644 id/readme_4.1.7.txt (limited to 'id') diff --git a/id/history.txt b/id/history.txt index 4041d463a..a5080670e 100644 --- a/id/history.txt +++ b/id/history.txt @@ -1,6 +1,6 @@ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf. -Version MOA-ID Release 4.1.6: Änderungen seit Version MOA-ID 4.1.5 +Version MOA-ID Release 4.1.7: Änderungen seit Version MOA-ID 4.1.5 - Änderungen - Erfordert mindestens Java 8 - Optionale Erweiterung für Gesundheitsanwendungen hinzugefügt @@ -11,7 +11,7 @@ Version MOA-ID Release 4.1.6: > redis.clients 3.7.1 > org.hibernate:hibernate-core 5.6.2.Final > commons-dbcp2 2.9.0 - > log4j 2.15.0 + > log4j 2.16.0 > com.google.guava 31.0.1-jre > org.apache.santuario.xmlsec 2.3.0 > org.apache.cxf 3.3.12 @@ -25,6 +25,9 @@ Version MOA-ID Release 4.1.6: > iaik_jce_full 5.62_moa > moa-spss 3.1.4 +Version MOA-ID Release 4.1.6: + - Diese Version war bereits für ein Release vorbereitet, wurde jedoch nicht offiziell veröffentlicht + Version MOA-ID Release 4.1.5: Änderungen seit Version MOA-ID 4.1.4 - Änderungen - Anpassung der E-ID Proxy Implementierung an eine zusätzliche Anforderungen an das E-ID System diff --git a/id/readme_4.1.7.txt b/id/readme_4.1.7.txt new file mode 100644 index 000000000..a39ad572b --- /dev/null +++ b/id/readme_4.1.7.txt @@ -0,0 +1,574 @@ +=============================================================================== +MOA ID Version Release 4.1.7 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 4.1.7 unterstützt MOA-ID nun wieder Authentifizierung mittels +Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum +zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis. +Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch +history.txt im gleichen Verzeichnis). + + - Änderungen + - Erfordert mindestens Java 8 + - Aktualisierung von Dritthersteller Bibliotheken + +Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen + Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader + im Tomcat Appliactionsserver kommen kann. + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend +übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter +nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist +ein Löschen der bestehenden Konfiguration nicht zwingend notwendig. +Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue +E-ID Proxy Authentifizierungsmodul hinzugefügt wurde. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x. + +............................................................................... +B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.7 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.7 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +6.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + > -Dhttp.nonProxyHosts= + +7. Neue Zertifikate für die Anbindung an das E-ID System +7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.7 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +7.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +7.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +7.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +8. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System +9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.7 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System +10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.7 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + eid_metadata + trustProfiles/EID_metadata + + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.7 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + + 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + + 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + eid_metadata + trustProfiles/EID_metadata + + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + + +12. Optionale Updates: +12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + + +............................................................................... +B.6 Durchführung eines Updates von Version < 3.0.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + -- cgit v1.2.3 From 8ebd4daefc9626248f788dcf5fd340b72a0ec1df Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Dec 2021 08:25:56 +0100 Subject: switch to next release version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-dummyAuth/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-ehvd_integration/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 988e38517..938e61b4c 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.7-SNAPSHOT + 4.1.7 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 491171770..53a83cef6 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.7-SNAPSHOT + 4.1.7 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index d5bef8942..4242e5189 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.7-SNAPSHOT + 4.1.7 MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 08f04d0c0..79b817f54 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.7-SNAPSHOT + 4.1.7 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index 43cb91ed3..f110b1c88 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.7-SNAPSHOT + 4.1.7 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 0fbac9369..d236f2b2c 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 361cda9a8..f35f0db2a 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 3f21c17ba..9e5a87653 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 723ad1225..30e6d8bb0 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index ed69118f1..9239ae710 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index ca5916559..1f1680f18 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index a9113475d..d6cad37fe 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index f1a2e4af7..3c3b72aad 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index a3da881b8..1aed3da2c 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index f66674012..ba6808005 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 8bd94942a..792c91b9e 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml index 2d874db35..58d339e14 100644 --- a/id/server/modules/moa-id-module-dummyAuth/pom.xml +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-dummy-authenticatiuon ${moa-id-dummy-auth.version} diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 6605944e5..148be2f46 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index e4b5338fc..9f3954bde 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-ehvd_integration ${moa-id-ehvd_integration.version} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 59891a9be..a940b80c9 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 5d84519e7..1be4ea5eb 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 80f1c29fa..55bc6f8db 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 5918ce729..68c5887e9 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 11e0ce41a..9504e695c 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index ae61ffca3..e68aa68a7 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 07a20f89a..5336a7a08 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7-SNAPSHOT + 4.1.7 moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 90d0729fe..9e43b5602 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.7-SNAPSHOT + 4.1.7 MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index c6fa1f3f0..ed50d71e3 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.7-SNAPSHOT + 4.1.7 4.0.0 -- cgit v1.2.3 From 43752e9eb9bdba0703bacd48dfdbba5190aec7b3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Dec 2021 09:35:30 +0100 Subject: switch to next snapshot version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-dummyAuth/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-ehvd_integration/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 938e61b4c..487470ce2 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.7 + 4.1.8-SNAPSHOT 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 53a83cef6..2106a84e3 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.7 + 4.1.8-SNAPSHOT 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index 4242e5189..60e9a0292 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.7 + 4.1.8-SNAPSHOT MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 79b817f54..a687401af 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.7 + 4.1.8-SNAPSHOT 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index f110b1c88..54c97bd23 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.7 + 4.1.8-SNAPSHOT 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index d236f2b2c..4d9433996 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index f35f0db2a..684ed38ee 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 9e5a87653..3b9ad82db 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 30e6d8bb0..446c11437 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index 9239ae710..c5055579d 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 1f1680f18..85deb3bc3 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index d6cad37fe..3ed24aa40 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 3c3b72aad..75be84014 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 1aed3da2c..2ad472cbe 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index ba6808005..a99a45e6e 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 792c91b9e..e61236e7f 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml index 58d339e14..d5a58f113 100644 --- a/id/server/modules/moa-id-module-dummyAuth/pom.xml +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-dummy-authenticatiuon ${moa-id-dummy-auth.version} diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 148be2f46..a6f5a2c83 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 9f3954bde..1ef6908c4 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-ehvd_integration ${moa-id-ehvd_integration.version} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index a940b80c9..13be03c0e 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 1be4ea5eb..38fe3bb14 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 55bc6f8db..1aeea25bb 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 68c5887e9..986729a66 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 9504e695c..748a1144a 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index e68aa68a7..552abc3a2 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 5336a7a08..dd5d6b707 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.7 + 4.1.8-SNAPSHOT moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 9e43b5602..a265c0486 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.7 + 4.1.8-SNAPSHOT MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index ed50d71e3..5ecb68a0d 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.7 + 4.1.8-SNAPSHOT 4.0.0 -- cgit v1.2.3 From 7f39aaa3d8633e9f05d2570c756e5e1fcac9b017 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Dec 2021 08:16:01 +0100 Subject: switch from log4j to logback --- id/ConfigWebTool/pom.xml | 8 +- id/ConfigWebTool/src/main/resources/logback.xml | 40 ++++++ id/moa-id-webgui/pom.xml | 5 - id/oa/pom.xml | 4 +- id/oa/src/main/resources/logback.xml | 30 +++++ id/server/auth-edu/pom.xml | 9 +- id/server/auth-edu/src/main/resources/logback.xml | 79 +++++++++++ id/server/auth-final/pom.xml | 4 + .../auth-final/src/main/resources/logback.xml | 100 ++++++++++++++ .../deploy/conf/moa-id-configuration/logback.xml | 40 ++++++ .../conf/moa-id-configuration/logback_config.xml | 71 ---------- id/server/data/deploy/conf/moa-id-oa/logback.xml | 30 +++++ id/server/data/deploy/conf/moa-id/log4j.properties | 62 --------- id/server/data/deploy/conf/moa-id/logback.xml | 79 +++++++++++ .../data/deploy/conf/moa-id/logback_config.xml | 105 --------------- id/server/data/deploy/tomcat/unix/tomcat-start.sh | 3 +- id/server/data/deploy/tomcat/win32/startTomcat.bat | 3 +- id/server/doc/handbook/install/install.html | 144 ++++++++++----------- id/server/moa-id-commons/pom.xml | 5 +- 19 files changed, 490 insertions(+), 331 deletions(-) create mode 100644 id/ConfigWebTool/src/main/resources/logback.xml create mode 100644 id/oa/src/main/resources/logback.xml create mode 100644 id/server/auth-edu/src/main/resources/logback.xml create mode 100644 id/server/auth-final/src/main/resources/logback.xml create mode 100644 id/server/data/deploy/conf/moa-id-configuration/logback.xml delete mode 100644 id/server/data/deploy/conf/moa-id-configuration/logback_config.xml create mode 100644 id/server/data/deploy/conf/moa-id-oa/logback.xml delete mode 100644 id/server/data/deploy/conf/moa-id/log4j.properties create mode 100644 id/server/data/deploy/conf/moa-id/logback.xml delete mode 100644 id/server/data/deploy/conf/moa-id/logback_config.xml (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 487470ce2..394a12e13 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -87,10 +87,10 @@ eaaf-core - - org.apache.logging.log4j - log4j-core - + + ch.qos.logback + logback-classic + MOA.id diff --git a/id/ConfigWebTool/src/main/resources/logback.xml b/id/ConfigWebTool/src/main/resources/logback.xml new file mode 100644 index 000000000..fc7508598 --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/logback.xml @@ -0,0 +1,40 @@ + + + + + ${catalina.base}/logs/moa-id-webgui.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id-webgui.log.%i.gz + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + + + + + + + + + + + + + + + + + + + + + diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 2106a84e3..e39516865 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -72,11 +72,6 @@ commons-collections4 - - org.apache.logging.log4j - log4j-slf4j-impl - - org.opensaml opensaml diff --git a/id/oa/pom.xml b/id/oa/pom.xml index a687401af..908cdb22f 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -99,8 +99,8 @@ slf4j-api - org.apache.logging.log4j - log4j-slf4j-impl + ch.qos.logback + logback-classic diff --git a/id/oa/src/main/resources/logback.xml b/id/oa/src/main/resources/logback.xml new file mode 100644 index 000000000..b94b7476a --- /dev/null +++ b/id/oa/src/main/resources/logback.xml @@ -0,0 +1,30 @@ + + + + + ${catalina.base}/logs/moa-demo-sp.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-demo-sp.%i.gz + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + + + + + + + + + + + diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 4d9433996..09e569ff0 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -230,8 +230,13 @@ MOA.id.server.modules - moa-id-module-ehvd_integration - + moa-id-module-ehvd_integration + + + + ch.qos.logback + logback-classic + + ${catalina.base}/logs/moa-id.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id.log.%i.gz + + + 10000KB + + + + + ${catalina.base}/logs/moa-spss.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-spss.log.%i.gz + + + 10000KB + + + + + ${catalina.base}/moa-id-reversion.log + + %5p | %d{ISO8601} | %t | %m%n + + + 9999 + ${catalina.base}/moa-id-reversion.log.%i.gz + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 684ed38ee..2ed05cad4 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -176,6 +176,10 @@ moa-id-module-ehvd_integration
+ + ch.qos.logback + logback-classic + diff --git a/id/server/auth-final/src/main/resources/logback.xml b/id/server/auth-final/src/main/resources/logback.xml new file mode 100644 index 000000000..e5394d87a --- /dev/null +++ b/id/server/auth-final/src/main/resources/logback.xml @@ -0,0 +1,100 @@ + + + + + ${catalina.base}/logs/moa-id.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id.log.%i + + + 10000KB + + + + + ${catalina.base}/logs/moa-spss.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-spss.log.%i + + + 10000KB + + + + + ${catalina.base}/logs/moa-id-webgui.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id-webgui.log.%i + + + 10000KB + + + + + ${catalina.base}/moa-id-reversion.log + + %5p | %d{ISO8601} | %t | %m%n + + + 9999 + ${catalina.base}/moa-id-reversion.log.%i + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/data/deploy/conf/moa-id-configuration/logback.xml b/id/server/data/deploy/conf/moa-id-configuration/logback.xml new file mode 100644 index 000000000..fc7508598 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/logback.xml @@ -0,0 +1,40 @@ + + + + + ${catalina.base}/logs/moa-id-webgui.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id-webgui.log.%i.gz + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml b/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml deleted file mode 100644 index c00e62e52..000000000 --- a/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - - - - - - - - - - - - - ${catalina.base}/logs/moa-id.log - - %5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n - - - 1 - ${catalina.base}/logs/moa-id.log.%i - - - 10000KB - - - - - - - - ${catalina.base}/logs/moa-id-webgui.log - - %5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n - - - 1 - ${catalina.base}/logs/moa-id-webgui.log.%i - - - 10000KB - - - - - %5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/id/server/data/deploy/conf/moa-id-oa/logback.xml b/id/server/data/deploy/conf/moa-id-oa/logback.xml new file mode 100644 index 000000000..b94b7476a --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-oa/logback.xml @@ -0,0 +1,30 @@ + + + + + ${catalina.base}/logs/moa-demo-sp.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-demo-sp.%i.gz + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + + + + + + + + + + + diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties deleted file mode 100644 index 2914fcff1..000000000 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ /dev/null @@ -1,62 +0,0 @@ -# commons-logging setup -org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory - -# define log4j root loggers -log4j.rootLogger=warn,stdout - -### MOA-ID process log ### -log4j.logger.at.gv.egiz.eaaf=info,moaid -log4j.logger.at.gv.egovernment.moa.id=info,moaid -log4j.logger.at.gv.egovernment.moa.spss=info,moaid - -### process revision log with event-codes ### -log4j.logger.at.gv.egiz.eventlog.plain.all=info,reversion - -### Signature verification and certificate proofing #### -log4j.logger.at.gv.egovernment.moa.spss=info,moaspss -log4j.logger.iaik.server=info,moaspss -log4j.logger.pki=info,moaspss - -### ConfigTool Logs #### -log4j.logger.at.gv.egiz.components.configuration=info,CONFIGTOOL -log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL -log4j.logger.at.gv.egovernment.moa.id.config.webgui=info,CONFIGTOOL -log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL - - -### Log Appender #### -# configure the stdout appender -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n - -# configure the rolling file appender (moaid) -log4j.appender.moaid=org.apache.log4j.RollingFileAppender -log4j.appender.moaid.File=${catalina.base}/logs/moa-id.log -log4j.appender.moaid.MaxFileSize=10000KB -log4j.appender.moaid.MaxBackupIndex=1 -log4j.appender.moaid.layout=org.apache.log4j.PatternLayout -log4j.appender.moaid.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n - -# configure the rolling file appender (moaid) -log4j.appender.moaspss=org.apache.log4j.RollingFileAppender -log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log -log4j.appender.moaspss.MaxFileSize=10000KB -log4j.appender.moaspss.MaxBackupIndex=1 -log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout -log4j.appender.moaspss.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n - -log4j.appender.reversion=org.apache.log4j.RollingFileAppender -log4j.appender.reversion.File=${catalina.base}/moa-id-reversion.log -log4j.appender.reversion.MaxFileSize=10000KB -log4j.appender.reversion.MaxBackupIndex=9999 -log4j.appender.reversion.layout=org.apache.log4j.PatternLayout -log4j.appender.reversion.layout.ConversionPattern=%5p | %d{ISO8601} | %t | %m%n - -# configure the rolling file appender (configtool) -log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender -log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log -log4j.appender.CONFIGTOOL.MaxFileSize=10000KB -log4j.appender.CONFIGTOOL.MaxBackupIndex=1 -log4j.appender.CONFIGTOOL.layout=org.apache.log4j.PatternLayout -log4j.appender.CONFIGTOOL.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/logback.xml b/id/server/data/deploy/conf/moa-id/logback.xml new file mode 100644 index 000000000..3f0d54fe5 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/logback.xml @@ -0,0 +1,79 @@ + + + + + ${catalina.base}/logs/moa-id.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id.log.%i.gz + + + 10000KB + + + + + ${catalina.base}/logs/moa-spss.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-spss.log.%i.gz + + + 10000KB + + + + + ${catalina.base}/moa-id-reversion.log + + %5p | %d{ISO8601} | %t | %m%n + + + 9999 + ${catalina.base}/moa-id-reversion.log.%i.gz + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/data/deploy/conf/moa-id/logback_config.xml b/id/server/data/deploy/conf/moa-id/logback_config.xml deleted file mode 100644 index fa221fbc2..000000000 --- a/id/server/data/deploy/conf/moa-id/logback_config.xml +++ /dev/null @@ -1,105 +0,0 @@ - - - - - - - - - - - - - ${catalina.base}/logs/moa-id.log - - %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n - - - 1 - ${catalina.base}/logs/moa-id.log.%i - - - 10000KB - - - - - ${catalina.base}/logs/moa-spss.log - - %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n - - - 1 - ${catalina.base}/logs/moa-spss.log.%i - - - 10000KB - - - - - ${catalina.base}/logs/moa-id-webgui.log - - %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n - - - 1 - ${catalina.base}/logs/moa-id-webgui.log.%i - - - 10000KB - - - - - ${catalina.base}/moa-id-reversion.log - - %5p | %d{ISO8601} | %t | %m%n - - - 9999 - ${catalina.base}/moa-id-reversion.log.%i - - - 10000KB - - - - - %5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh index d717ecd25..0ad50ff0e 100644 --- a/id/server/data/deploy/tomcat/unix/tomcat-start.sh +++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh @@ -7,8 +7,7 @@ export CATALINA_BASE=$CATALINA_HOME FILE_ENCODING=-Dfile.encoding=UTF-8 RAND_FILE=-Djava.security.egd=file:///dev/urandom -LOGGING_OPT=-Dlog4j.configuration=file:$CATALINA_BASE/conf/moa-id/log4j.properties -LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback_config.xml +LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml CONFIG_OPT=-Dmoa.id.configuration=file:$CATALINA_BASE/conf/moa-id/moa-id.properties SPSS_OPT=-Dmoa.spss.server.configuration=$CATALINA_BASE/conf/moa-spss/SampleMOASPSSConfiguration.xml diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat index afdd907c8..93eb3ea80 100644 --- a/id/server/data/deploy/tomcat/win32/startTomcat.bat +++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat @@ -12,8 +12,7 @@ rem ---------------------------------------------------------------------------- set FILE_ENCODING=-Dfile.encoding=UTF-8 set RAND_FILE=-Djava.security.egd=file:///dev/urandom -set LOGGING_OPT=-Dlog4j.configuration=file:%CATALINA_HOME%/conf/moa-id/log4j.properties -set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/logback_config.xml +set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/logback.xml set CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=%CATALINA_HOME%/conf/moa-spss/SampleMOASPSSConfiguration.xml set CONFIG_OPT_ID=-Dmoa.id.configuration=file:%CATALINA_HOME%/conf/moa-id/moa-id.properties diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html index bcd802b75..4f9214cbd 100644 --- a/id/server/doc/handbook/install/install.html +++ b/id/server/doc/handbook/install/install.html @@ -7,7 +7,7 @@ - +
@@ -16,65 +16,65 @@
-

Installation

+

Installation

Inhalt

-
    -
  1. -

    MOA-ID-Auth und MOA-ID-Configuration

    -
      -
    1. Basisinstallation -
        -
      1. Einführung
      2. -
      3. Installation -
          -
        1. Vorbereitung
        2. -
        3. Konfiguration von Apache Tomcat -
            -
          1. Konfiguration des HTTP Connectors
          2. -
          3. Konfiguration des HTTPS Connectors
          4. -
          -
        4. +
            +
          1. +

            MOA-ID-Auth und MOA-ID-Configuration

            +
              +
            1. Basisinstallation +
                +
              1. Einführung
              2. +
              3. Installation +
                  +
                1. Vorbereitung
                2. +
                3. Konfiguration von Apache Tomcat +
                    +
                  1. Konfiguration des HTTP Connectors
                  2. +
                  3. Konfiguration des HTTPS Connectors
                  4. +
                  +
                4. Einsatz des Moduls MOA-ID-Auth in Tomcat
                5. -
                6. Einsatz des Moduls MOA-ID-Configuration in Tomcat
                7. -
                8. Starten und Stoppen von Tomcat -
                    -
                  1. Unter Windows
                  2. -
                  3. Unter Unix
                  4. -
                  5. Prüfen des erfolgreichen Starts
                  6. -
                  -
                9. -
                10. Änderung der Konfiguration im laufenden Betrieb
                11. -
                -
              4. -
              5. Logging -
                  -
                1. Format der Log-Meldungen
                2. -
                3. Wichtige Log-Meldungen
                4. -
                -
              6. -
              -
            2. -
            3. Erweiterungsmöglichkeiten
                -
              1. Vorgeschalteter Webserver
                  -
                1. Microsoft Internet Information Server (MS IIS)
                    -
                  1. Konfiguration von mod_jk im MS IIS
                  2. -
                  3. Konfiguration von Tomcat
                  4. -
                  5. Konfiguration von SSL
                  6. -
                  -
                2. -
                3. Apache
                    -
                  1. Konfiguration von mod_jk im Apache
                  2. -
                  3. Konfiguration von Tomcat
                  4. -
                  5. Konfiguration von SSL mit mod_SSL
                  6. -
                  -
                4. +
                5. Einsatz des Moduls MOA-ID-Configuration in Tomcat
                6. +
                7. Starten und Stoppen von Tomcat +
                    +
                  1. Unter Windows
                  2. +
                  3. Unter Unix
                  4. +
                  5. Prüfen des erfolgreichen Starts
                  6. +
                  +
                8. +
                9. Änderung der Konfiguration im laufenden Betrieb
                10. +
                +
              2. +
              3. Logging +
                  +
                1. Format der Log-Meldungen
                2. +
                3. Wichtige Log-Meldungen
                4. +
                +
              4. +
              +
            4. +
            5. Erweiterungsmöglichkeiten
                +
              1. Vorgeschalteter Webserver
                  +
                1. Microsoft Internet Information Server (MS IIS)
                    +
                  1. Konfiguration von mod_jk im MS IIS
                  2. +
                  3. Konfiguration von Tomcat
                  4. +
                  5. Konfiguration von SSL
                  6. +
                  +
                2. +
                3. Apache
                    +
                  1. Konfiguration von mod_jk im Apache
                  2. +
                  3. Konfiguration von Tomcat
                  4. +
                  5. Konfiguration von SSL mit mod_SSL
                  6. +
                  +
            6. -
            +
        -
          +
          1. Referenzierte Software

          1 Übersicht

          @@ -95,7 +95,7 @@
        1. Java SE Update SE 7 (neuestes Update) bzw. Java SE 8 (neuestes Update)
        2. Apache Tomcat 7 (neuestes Update) bzw. Apache Tomcat 8 (neuestes Update)
        3. -

          In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module können sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. Für den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgeführt werden. In beiden Fällen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt für beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration Log4j als Logging Toolkit verwenden.

          +

          In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module können sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. Für den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgeführt werden. In beiden Fällen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt für beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration LogBack als Logging Toolkit verwenden.

          2.1.2 Installation

          2.1.2.1 Vorbereitung

          Die folgenden Schritte dienen der Vorbereitung der Installation.

          @@ -108,9 +108,9 @@
          Entpacken Sie die Datei moa-id-auth-3.0.0.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_ID_AUTH_INST bezeichnet.
          Installation der Kryptographiebibliotheken von SIC/IAIK
          -

          Kopieren Sie alle Dateien aus dem Verzeichnis $MOA_ID_AUTH_INST/ext in das Verzeichnis $JAVA_HOME/jre/lib/ext. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden Unlimited Strength - - +

          Kopieren Sie alle Dateien aus dem Verzeichnis $MOA_ID_AUTH_INST/ext in das Verzeichnis $JAVA_HOME/jre/lib/ext. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden Unlimited Strength + + Jurisdiction Policy Files von der Java SE Downloadseite und achten Sie darauf die für ihre verwendete Java SE Installation richtige Version zu nehmen. Anschließend folgen Sie der darin enthaltenen Installationsanweisung.

          Installation einer Datenbank
          @@ -142,8 +142,7 @@
        4. moa.id.configuration: Pfad und Name der Basiskonfigurationsdatei für MOA-ID-Auth. Eine beispielhafte Konfigurationsdatei finden Sie hier. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der Java Virtual Machine interpretiert.
        5. moa.spss.server.configuration: Pfad und Name der zentralen Konfigurationsdatei für MOA SP/SS. Eine beispielhafte Konfigurationsdatei finden Sie hier. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der Java Virtual Machine interpretiert. Ist diese System Property nicht gesetzt, wird automatisch eine im Webarchiv unter WEB-INF/conf enthaltene Default-Konfiguration herangezogen.
        6. eu.stork.samlengine.config.location: Pfad auf den Ordner mit den zentralen Konfigurationsdateien für STORK. Die Beispielkonfiguration für das Modul MOA-ID-Auth enthält bereits den Ordner für die STORK Konfiguration.
        7. -
        8. log4j.configuration: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie hier. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der Java Virtual Machine interpretiert. Ist diese System Property nicht gesetzt, wird automatisch eine im Webarchiv unter WEB-INF/classes enthaltene Default-Konfiguration herangezogen.
        9. -
        10. -Dlogback.configurationFile: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie hier. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der Java Virtual Machine interpretiert. Ist diese System Property nicht gesetzt, wird automatisch eine im Webarchiv unter WEB-INF/classes enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (http://logback.qos.ch/translator/).
        11. +
        12. -Dlogback.configurationFile: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie hier. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der Java Virtual Machine interpretiert. Ist diese System Property nicht gesetzt, wird automatisch eine im Webarchiv unter WEB-INF/classes enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (http://logback.qos.ch/translator/).
        13. javax.net.ssl.trustStore: Pfad und Dateiname des Truststores für vertrauenswürdige SSL Zertifikate. Die SSL Serverzertifikate der Server von denen mittels https Dateien bezogen werden müssen im Truststore abgelegt werden. Ein relativer Pfad werden relativ zum Startverzeichnis der Java Virtual Machine interpretiert.
        14. javax.net.ssl.trustStorePassword: Passwort für den Truststore (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll).
        15. javax.net.ssl.trustStoreType: Truststore-Typ (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll). Je nach verwendetem Keystore-Typ muss jks (Java Key Store) oder pkcs12 (PKCS#12-Datei) angegeben werden.
        16. @@ -161,8 +160,7 @@
          • moa.id.webconfig: Pfad und Name der Basiskonfigurationsdatei für MOA-ID-Configuration. Eine beispielhafte Konfigurationsdatei finden Sie hier. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der Java Virtual Machine interpretiert.
          • user.properties: Pfad und Name der Basiskonfigurationsdatei für das Usermanagement der Konfigurationsoberfläche. Eine beispielhafte Konfigurationsdatei finden Sie hier. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der Java Virtual Machine interpretiert.
          • -
          • log4j.configuration: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie hier. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der Java Virtual Machine interpretiert. Ist diese System Property nicht gesetzt, wird automatisch eine im Webarchiv unter WEB-INF/classes enthaltene Default-Konfiguration herangezogen.
          • -
          • logback.configurationFile: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie hier. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der Java Virtual Machine interpretiert. Ist diese System Property nicht gesetzt, wird automatisch eine im Webarchiv unter WEB-INF/classes enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (http://logback.qos.ch/translator/).
          • +
          • logback.configurationFile: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie hier. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der Java Virtual Machine interpretiert. Ist diese System Property nicht gesetzt, wird automatisch eine im Webarchiv unter WEB-INF/classes enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (http://logback.qos.ch/translator/).
          • javax.net.ssl.trustStore: Pfad und Dateiname des Truststores für vertrauenswürdige SSL Zertifikate Die SSL Serverzertifikate der Server von denen mittels https Dateien bezogen werden müssen im Truststore abgelegt werden. Ein relativer Pfad werden relativ zum Startverzeichnis der Java Virtual Machine interpretiert.
          • javax.net.ssl.trustStorePassword: Passwort für den Truststore (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll).
          • javax.net.ssl.trustStoreType: Truststore-Typ (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll). Je nach verwendetem Keystore-Typ muss jks (Java Key Store) oder pkcs12 (PKCS#12-Datei) angegeben werden.
          • @@ -186,7 +184,7 @@ gestartet werden. Das Stoppen von Tomcat erfolgt analog mit

            Ein erfolgreicher Start des MOA-ID-Auth Modules ist an folgender Log-Meldung ersichtlich:

-
32131 [localhost-startStop-1] INFO moa.id.auth  - MOA ID Authentisierung wurde erfolgreich gestartet 
+
32131 [localhost-startStop-1] INFO moa.id.auth  - MOA ID Authentisierung wurde erfolgreich gestartet
 32131 [localhost-startStop-1] INFO moa.id.auth  - Dispatcher Servlet initialization finished.

Analog bei MOA-ID-Configuration

INFO | 21 10:16:22 | localhost-startStop-1 | Loading config module: MOAIDConfigurationModul
@@ -202,7 +200,7 @@ https://<host>:<port>/moa-id-auth/ https://<host>:<port>/egiz-configuration-webapp/

Die Verfügbarkeit des Services können Sie einfach überprüfen, indem Sie die Endpunkte mit einem Web-Browser aufgerufen; dies sollte nach erfolgreichem Start zur Anzeige einer Informationsseite führen.

2.1.3 Logging
-

Beide Module verwenden Log4j für die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. Log4j bietet zahlreiche Konfigurationsmöglichkeiten, die ausführlich im Log4j Handbuch beschrieben sind. Unter anderem gibt es die Möglichkeit, folgende Einstellungen vorzunehmen: +

Beide Module verwenden LobBack für die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. LogBack bietet zahlreiche Konfigurationsmöglichkeiten, die ausführlich im LogBack Handbuch beschrieben sind. Unter anderem gibt es die Möglichkeit, folgende Einstellungen vorzunehmen:

  • Das verwendete Log-Level (DEBUG, INFO, WARN, ERROR, FATAL);

    @@ -228,16 +226,16 @@ https://<host>:<port>/egiz-configuration-webapp/
  • at.gv.egiz.eventlog.plain.all für alle Log-Meldungen aus dem MOA-ID EventLog zur Revisionssicherung

    -
  • +
  • iaik.server für alle Log-Meldungen aus den SIC/IAIK Kryptographie-Modulen.

-

Eine für beide Module passende Konfigurationsdatei für Log4j finden Sie hier. Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Dateien moa-id-auth.log und moa-id-configuration.log geschrieben.

+

Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Dateien moa-id-auth.log und moa-id-configuration.log geschrieben.

2.1.3.1 Format der Log-Meldungen
-

Anhand einer konkreten Log-Meldung wird das Format der MOA SP/SS Log-Meldungen erläutert:

+

Anhand einer konkreten Log-Meldung wird das Format der MOA-ID-Meldungen erläutert:

- INFO | 2017-09-18 10:29:22,904 | SID-7947921060553739539 | TID-4708232418268334030 | https://sso.demosp.at/handysignatur 
+ INFO | 2017-09-18 10:29:22,904 | SID-7947921060553739539 | TID-4708232418268334030 | https://sso.demosp.at/handysignatur
       | ajp-nio-28109-exec-7 | No SSO Session cookie found
 

Der Wert INFO besagt, dass die Log-Meldung im Log-Level INFO entstanden ist. Folgende Log-Levels existieren:

@@ -259,19 +257,19 @@ https://<host>:<port>/egiz-configuration-webapp/

Der nächste Wert 01 21:25:26,540 gibt den Zeitpunkt an, zu dem die Log-Meldung generiert wurde (in diesem Fall den 1. Tag im aktuellen Monat, sowie die genaue Uhrzeit).

-

Der Wert SID-7947921060553739539 bezeichnet die SessionID, welche diesem Request zugeordnet wurde. Eine SessionID ist innerhalb einer SSO auch über mehrere Authentifizierungsrequests eindeutig. Das Loggen der SessionID kann mittels %X{sessionId} in der log4j Konfiguration gesetzt werden

-

Der Wert TID-4708232418268334030 bezeichnet die TransactionsID, welche diesem Request zugeordnet wurde. Eine TransactionsID ist innerhalb eines Authentifizierungsrequests eindeutig. Das Loggen der TransactionsID kann mittels %X{transactionId} in der log4j Konfiguration gesetzt werden

-

Der Wert https://sso.demosp.at/handysignatur bezeichnet die Online Applikation (eindeutiger Identifier dieses Service Providers) für welchen dieser Authentifizierungsrequest durchgeführt wird. Das Loggen des OA Identifiers kann mittels %X{oaId} in der log4j Konfiguration gesetzt werden

+

Der Wert SID-7947921060553739539 bezeichnet die SessionID, welche diesem Request zugeordnet wurde. Eine SessionID ist innerhalb einer SSO auch über mehrere Authentifizierungsrequests eindeutig. Das Loggen der SessionID kann mittels %X{sessionId} in der LogBack Konfiguration gesetzt werden

+

Der Wert TID-4708232418268334030 bezeichnet die TransactionsID, welche diesem Request zugeordnet wurde. Eine TransactionsID ist innerhalb eines Authentifizierungsrequests eindeutig. Das Loggen der TransactionsID kann mittels %X{transactionId} in der LogBack Konfiguration gesetzt werden

+

Der Wert https://sso.demosp.at/handysignatur bezeichnet die Online Applikation (eindeutiger Identifier dieses Service Providers) für welchen dieser Authentifizierungsrequest durchgeführt wird. Das Loggen des OA Identifiers kann mittels %X{oaId} in der LogBack Konfiguration gesetzt werden

Der Wert ajp-nio-28109-exec-7 bezeichnet den Thread, von dem die Anfrage bearbeitet wird.

Der Rest der Zeile einer Log-Meldung ist der eigentliche Text, mit dem das System bestimmte Informationen anzeigt. Im Fehlerfall ist häufig ein Java Stack-Trace angefügt, der eine genauere Ursachen-Forschung ermöglicht.

2.1.3.2 Wichtige Log-Meldungen

Neben den im Abschnitt 2.1.2.4.3 beschriebenen Log-Meldungen, die anzeigen, ob das Service ordnungsgemäß gestartet wurde, geben nachfolgenden Log-Meldungen Aufschluss über die Abarbeitung von Anfragen.

Die Entgegennahme einer Anfrage wird angezeigt durch: - +

125690 [ajp-bio-129.27.142.119-38609-exec-1] INFO moa.id.auth  - REQUEST: /moa-id-auth/dispatcher
 125690 [ajp-bio-129.27.142.119-38609-exec-1] INFO moa.id.auth  - QUERY  : mod=id_pvp2x&action=Post&
-

Ein Fehler beim Abarbeiten der Anfrage wird angezeigt durch: +

Ein Fehler beim Abarbeiten der Anfrage wird angezeigt durch:

2435298 [ajp-bio-129.27.142.119-38609-exec-10] ERROR moa.id.auth  - Failed to generate a valid protocol request!

In diesem Fall gibt der mitgeloggte Stacktrace Auskunft über die Art des Fehlers.

@@ -318,7 +316,7 @@ https://<host>:<port>/egiz-configuration-webapp/ Java Standard Edition (Software Development Kit bzw. Java Runtime Environment) - Log4J + LogBack Logging Framework diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 446c11437..56af92d73 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -182,12 +182,11 @@ org.apache.logging.log4j - log4j-slf4j-impl + log4j-1.2-api - org.apache.logging.log4j - log4j-1.2-api + log4j-to-slf4j -- cgit v1.2.3 From dff7fe72c44f10ae0126d9bf328dd7090165f11f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Dec 2021 08:16:20 +0100 Subject: add new release informations and update history --- id/history.txt | 10 +- id/readme_4.2.0.txt | 594 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 601 insertions(+), 3 deletions(-) create mode 100644 id/readme_4.2.0.txt (limited to 'id') diff --git a/id/history.txt b/id/history.txt index a5080670e..3ccf7ab2d 100644 --- a/id/history.txt +++ b/id/history.txt @@ -1,9 +1,10 @@ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf. -Version MOA-ID Release 4.1.7: Änderungen seit Version MOA-ID 4.1.5 +Version MOA-ID Release 4.2.0: Änderungen seit Version MOA-ID 4.1.5 - Änderungen - - Erfordert mindestens Java 8 + - Erfordert mindestens Java 8 - Optionale Erweiterung für Gesundheitsanwendungen hinzugefügt + - Switch from log4j to logback - Update von Libraries > org.springframework 5.3.13.RELEASE > org.springframework.data.spring-data-jpa 2.6.0.RELEASE @@ -11,7 +12,7 @@ Version MOA-ID Release 4.1.7: > redis.clients 3.7.1 > org.hibernate:hibernate-core 5.6.2.Final > commons-dbcp2 2.9.0 - > log4j 2.16.0 + > log4j 2.17.0 > com.google.guava 31.0.1-jre > org.apache.santuario.xmlsec 2.3.0 > org.apache.cxf 3.3.12 @@ -25,6 +26,9 @@ Version MOA-ID Release 4.1.7: > iaik_jce_full 5.62_moa > moa-spss 3.1.4 +Version MOA-ID Release 4.1.7 + - Diese Version war bereits für ein Release vorbereitet, wurde jedoch nicht offiziell veröffentlicht + Version MOA-ID Release 4.1.6: - Diese Version war bereits für ein Release vorbereitet, wurde jedoch nicht offiziell veröffentlicht diff --git a/id/readme_4.2.0.txt b/id/readme_4.2.0.txt new file mode 100644 index 000000000..9e02a41d1 --- /dev/null +++ b/id/readme_4.2.0.txt @@ -0,0 +1,594 @@ +=============================================================================== +MOA ID Version Release 4.2.0 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 4.2.0 unterstützt MOA-ID nun wieder Authentifizierung mittels +Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum +zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis. +Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch +history.txt im gleichen Verzeichnis). + + - Änderungen + - Erfordert mindestens Java 8 + - Aktualisierung von Dritthersteller Bibliotheken + - Wechsel von log4j auf logback + +Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen + Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader + im Tomcat Appliactionsserver kommen kann. + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend +übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter +nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist +ein Löschen der bestehenden Konfiguration nicht zwingend notwendig. +Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue +E-ID Proxy Authentifizierungsmodul hinzugefügt wurde. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x. + +............................................................................... +B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.2.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +7. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.2.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +6.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + > -Dhttp.nonProxyHosts= +6.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +7. Neue Zertifikate für die Anbindung an das E-ID System +7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.2.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +7.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +7.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +7.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +7.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +8. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System +9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.2.0 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +9. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System +10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.2.0 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + eid_metadata + trustProfiles/EID_metadata + + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.2.0 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + + 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + + 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + eid_metadata + trustProfiles/EID_metadata + + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + + +12. Optionale Updates: +12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + + +............................................................................... +B.6 Durchführung eines Updates von Version < 3.0.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + -- cgit v1.2.3 From 81df147ba8fbc6d2772d0ccd23b329683c625469 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Dec 2021 08:18:38 +0100 Subject: switch to next release-candidate version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-dummyAuth/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-ehvd_integration/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 394a12e13..6929f3e5f 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.8-SNAPSHOT + 4.2.0-RC1 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index e39516865..0dbc62d02 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.8-SNAPSHOT + 4.2.0-RC1 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index 60e9a0292..7dc1464ed 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.8-SNAPSHOT + 4.2.0-RC1 MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 908cdb22f..6864bbc89 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.8-SNAPSHOT + 4.2.0-RC1 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index 54c97bd23..de40ecf92 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.8-SNAPSHOT + 4.2.0-RC1 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 09e569ff0..382e85c67 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 2ed05cad4..9acced17d 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 3b9ad82db..54b40d28a 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 56af92d73..2702a9b4d 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index c5055579d..af8b4ca06 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 85deb3bc3..3f6a4c3b9 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index 3ed24aa40..63da8b22f 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 75be84014..1a494f00d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 2ad472cbe..6c5872596 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index a99a45e6e..6a8f4a8e2 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index e61236e7f..02fa14877 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml index d5a58f113..482436703 100644 --- a/id/server/modules/moa-id-module-dummyAuth/pom.xml +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-dummy-authenticatiuon ${moa-id-dummy-auth.version} diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index a6f5a2c83..000ea8e75 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 1ef6908c4..536622157 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-ehvd_integration ${moa-id-ehvd_integration.version} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 13be03c0e..e2b60d1b7 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 38fe3bb14..502befc6c 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 1aeea25bb..3c33635c9 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 986729a66..465454041 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 748a1144a..39af193cb 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 552abc3a2..2dd6759a3 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index dd5d6b707..2070bc32b 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.8-SNAPSHOT + 4.2.0-RC1 moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index a265c0486..740572189 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.8-SNAPSHOT + 4.2.0-RC1 MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index 5ecb68a0d..e5b3e184e 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.8-SNAPSHOT + 4.2.0-RC1 4.0.0 -- cgit v1.2.3 From 1b05395596735848be093c2ec35ace78966f2910 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Dec 2021 08:55:35 +0100 Subject: add missing log4j API --- id/ConfigWebTool/pom.xml | 8 ++++++++ id/oa/pom.xml | 8 ++++++++ 2 files changed, 16 insertions(+) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 6929f3e5f..bc81d09ef 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -87,6 +87,14 @@ eaaf-core + + org.apache.logging.log4j + log4j-1.2-api + + + org.apache.logging.log4j + log4j-to-slf4j + ch.qos.logback logback-classic diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 6864bbc89..dcdf7b5cd 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -99,6 +99,14 @@ slf4j-api + org.apache.logging.log4j + log4j-1.2-api + + + org.apache.logging.log4j + log4j-to-slf4j + + ch.qos.logback logback-classic -- cgit v1.2.3 From b8bad8ba6c5fa6e1a32296c63736fabd8e569195 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Dec 2021 10:51:58 +0100 Subject: update default logger configuration --- id/server/auth-edu/src/main/resources/logback.xml | 4 ++-- id/server/auth-final/src/main/resources/logback.xml | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'id') diff --git a/id/server/auth-edu/src/main/resources/logback.xml b/id/server/auth-edu/src/main/resources/logback.xml index 3f0d54fe5..582f6d44c 100644 --- a/id/server/auth-edu/src/main/resources/logback.xml +++ b/id/server/auth-edu/src/main/resources/logback.xml @@ -30,13 +30,13 @@ - ${catalina.base}/moa-id-reversion.log + ${catalina.base}/logs/moa-id-reversion.log %5p | %d{ISO8601} | %t | %m%n 9999 - ${catalina.base}/moa-id-reversion.log.%i.gz + ${catalina.base}/logs/moa-id-reversion.log.%i.gz 10000KB diff --git a/id/server/auth-final/src/main/resources/logback.xml b/id/server/auth-final/src/main/resources/logback.xml index e5394d87a..0e86d3c68 100644 --- a/id/server/auth-final/src/main/resources/logback.xml +++ b/id/server/auth-final/src/main/resources/logback.xml @@ -8,7 +8,7 @@ 1 - ${catalina.base}/logs/moa-id.log.%i + ${catalina.base}/logs/moa-id.log.%i.gz 10000KB @@ -22,7 +22,7 @@ 1 - ${catalina.base}/logs/moa-spss.log.%i + ${catalina.base}/logs/moa-spss.log.%i.gz 10000KB @@ -36,7 +36,7 @@ 1 - ${catalina.base}/logs/moa-id-webgui.log.%i + ${catalina.base}/logs/moa-id-webgui.log.%i.gz 10000KB @@ -44,13 +44,13 @@ - ${catalina.base}/moa-id-reversion.log + ${catalina.base}/logs/moa-id-reversion.log %5p | %d{ISO8601} | %t | %m%n 9999 - ${catalina.base}/moa-id-reversion.log.%i + ${catalina.base}/logs/moa-id-reversion.log.%i.gz 10000KB -- cgit v1.2.3 From 6c7d67a24f1228d254d33571fee86bcfd04a3c78 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Dec 2021 10:52:09 +0100 Subject: update history file --- id/history.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'id') diff --git a/id/history.txt b/id/history.txt index 3ccf7ab2d..116cd4b2e 100644 --- a/id/history.txt +++ b/id/history.txt @@ -13,6 +13,7 @@ Version MOA-ID Release 4.2.0: > org.hibernate:hibernate-core 5.6.2.Final > commons-dbcp2 2.9.0 > log4j 2.17.0 + > logback 1.2.9 > com.google.guava 31.0.1-jre > org.apache.santuario.xmlsec 2.3.0 > org.apache.cxf 3.3.12 -- cgit v1.2.3 From 600369d4ffa753716a9572824de7a96a04cb05a7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Dec 2021 10:58:20 +0100 Subject: switch to next release version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-dummyAuth/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-ehvd_integration/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index bc81d09ef..04a97270d 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.2.0-RC1 + 4.2.0 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 0dbc62d02..8752e2d8c 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.2.0-RC1 + 4.2.0 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index 7dc1464ed..2ea7d35ad 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.2.0-RC1 + 4.2.0 MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index dcdf7b5cd..658dab494 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.2.0-RC1 + 4.2.0 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index de40ecf92..95dd3a3f5 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.2.0-RC1 + 4.2.0 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 382e85c67..53cbacedf 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 9acced17d..e83448eec 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 54b40d28a..995d15476 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 2702a9b4d..1cb2db257 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index af8b4ca06..b0dac8718 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 3f6a4c3b9..293ff0b77 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index 63da8b22f..fb638a2c6 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 1a494f00d..b5d99d53d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 6c5872596..8ae8c9a63 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index 6a8f4a8e2..ac08879d3 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 02fa14877..a190c861a 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml index 482436703..7b7e2d77e 100644 --- a/id/server/modules/moa-id-module-dummyAuth/pom.xml +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-dummy-authenticatiuon ${moa-id-dummy-auth.version} diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 000ea8e75..fc73206a7 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml index 536622157..15edb681e 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/pom.xml +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -6,7 +6,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-ehvd_integration ${moa-id-ehvd_integration.version} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index e2b60d1b7..41da7ff51 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 502befc6c..f9ff3333b 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 3c33635c9..d3a2cc94e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 465454041..70db729e1 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 39af193cb..4e72ede0c 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 2dd6759a3..a05794be6 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 2070bc32b..cd9c1087e 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.2.0-RC1 + 4.2.0 moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 740572189..7fd7107e9 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.2.0-RC1 + 4.2.0 MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index e5b3e184e..8e9d1a14c 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.2.0-RC1 + 4.2.0 4.0.0 -- cgit v1.2.3