/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; public class OAAuthenticationDataValidation { private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); public List validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { List errors = new ArrayList(); String check; //Check BKU URLs if (isAdmin) { check =form.getBkuHandyURL(); if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Handy-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); // // } else { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Handy-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); } } check =form.getBkuLocalURL(); if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Local-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); // // } else { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); } } check =form.getBkuOnlineURL(); if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Online-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); // // } else { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); } } } if (isAdmin) { //check KeyBoxIdentifier check = form.getKeyBoxIdentifier(); if (MiscUtil.isEmpty(check)) { log.info("Empty KeyBoxIdentifier"); errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); } else { Map list = form.getKeyBoxIdentifierList(); if (!list.containsKey(check)) { log.info("Not valid KeyBoxIdentifier " + check); errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); } } //check LegacyMode SLTemplates if (form.isLegacy()) { if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && MiscUtil.isEmpty(form.getSLTemplateURL2()) && MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { log.info("Empty OA-specific SecurityLayer Templates"); errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); } else { check = form.getSLTemplateURL1(); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("First OA-specific SecurityLayer Templates is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); } check = form.getSLTemplateURL2(); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("Second OA-specific SecurityLayer Templates is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); } check = form.getSLTemplateURL3(); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("Third OA-specific SecurityLayer Templates is not valid"); errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); } } } } //check Mandate Profiles check = form.getMandateProfiles(); if (MiscUtil.isNotEmpty(check)) { if (!form.isUseMandates()) { log.info("MandateProfiles configured but useMandates is false."); errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); } if (ValidationHelper.containsNotValidCharacter(check, true)) { log.warn("MandateProfiles contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); } } check =form.getMisServiceSelected(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid MIS Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", new Object[]{check}, request)); } } check =form.getElgaServiceSelected(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid ELGA Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", new Object[]{check}, request)); } } check =form.getSzrgwServiceSelected(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid SZR-GW Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{check}, request)); } } check =form.getEidServiceSelected(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid E-ID Service URL"); errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", new Object[]{check}, request)); } } if (form.isEnableTestCredentials() && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { for (String el : form.getTestCredialOIDList()) { if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) { log.warn("Test credential OID does not start with test credential root OID"); errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", new Object[] {el}, request )); } } } if (form.isSl20Active()) { if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { log.debug("Validate SL2.0 configuration ... "); List sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); if (sl20Endpoints.size() == 1) { String value = sl20Endpoints.get(0); if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { log.warn("SL2.0 endpoint '" + value + "' has wrong format"); errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[] {value}, request )); } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); } } else { boolean findDefault = false; for (String el : sl20Endpoints) { if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { log.warn("SL2.0 endpoint '" + el + "' has wrong format"); errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[] {el}, request )); } else { if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { log.debug("Find default endpoint."); findDefault = true; } else { String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; try { Integer.valueOf(firstPart); } catch (NumberFormatException e) { log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[] {el}, request )); } } } } if (!findDefault) { log.warn("SL2.0 endpoints contains NO default endpoint"); errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", new Object[] {}, request )); } } } } return errors; } }