/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.regex.Pattern; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationSTORKTask.class); private static final List KEYWHITELIST; static { ArrayList temp = new ArrayList(); KEYWHITELIST = Collections.unmodifiableList(temp); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() */ @Override public String getKeyPrefix() { return ""; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() */ @Override public String getName() { return "Service - General Configuration Task"; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) */ @Override public Map postProcessing(Map input, List keysToDelete, Configuration dbconfig) { Map newConfigValues = new HashMap(); //C-PEPS try { //search all actually configured C-PEPS String[] cPepsKeys = dbconfig.findConfigurationId( MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + ".%." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); List cPepsCountries = new ArrayList(); for (String el : cPepsKeys) { String country = dbconfig.getStringValue(el); if (MiscUtil.isNotEmpty(el)) cPepsCountries.add(country); } //check SERVICE STORK countries against C-PEPS configuration Map GUICountries = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); Iterator> GUICountriesInterator = GUICountries.entrySet().iterator(); while (GUICountriesInterator.hasNext()) { Entry entry = GUICountriesInterator.next(); if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)) { if (cPepsCountries.contains(entry.getValue())) { //Service contains C-PEPS log.trace("Service contains C-PEPS with countryCode: " + entry.getValue()); cPepsCountries.remove(entry.getValue()); } else { //Service contains countryCode which is not a C-PEPS --> remove country code from service log.debug("No C-PEPS with service countryCode: " + entry.getValue() + " Remove countryCode from service."); String index = KeyValueUtils.getParentKey(entry.getKey()); if (MiscUtil.isNotEmpty(index)) { keysToDelete.add( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "*"); } else log.warn("Can not remove countryCode from service. Suspect key: " + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + entry.getKey()); } } } // add new C-PEPS to service int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUICountries.keySet(), new String()); for (String el : cPepsCountries) { log.debug("Add new C-PEPS: " + el + " to service with key: " + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + nextFreeIndex); newConfigValues.put( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + nextFreeIndex + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE, el); newConfigValues.put( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + nextFreeIndex + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED, String.valueOf(true)); nextFreeIndex++; } } catch (ConfigurationException e) { log.error("Can not access configuration.", e); } //STORK attributes try { //search all actually configured C-PEPS String[] attributeKeys = dbconfig.findConfigurationId( MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + ".%." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); List attributeNames = new ArrayList(); for (String el : attributeKeys) { String country = dbconfig.getStringValue(el); if (MiscUtil.isNotEmpty(el)) attributeNames.add(country); } //check SERVICE STORK countries against C-PEPS configuration Map GUIAttributes = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); Iterator> GUIAttributesInterator = GUIAttributes.entrySet().iterator(); while (GUIAttributesInterator.hasNext()) { Entry entry = GUIAttributesInterator.next(); if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { if (attributeNames.contains(entry.getValue())) { //Service contains C-PEPS log.trace("Service contains STORK attribute with name: " + entry.getValue()); attributeNames.remove(entry.getValue()); } else { //Service contains countryCode which is not a C-PEPS --> remove country code from service log.debug("No STORK attribute with service attributeName: " + entry.getValue() + " Remove STORK attribte from service."); String index = KeyValueUtils.getParentKey(entry.getKey()); if (MiscUtil.isNotEmpty(index)) { keysToDelete.add( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "*"); } else log.warn("Can not remove STORK attribute from service. Suspect key: " + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + entry.getKey()); } } } // add new C-PEPS to service int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUIAttributes.keySet(), new String()); for (String el : attributeNames) { log.debug("Add new STORK attribute: " + el + " to service with key: " + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + nextFreeIndex); newConfigValues.put( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + nextFreeIndex + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME, el); newConfigValues.put( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + nextFreeIndex + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED, String.valueOf(false)); newConfigValues.put( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + nextFreeIndex + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, String.valueOf(false)); nextFreeIndex++; } } catch (ConfigurationException e) { log.error("Can not access configuration.", e); } if (newConfigValues.isEmpty()) return null; else return newConfigValues; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override protected void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); // check qaa String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); if (MiscUtil.isNotEmpty(qaaString)) { if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaaString)) { log.warn("eIDAS-LoA is not allowed: " + qaaString); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "eIDAS - LoA is not allowed", LanguageHelper.getErrorString("validation.stork.qaa.outofrange", new Object[] {qaaString}))); } } if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() */ @Override public List getAllAllowedPatterns() { return generatePatternsFromKeys(KEYWHITELIST); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() */ @Override public List getModulValidatorPrefix() { return Arrays.asList( MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA ); } }