/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.configuration.data.oa; import java.io.File; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.SerializationUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BPKDecryption; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.EncBPKInformation; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils; import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.util.MiscUtil; import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ @Slf4j public class OABPKEncryption implements IOnlineApplicationData { private static final String MODULENAME = "bPKEncryptionDecryption"; private String keyStorePassword = null; private String keyAlias = null; private String keyPassword = null; private Map keyStoreForm = new HashMap<>(); private List keyStoreFileUpload = null; private List keyStoreFileUploadContentType = null; private List keyStoreFileUploadFileName = new ArrayList<>(); private boolean deletekeyStore = false; private boolean validationError = false; /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName * () */ @Override public String getName() { // TODO Auto-generated method stub return MODULENAME; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, * javax.servlet.http.HttpServletRequest) */ @Override public List parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { final AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); if (oaAuth != null) { final EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); if (bPKEncDec != null) { final BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); if (bPKDec != null) { keyAlias = bPKDec.getKeyAlias(); if (bPKDec.getKeyStoreFileName() != null) { keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); } } } } return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, * javax.servlet.http.HttpServletRequest) */ @Override public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); if (oaAuth == null) { oaAuth = new AuthComponentOA(); dbOA.setAuthComponentOA(oaAuth); } EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); if (bPKEncDec == null) { bPKEncDec = new EncBPKInformation(); oaAuth.setEncBPKInformation(bPKEncDec); } BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); if (bPKDec == null) { bPKDec = new BPKDecryption(); bPKEncDec.setBPKDecryption(bPKDec); } if (isDeletekeyStore()) { bPKDec.setIv(null); bPKDec.setKeyAlias(null); bPKDec.setKeyInformation(null); bPKDec.setKeyStoreFileName(null); } final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); if (keyStoreForm != null && keyStoreForm.size() > 0) { keyInfo.setKeyAlias(keyAlias); keyInfo.setKeyPassword(keyPassword); keyInfo.setKeyStorePassword(keyStorePassword); final Iterator interator = keyStoreForm.keySet().iterator(); bPKDec.setKeyStoreFileName(interator.next()); bPKDec.setKeyAlias(keyAlias); keyInfo.setKeyStore(keyStoreForm.get( bPKDec.getKeyStoreFileName())); // encrypt key information final byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); try { final EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); bPKDec.setIv(encryptkeyInfo.getIv()); bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); } catch (final BuildException e) { log.error("Configuration encryption FAILED.", e); return LanguageHelper.getErrorString("error.general.text", request); } } request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); return null; } /* * (non-Javadoc) * * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, * javax.servlet.http.HttpServletRequest) */ @Override public List validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request) { final HttpSession session = request.getSession(); final List errors = new ArrayList<>(); String check = null; final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); // validate BKU-selection template final List templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName(), getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); if (templateError != null && templateError.size() == 0) { if (keyStoreForm != null && keyStoreForm.size() > 0) { session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); } else { keyStoreForm = (Map) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); } } else { errors.addAll(templateError); } if (keyStoreForm != null && keyStoreForm.size() > 0) { check = getKeyStorePassword(); if (MiscUtil.isEmpty(check)) { log.info("bPK decryption keystore password is empty"); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = getKeyAlias(); if (MiscUtil.isEmpty(check)) { log.info("bPK decryption key alias is empty"); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("bPK decryption key alias contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = getKeyPassword(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("bPK decryption key password contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); keyInfo.setKeyAlias(keyAlias); keyInfo.setKeyPassword(keyPassword); keyInfo.setKeyStorePassword(keyStorePassword); final Iterator interator = keyStoreForm.keySet().iterator(); final String fileName = interator.next(); keyInfo.setKeyStore(keyStoreForm.get(fileName)); if (keyInfo.getPrivateKey() == null) { log.info("Open keyStore FAILED."); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); } } if (errors.size() > 0) { validationError = true; } return errors; } /** * @return the keyStorePassword */ public String getKeyStorePassword() { return keyStorePassword; } /** * @param keyStorePassword the keyStorePassword to set */ public void setKeyStorePassword(String keyStorePassword) { this.keyStorePassword = keyStorePassword; } /** * @return the keyAlias */ public String getKeyAlias() { return keyAlias; } /** * @param keyAlias the keyAlias to set */ public void setKeyAlias(String keyAlias) { this.keyAlias = keyAlias; } /** * @return the keyPassword */ public String getKeyPassword() { return keyPassword; } /** * @param keyPassword the keyPassword to set */ public void setKeyPassword(String keyPassword) { this.keyPassword = keyPassword; } /** * @return the keyStoreFileUpload */ public List getKeyStoreFileUpload() { return keyStoreFileUpload; } /** * @param keyStoreFileUpload the keyStoreFileUpload to set */ public void setKeyStoreFileUpload(List keyStoreFileUpload) { this.keyStoreFileUpload = keyStoreFileUpload; } /** * @return the keyStoreFileUploadContentType */ public List getKeyStoreFileUploadContentType() { return keyStoreFileUploadContentType; } /** * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set */ public void setKeyStoreFileUploadContentType( List keyStoreFileUploadContentType) { this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; } /** * @return the keyStoreFileUploadFileName */ public List getKeyStoreFileUploadFileName() { return keyStoreFileUploadFileName; } /** * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set */ public void setKeyStoreFileUploadFileName( List keyStoreFileUploadFileName) { this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; } /** * @return the deletekeyStore */ public boolean isDeletekeyStore() { return deletekeyStore; } /** * @param deletekeyStore the deletekeyStore to set */ public void setDeletekeyStore(boolean deletekeyStore) { this.deletekeyStore = deletekeyStore; } /** * @return the validationError */ public boolean isValidationError() { return validationError; } }