/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.regex.Pattern; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.helper.GUIDataParser; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements ITaskValidator { private static final Logger log = LoggerFactory.getLogger(ServicesBKUSelectionTask.class); private static final List KEYWHITELIST; static { ArrayList temp = new ArrayList(); KEYWHITELIST = Collections.unmodifiableList(temp); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() */ @Override public String getKeyPrefix() { return "auth.templates"; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() */ @Override public String getName() { return "Service - BKU-Selection Configuration Task"; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) */ @Override public Map postProcessing(Map input, List keysToDelete, Configuration dbconfig) { Map newConfigValues = new HashMap(); //delete configuration key if the configuration value is empty or null if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL))) keysToDelete.add(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL); //delete configuration key if the configuration value is empty or null if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL))) keysToDelete.add(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL); String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplateUploadedFileName); } String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, sendAssertionTemplateUploadedFileName); } String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); String bkuSelectionFile = GUIDataParser.getBase64ContentFromGUIUpload(bkuSelectionFileUpload); if (bkuSelectionFile != null) newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, bkuSelectionFile); String sendAssertionTemplateUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); String sendAssertionTemplate = GUIDataParser.getBase64ContentFromGUIUpload(sendAssertionTemplateUpload); if (sendAssertionTemplate != null) newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, sendAssertionTemplate); String deleteBKUSelectionTemplate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DELETE); if (MiscUtil.isNotEmpty(deleteBKUSelectionTemplate) && Boolean.parseBoolean(deleteBKUSelectionTemplate)) { newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, null); newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DELETE, String.valueOf(false)); newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, null); newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, null); } String deleteSendAssertionTemplate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DELETE); if (MiscUtil.isNotEmpty(deleteSendAssertionTemplate) && Boolean.parseBoolean(deleteSendAssertionTemplate)) { newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, null); newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DELETE, String.valueOf(false)); newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW, null); newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, null); } if (newConfigValues.isEmpty()) return null; else return newConfigValues; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override protected void taskValidate(Map input) throws ConfigurationTaskValidationException { List errors = new ArrayList(); //validate aditionalAuthBlockText String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT, "AuthBlock - Addition AuthBlocktext", LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", new Object[] {ValidationHelper.getNotValidCharacter(false)}))); } } //validate BKU selection template String bkuSelectTemplate = null; String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionFileUpload) && !bkuSelectionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) ) { String bkuSelectTemplateFileName = "unknown"; try { String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { if (ValidationHelper.containsNotValidCharacter(bkuSelectTemplateUploadedFileName, false)) { log.info("BKU Selection Filename is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, "Templates - BKU Selection Filename", LanguageHelper.getErrorString("validation.general.bkuselection.filename.valid"))); } else bkuSelectTemplateFileName = bkuSelectTemplateUploadedFileName; } else { String bkuSelectTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW); if (MiscUtil.isNotEmpty(bkuSelectTemplatePreView)) bkuSelectTemplateFileName = bkuSelectTemplatePreView; } bkuSelectTemplate = GUIDataParser.getBase64ContentFromGUIUpload(bkuSelectionFileUpload); if (bkuSelectTemplate == null) { log.info("BKU Selection Template is not decodeable."); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, "Templates - BKU Selection", LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", new Object[] {bkuSelectTemplateFileName}))); } } catch (Exception e) { log.info("BKU Selection Template is not decodeable."); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, "Templates - BKU Selection", LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", new Object[] {bkuSelectTemplateFileName}))); } } //validate send-assertion template String sendAssertionTemplate = null; String sendAssertionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); if (MiscUtil.isNotEmpty(sendAssertionFileUpload) && !sendAssertionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { String sendAssertionTemplateFileName = "unknown"; try { String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { if (ValidationHelper.containsNotValidCharacter(sendAssertionTemplateUploadedFileName, false)) { log.info("Send Assertion Filename is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, "Templates - Send Assertion Filename", LanguageHelper.getErrorString("validation.general.sendassertion.filename.valid"))); } else sendAssertionTemplateFileName = sendAssertionTemplateUploadedFileName; } else { String sendAssertionTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW); if (MiscUtil.isNotEmpty(sendAssertionTemplatePreView)) sendAssertionTemplateFileName = sendAssertionTemplatePreView; } sendAssertionTemplate = GUIDataParser.getBase64ContentFromGUIUpload(sendAssertionFileUpload); if (sendAssertionTemplate == null) { log.info("Send Assertion Template is not decodeable."); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, "Templates - Send Assertion", LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", new Object[] {sendAssertionTemplateFileName}))); } } catch (Exception e) { log.info("Send Assertion Template is not decodeable."); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, "Templates - Send Assertion", LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", new Object[] {sendAssertionTemplateFileName}))); } } //validate template URLs check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("URL to SAML2 POST-Binding template is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, "Templates - SAML2 Post-Binding", LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid"))); } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("URL to mandate-service selection-template is not valid"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, "Templates - Mandate-Service selection", LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid"))); } //check Template customization parameters check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR); if (MiscUtil.isNotEmpty(check)) { if (!check.startsWith("#")) check = "#" + check; if (!ValidationHelper.isValidHexValue(check)) { log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR, "Templates - Background Color", LanguageHelper.getErrorString("validation.general.form.color.background"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR); if (MiscUtil.isNotEmpty(check)) { if (!check.startsWith("#")) check = "#" + check; if (!ValidationHelper.isValidHexValue(check)) { log.warn("BKUSelectionFrontColor is not a valid hex value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR, "Templates - Front Color", LanguageHelper.getErrorString("validation.general.form.color.front"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR); if (MiscUtil.isNotEmpty(check)) { if (!check.startsWith("#")) check = "#" + check; if (!ValidationHelper.isValidHexValue(check)) { log.warn("HeaderBackGroundColor is not a valid hex value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR, "Templates - Header Background-Color", LanguageHelper.getErrorString("validation.general.form.header.color.back"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR); if (MiscUtil.isNotEmpty(check)) { if (!check.startsWith("#")) check = "#" + check; if (!ValidationHelper.isValidHexValue(check)) { log.warn("HeaderFrontColor is not a valid hex value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR, "Templates - Header Front-Color", LanguageHelper.getErrorString("validation.general.form.header.color.front"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("HeaderText contains potentail XSS characters: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT, "Templates - Header Text", LanguageHelper.getErrorString("validation.general.form.header.text", new Object[] {ValidationHelper.getNotValidCharacter(false)}) )); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR); if (MiscUtil.isNotEmpty(check)) { if (!check.startsWith("#")) check = "#" + check; if (!ValidationHelper.isValidHexValue(check)) { log.warn("ButtonBackGroundColor is not a valid hex value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR, "Templates - Button Background-Color", LanguageHelper.getErrorString("validation.general.form.button.color.back"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS); if (MiscUtil.isNotEmpty(check)) { if (!check.startsWith("#")) check = "#" + check; if (!ValidationHelper.isValidHexValue(check)) { log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS, "Templates - Button Background-Color on Focus", LanguageHelper.getErrorString("validation.general.form.button.color.back.focus"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR); if (MiscUtil.isNotEmpty(check)) { if (!check.startsWith("#")) check = "#" + check; if (!ValidationHelper.isValidHexValue(check)) { log.warn("ButtonFrontColor is not a valid hex value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR, "Templates - Button Front-Color", LanguageHelper.getErrorString("validation.general.form.button.color.front"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); if (MiscUtil.isNotEmpty(check)) { if (!MOAIDConfigurationConstants.ALLOWED_REDIRECTTARGETNAMES.contains(check)) { log.warn("AppletRedirectTarget has not valid value " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET, "Templates - Applet Redirect-Target", LanguageHelper.getErrorString("validation.general.form.appletredirecttarget"))); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, true)) { log.warn("FontType contains potentail XSS characters: " + check); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE, "Templates - Font Type", LanguageHelper.getErrorString("validation.general.form.fonttype", new Object[] {ValidationHelper.getNotValidCharacter(true)}) )); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("Applet height "+ check + " is no valid number"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT, "Templates - Applet Height", LanguageHelper.getErrorString("validation.general.form.applet.height", new Object[] {ValidationHelper.getNotValidCharacter(true)}) )); } } check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateNumber(check)) { log.warn("Applet width "+ check + " is no valid number"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH, "Templates - Applet Width", LanguageHelper.getErrorString("validation.general.form.applet.width", new Object[] {ValidationHelper.getNotValidCharacter(true)}) )); } } if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() */ @Override public List getAllAllowedPatterns() { return generatePatternsFromKeys(KEYWHITELIST); } }