/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.moaconfig; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; import lombok.extern.slf4j.Slf4j; @Slf4j public class MOAConfigValidator { public List validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { final List errors = new ArrayList<>(); log.debug("Validate general MOA configuration"); String check = form.getSaml1SourceID(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("SAML1 SourceID contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getPublicURLPrefix(); if (MiscUtil.isNotEmpty(check)) { final String[] publicURLPreFix = check.split(","); if (form.isVirtualPublicURLPrefixEnabled()) { for (final String el : publicURLPreFix) { if (!ValidationHelper.validateURL( StringUtils.chomp(el.trim()))) { log.info("Public URL Prefix " + el + " is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[] { el }, request)); } } } else { if (!ValidationHelper.validateURL( StringUtils.chomp(publicURLPreFix[0].trim()))) { log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[] { publicURLPreFix[0] }, request)); } } } else { log.info("PublicURL Prefix is empty."); errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); } check = form.getTimeoutAssertion(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("Assertion Timeout is no number " + check); errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); } } check = form.getTimeoutMOASessionCreated(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("MOASessionCreated Timeout is no number " + check); errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); } } check = form.getTimeoutMOASessionUpdated(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("MOASessionUpdated Timeout is no number " + check); errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); } } // check = form.getCertStoreDirectory(); // if (MiscUtil.isNotEmpty(check)) { // if (ValidationHelper.isValidOAIdentifier(check)) { // log.warn("CertStoreDirectory contains potentail XSS characters: " + check); // errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", // new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); // } // } else { // log.info("CertStoreDirectory is empty."); // errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); // } check = form.getDefaultBKUHandy(); if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Handy-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); } } check = form.getDefaultBKULocal(); if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); } } check = form.getDefaultBKUOnline(); if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); } } // check = form.getDefaultchainigmode(); // if (MiscUtil.isEmpty(check)) { // log.info("Empty Defaultchainigmode"); // errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.empty", request)); // } else { // Map list = form.getChainigmodelist(); // if (!list.containsKey(check)) { // log.info("Not valid Defaultchainigmode " + check); // errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request)); // } // } check = form.getMandateURL(); if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { final String[] misURLs = check.split(","); for (final String el : misURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("Not valid Online-Mandate Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", new Object[] { el }, request)); } } } check = form.getElgaMandateServiceURL(); if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { final String[] elgaServiceURLs = check.split(","); for (final String el : elgaServiceURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("Not valid Online-Mandate Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", new Object[] { el }, request)); } } } check = form.getEidSystemServiceURL(); if (MiscUtil.isNotEmpty(check)) { final String[] eidServiceURLs = check.split(","); for (final String el : eidServiceURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("Not valid E-ID System Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", new Object[] { el }, request)); } } } check = form.getMoaspssAuthTransformations(); final List authtranslist = new ArrayList<>(); if (isMOAIDMode) { if (MiscUtil.isEmpty(check)) { log.info("Empty MoaspssAuthTransformation"); errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); } else { // is only required if more then one transformation is in use // check = StringHelper.formatText(check); // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); // int i=1; // for(String el : list) { // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { // log.info("IdentityLinkSigners is not valid: " + el); // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); // // } else { // if (MiscUtil.isNotEmpty(el.trim())) // authtranslist.add(el.trim()); // } // i++; // } authtranslist.add(check.trim()); } } form.setAuthTransformList(authtranslist); if (isMOAIDMode) { check = form.getMoaspssAuthTrustProfile(); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Authblock TrustProfile"); errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("Authblock TrustProfile is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getMoaspssIdlTrustProfile(); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("IdentityLink TrustProfile is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getMoaspssAuthTrustProfileTest(); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("Test-Authblock TrustProfile is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getMoaspssIdlTrustProfileTest(); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("Test-IdentityLink TrustProfile is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getMoaspssURL(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid MOA-SP/SS Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); } } } check = form.getPvp2IssuerName(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("PVP2 IssuerName is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getPvp2OrgDisplayName(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("PVP2 organisation display name is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getPvp2OrgName(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("PVP2 organisation name is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } check = form.getPvp2OrgURL(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("PVP2 organisation URL is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); } } // check = form.getPvp2PublicUrlPrefix(); // if (MiscUtil.isNotEmpty(check)) { // if (!ValidationHelper.validateURL(check)) { // log.info("PVP2 Service URL is not valid"); // errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid")); // } // } if (isMOAIDMode) { check = form.getSLRequestTemplateHandy(); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Handy-BKU"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Handy-BKU is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); } } check = form.getSLRequestTemplateLocal(); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate local BKU"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate local BKU is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); } } check = form.getSLRequestTemplateOnline(); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Online-BKU"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Online-BKU is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); } } check = form.getSsoFriendlyName(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("SSO friendlyname is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } } // check = form.getSsoIdentificationNumber(); // if (MiscUtil.isNotEmpty(check)) { // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { // log.info("SSO IdentificationNumber is not valid: " + check); // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); // } // } // check = form.getSsoPublicUrl(); // if (MiscUtil.isNotEmpty(check)) { // if (!ValidationHelper.validateURL(check)) { // log.info("SSO Public URL is not valid"); // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); // } // } check = form.getSsoSpecialText(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, true)) { log.info("SSO SpecialText is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); } } check = form.getSsoTarget(); if (MiscUtil.isEmpty(check)) { log.info("Empty SSO Target"); // errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", // request)); } else { if (!ValidationHelper.isValidAdminTarget(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("IdentificationNumber contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); } final String num = check.replaceAll(" ", ""); if (!(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))) { log.info("Not valid SSO Target"); errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); } } } check = form.getSzrgwURL(); if (MiscUtil.isNotEmpty(check)) { final String[] szrGWServiceURLs = check.split(","); for (final String el : szrGWServiceURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("Not valid Online-Mandate Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[] { el }, request)); } } } } check = form.getTrustedCACerts(); if (MiscUtil.isEmpty(check)) { log.info("Empty TrustCACerts Directory"); errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("Not valid TrustCACerts Directory"); errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); } } if (isMOAIDMode) { if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { final HashMap map = new HashMap<>(); for (int i = 0; i < form.getFileUploadFileName().size(); i++) { final String filename = form.getFileUploadFileName().get(i); if (MiscUtil.isNotEmpty(filename)) { if (ValidationHelper.containsNotValidCharacter(filename, false)) { log.info("SL Transformation Filename is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request)); } else { try { final File file = form.getFileUpload().get(i); final FileInputStream stream = new FileInputStream(file); map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); } catch (final IOException e) { log.info("SecurtiyLayerTransformation with FileName " + filename + " can not be loaded.", e); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", new Object[] { filename }, request)); } } } } form.setSecLayerTransformation(map); } else { if (form.getSecLayerTransformation() == null) { log.info("AuthBlock Transformation file is empty"); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); } } } final ContactForm contact = form.getPvp2Contact(); if (contact != null) { final PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); errors.addAll(pvp2validator.validate(contact, request)); } return errors; } }