/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.regex.Pattern; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator implements ITaskValidator { private static final Logger log = LoggerFactory.getLogger(GeneralMOAIDConfigurationTask.class); public static final List KEYWHITELIST; static { ArrayList temp = new ArrayList(); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_REVOCATIONCHECKING, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); KEYWHITELIST = Collections.unmodifiableList(temp); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override protected void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); //check all keys against key whitelist String check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("SAML1 SourceID contains potentail XSS characters: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, "SAML1 - SourceID", LanguageHelper.getErrorString("validation.general.SAML1SourceID", new Object[] {ValidationHelper.getNotValidCharacter(false)}))); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix())); String isVirtualIDPEnabled = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { String[] preFixList = check.split(","); if (isVirtualIDPEnabled != null && Boolean.valueOf(isVirtualIDPEnabled)) { for (String el : preFixList) { if (!ValidationHelper.validateURL(el.trim())) { log.info("Public URL Prefix is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, "Public URL Prefix", LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}))); } } } else { if (!ValidationHelper.validateURL( StringUtils.chomp(preFixList[0].trim()))) { log.info("Public URL Prefix " + preFixList[0] + " is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, "Public URL Prefix", LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{preFixList[0]}))); } } } else { log.info("PublicURL Prefix is empty."); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, "Public URL Prefix", LanguageHelper.getErrorString("validation.general.publicURLprefix.empty"))); } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("Assertion Timeout is no number " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, "Timeout - Transaction", LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("MOASessionCreated Timeout is no number " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, "Timeout - SSO created", LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("MOASessionUpdated Timeout is no number " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, "Timeout - SSO updated", LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); } } //INFO: CertStore directory is not required any more since version 3.2.0, because MOA-SPSS certstore is always used // check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix())); // if (MiscUtil.isNotEmpty(check)) { // if (ValidationHelper.isValidOAIdentifier(check)) { // log.warn("CertStoreDirectory contains potentail XSS characters: " + check); // errors.add(new ValidationObjectIdentifier( // MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, // "Certificate - CertStore Directory", // LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", // new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); // } // } else { // log.info("CertStoreDirectory is empty."); // errors.add(new ValidationObjectIdentifier( // MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, // "Certificate - CertStore Directory", // LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty"))); // } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Handy-BKU URL"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, "Default BKUs - Handy", LanguageHelper.getErrorString("validation.general.bku.handy.valid"))); } // } else { // log.info("Empty Handy-BKU URL"); // errors.add(new ValidationObjectIdentifier( // MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, // "Default BKUs - Handy", // LanguageHelper.getErrorString("validation.general.bku.handy.empty"))); } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, "Default BKUs - Local", LanguageHelper.getErrorString("validation.general.bku.local.valid"))); } // } else { // log.info("Empty Online-BKU URL"); // errors.add(new ValidationObjectIdentifier( // MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, // "Default BKUs - Local", // LanguageHelper.getErrorString("validation.general.bku.local.empty"))); } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD, "Default BKUs - Online", LanguageHelper.getErrorString("validation.general.bku.online.valid"))); } // } else { // log.info("Empty Online-BKU URL"); // errors.add(new ValidationObjectIdentifier( // MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE, // "Default BKUs - Online", // LanguageHelper.getErrorString("validation.general.bku.online.empty"))); } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { String[] misURLs = check.split(","); for (String el : misURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("Not valid Online-Mandate Service URL"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, "Services - OVS", LanguageHelper.getErrorString("validation.general.mandateservice.valid", new Object[]{el}))); } } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { String[] misURLs = check.split(","); for (String el : misURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("Not valid ELGA Mandate Service URL"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, "Services - ELGA", LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", new Object[]{el}))); } } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MoaspssAuthTransformation"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, "MOA-SP - AuthBlocktransformation", LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("IdentityLinkSigners is not valid: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, "MOA-SP - AuthBlocktransformationx", LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)} ))); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Authblock TrustProfile"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, "MOA-SP - TrustProfile AuthBlock", LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("Authblock TrustProfile is not valid: " +check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, "MOA-SP - TrustProfile AuthBlock", LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, "MOA-SP - TrustProfile IdL", LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("IdentityLink TrustProfile is not valid: " +check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, "MOA-SP - TrustProfile IdL", LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, "MOA-SP - Test-TrustProfile AuthBlock", LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("Authblock Test-TrustProfile is not valid: " +check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, "MOA-SP - Test-TrustProfile AuthBlock", LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, "MOA-SP - Test-TrustProfile IdL", LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("IdentityLink Test-TrustProfile is not valid: " +check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, "MOA-SP - Test-TrustProfile IdL", LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Handy-BKU"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, "Default SL-Templates - Handy", LanguageHelper.getErrorString("validation.general.slrequest.handy.empty"))); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Handy-BKU is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, "Default SL-Templates - ", LanguageHelper.getErrorString("validation.general.slrequest.handy.valid"))); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate local BKU"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, "Default SL-Templates - Local", LanguageHelper.getErrorString("validation.general.slrequest.local.empty"))); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate local BKU is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, "Default SL-Templates - Local", LanguageHelper.getErrorString("validation.general.slrequest.local.valid"))); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Online-BKU"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, "Default SL-Templates - Online ", LanguageHelper.getErrorString("validation.general.slrequest.online.empty"))); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Online-BKU is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, "Default SL-Templates - Online", LanguageHelper.getErrorString("validation.general.slrequest.online.valid"))); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("SSO friendlyname is not valid: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, "SSO - Servicename", LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, true)) { log.info("SSO SpecialText is not valid: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, "SSO - AuthBlocktext", LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", new Object[] {ValidationHelper.getNotValidCharacter(true)} ))); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SSO Target"); // errors.add(new ValidationObjectIdentifier( // MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, // "SSO - Target", // LanguageHelper.getErrorString("validation.general.sso.target.empty"))); } else { //TODO: maybe store full bPK target (incl. prefix) if (!ValidationHelper.isValidAdminTarget(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("IdentificationNumber contains potentail XSS characters: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, "SSO - Target", LanguageHelper.getErrorString("validation.general.sso.target.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}) )); } String num = check.replaceAll(" ", ""); boolean isSSOTargetValid = false; for (String allowedPrefix : MOAIDConfigurationConstants.ALLOWED_WBPK_PREFIXES) { if (num.startsWith(allowedPrefix)) { isSSOTargetValid = true; break; } } if (!isSSOTargetValid) { log.info("Not valid SSO Target"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, "SSO - Target", LanguageHelper.getErrorString("validation.general.sso.target.valid"))); } } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { String[] szrGWServiceURLs = check.split(","); for (String el : szrGWServiceURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("SZRGW URL is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, "Services - SZR-GW URL", LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{el}))); } } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty TrustCACerts Directory"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, "Certificate - TrustStore Directory", LanguageHelper.getErrorString("validation.general.trustedcacerts.empty"))); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("Not valid TrustCACerts Directory"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, "Certificate - TrustStore Directory", LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); } } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { log.info("AuthBlock Transformation file is empty"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, "AuthBlock - Transformation", LanguageHelper.getErrorString("validation.general.slrequest.file.empty"))); } if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) */ @Override public Map postProcessing(Map input, List keysToDelete, Configuration dbconfig) { Map newConfigValues = new HashMap(); String pubURLPrefix = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix())); String normalizedPubURLPrefix = KeyValueUtils.normalizeCSVValueString(pubURLPrefix); String[] normalizedPubURLPrefixList = normalizedPubURLPrefix.split(KeyValueUtils.CSV_DELIMITER); String modifiedPubURLPrefixCSV = null; for (String el : normalizedPubURLPrefixList) { String newPubURLPrefix = el; if(el.endsWith("/")) { int length = el.length(); newPubURLPrefix = el.substring(0, length-1); } if (modifiedPubURLPrefixCSV == null) modifiedPubURLPrefixCSV = newPubURLPrefix; else modifiedPubURLPrefixCSV += KeyValueUtils.CSV_DELIMITER + newPubURLPrefix; } if (!modifiedPubURLPrefixCSV.equals(pubURLPrefix)) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, modifiedPubURLPrefixCSV); log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX) + " to value: " + modifiedPubURLPrefixCSV); } String ssoTarget = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())); if (MiscUtil.isNotEmpty(ssoTarget)) { String newTarget = null; if (!ValidationHelper.isValidAdminTarget(ssoTarget)) { String num = ssoTarget.replaceAll(" ", ""); String pre = null; if (!num.startsWith(MOAIDConfigurationConstants.PREFIX_WPBK)) { //add wbPK prefix if (num.startsWith(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) { num = num.substring(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN.length()); num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); pre = MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN; } if (num.startsWith(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ZVR)) { num = num.substring(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ZVR.length()); pre = MOAIDConfigurationConstants.IDENIFICATIONTYPE_ZVR; } if (num.startsWith(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ERSB)){ num = num.substring(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ERSB.length()); pre = MOAIDConfigurationConstants.IDENIFICATIONTYPE_ERSB; } newTarget = MOAIDConfigurationConstants.PREFIX_WPBK + pre + "+" + num; } else { //wbPK prefix is already added newTarget = num; } newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET , newTarget); log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET) + " to value: " + newTarget); } else { //TODO: maybe store full bPK target (incl. prefix) newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET , ssoTarget); log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET + " from value: " + input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())) + " to value: " + ssoTarget); } } //TODO: add AuthBlock transformation filename String authBlockTransformation = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); String[] splittet = authBlockTransformation.split(","); if (splittet.length > 1) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, splittet[1]); log.debug("Extract AuthBlock Transformation from GUI upload and add it to key: {}", MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64); } //normalize CSV of ELGA mandate-service URLs try { String elgaServiceURLs = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, getKeyPrefix())); List currentElgaServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL)); if (MiscUtil.isNotEmpty(elgaServiceURLs)) { String normalizedElgaServiceURLs = KeyValueUtils.normalizeCSVValueString(elgaServiceURLs); if (!normalizedElgaServiceURLs.equals(elgaServiceURLs)) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, normalizedElgaServiceURLs); log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL) + " to value: " + normalizedElgaServiceURLs); } //check if service URLs are removed for (String el : KeyValueUtils.getListOfCSVValues(normalizedElgaServiceURLs)) { if (currentElgaServiceURLs.contains(el)) currentElgaServiceURLs.remove(el); } } //update OA configuration if (!currentElgaServiceURLs.isEmpty()) { String[] servicesOAs = dbconfig.findConfigurationId( MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ".%." + MOAIDConfigurationConstants.SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL); for (String service : servicesOAs) { String spElgaService = dbconfig.getStringValue(service); if (MiscUtil.isNotEmpty(spElgaService) && currentElgaServiceURLs.contains(spElgaService)) keysToDelete.add(service); } } //normalize CSV of MIS mandate-service URLs String misServiceURLs = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, getKeyPrefix())); List currentMisServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL)); if (MiscUtil.isNotEmpty(misServiceURLs)) { String normalizedMisServiceURLs = KeyValueUtils.normalizeCSVValueString(misServiceURLs); if (!normalizedMisServiceURLs .equals(misServiceURLs)) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, normalizedMisServiceURLs); log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL) + " to value: " + normalizedMisServiceURLs); } //check if service URLs are removed for (String el : KeyValueUtils.getListOfCSVValues(normalizedMisServiceURLs)) { if (currentMisServiceURLs.contains(el)) currentMisServiceURLs.remove(el); } } //update OA configuration if (!currentMisServiceURLs.isEmpty()) { String[] servicesOAs = dbconfig.findConfigurationId( MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ".%." + MOAIDConfigurationConstants.SERVICE_EXTERNAL_MIS_SERVICE_URL); for (String service : servicesOAs) { String spElgaService = dbconfig.getStringValue(service); if (MiscUtil.isNotEmpty(spElgaService) && currentMisServiceURLs.contains(spElgaService)) keysToDelete.add(service); } } //normalize CSV of SZR-GW service URLs String szrgwServiceURLs = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, getKeyPrefix())); List currentSzrgwServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); if (MiscUtil.isNotEmpty(szrgwServiceURLs)) { String normalizedSzrgwServiceURLs = KeyValueUtils.normalizeCSVValueString(szrgwServiceURLs); if (!normalizedSzrgwServiceURLs .equals(szrgwServiceURLs)) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, normalizedSzrgwServiceURLs); log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL) + " to value: " + normalizedSzrgwServiceURLs); } //check if service URLs are removed for (String el : KeyValueUtils.getListOfCSVValues(szrgwServiceURLs)) { if (currentSzrgwServiceURLs.contains(el)) currentSzrgwServiceURLs.remove(el); } } //update OA configuration if (!currentSzrgwServiceURLs.isEmpty()) { String[] servicesOAs = dbconfig.findConfigurationId( MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ".%." + MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); for (String service : servicesOAs) { String spElgaService = dbconfig.getStringValue(service); if (MiscUtil.isNotEmpty(spElgaService) && currentSzrgwServiceURLs.contains(spElgaService)) keysToDelete.add(service); } } } catch (ConfigurationException e) { log.error("Configuration is not accessable!", e); } if (newConfigValues.isEmpty()) return null; else return newConfigValues; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() */ @Override public String getKeyPrefix() { return MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() */ @Override public String getName() { return "General MOA-ID Configuration Task"; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() */ @Override public List getAllAllowedPatterns() { return generatePatternsFromKeys(KEYWHITELIST); } }