Java tutorial
/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.configuration.data.oa; import java.io.File; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.SerializationUtils; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BPKDecryption; import at.gv.egovernment.moa.id.commons.db.dao.config.EncBPKInformation; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils; import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class OABPKEncryption implements IOnlineApplicationData { private static final Logger log = Logger.getLogger(OABPKEncryption.class); private static final String MODULENAME = "bPKEncryptionDecryption"; private String keyStorePassword = null; private String keyAlias = null; private String keyPassword = null; private Map<String, byte[]> keyStoreForm = new HashMap<String, byte[]>(); private List<File> keyStoreFileUpload = null; private List<String> keyStoreFileUploadContentType = null; private List<String> keyStoreFileUploadFileName = new ArrayList<String>();; private boolean deletekeyStore = false; private boolean validationError = false; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() */ @Override public String getName() { // TODO Auto-generated method stub return MODULENAME; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) */ @Override public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); if (oaAuth != null) { EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); if (bPKEncDec != null) { BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); if (bPKDec != null) { keyAlias = bPKDec.getKeyAlias(); if (bPKDec.getKeyStoreFileName() != null) keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); } } } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) */ @Override public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); if (oaAuth == null) { oaAuth = new AuthComponentOA(); dbOA.setAuthComponentOA(oaAuth); } EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); if (bPKEncDec == null) { bPKEncDec = new EncBPKInformation(); oaAuth.setEncBPKInformation(bPKEncDec); } BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); if (bPKDec == null) { bPKDec = new BPKDecryption(); bPKEncDec.setBPKDecryption(bPKDec); } if (isDeletekeyStore()) { bPKDec.setIv(null); bPKDec.setKeyAlias(null); bPKDec.setKeyInformation(null); bPKDec.setKeyStoreFileName(null); } BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); if (keyStoreForm != null && keyStoreForm.size() > 0) { keyInfo.setKeyAlias(keyAlias); keyInfo.setKeyPassword(keyPassword); keyInfo.setKeyStorePassword(keyStorePassword); Iterator<String> interator = keyStoreForm.keySet().iterator(); bPKDec.setKeyStoreFileName(interator.next()); bPKDec.setKeyAlias(keyAlias); keyInfo.setKeyStore(keyStoreForm.get(bPKDec.getKeyStoreFileName())); //encrypt key information byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); try { EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); bPKDec.setIv(encryptkeyInfo.getIv()); bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); } catch (BuildException e) { log.error("Configuration encryption FAILED.", e); return LanguageHelper.getErrorString("error.general.text", request); } } request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) */ @Override public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request) { HttpSession session = request.getSession(); List<String> errors = new ArrayList<String>(); String check = null; OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); //validate BKU-selection template List<String> templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName(), getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); if (templateError != null && templateError.size() == 0) { if (keyStoreForm != null && keyStoreForm.size() > 0) { session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); } else keyStoreForm = (Map<String, byte[]>) session .getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); } else { errors.addAll(templateError); } if (keyStoreForm != null && keyStoreForm.size() > 0) { check = getKeyStorePassword(); if (MiscUtil.isEmpty(check)) { log.info("bPK decryption keystore password is empty"); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); } else { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", new Object[] { ValidationHelper.getPotentialCSSCharacter(false) }, request)); } } check = getKeyAlias(); if (MiscUtil.isEmpty(check)) { log.info("bPK decryption key alias is empty"); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); } else { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("bPK decryption key alias contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", new Object[] { ValidationHelper.getPotentialCSSCharacter(false) }, request)); } } check = getKeyPassword(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("bPK decryption key password contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", new Object[] { ValidationHelper.getPotentialCSSCharacter(false) }, request)); } } BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); keyInfo.setKeyAlias(keyAlias); keyInfo.setKeyPassword(keyPassword); keyInfo.setKeyStorePassword(keyStorePassword); Iterator<String> interator = keyStoreForm.keySet().iterator(); String fileName = interator.next(); keyInfo.setKeyStore(keyStoreForm.get(fileName)); if (keyInfo.getPrivateKey() == null) { log.info("Open keyStore FAILED."); errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); } } if (errors.size() > 0) { validationError = true; } return errors; } /** * @return the keyStorePassword */ public String getKeyStorePassword() { return keyStorePassword; } /** * @param keyStorePassword the keyStorePassword to set */ public void setKeyStorePassword(String keyStorePassword) { this.keyStorePassword = keyStorePassword; } /** * @return the keyAlias */ public String getKeyAlias() { return keyAlias; } /** * @param keyAlias the keyAlias to set */ public void setKeyAlias(String keyAlias) { this.keyAlias = keyAlias; } /** * @return the keyPassword */ public String getKeyPassword() { return keyPassword; } /** * @param keyPassword the keyPassword to set */ public void setKeyPassword(String keyPassword) { this.keyPassword = keyPassword; } /** * @return the keyStoreFileUpload */ public List<File> getKeyStoreFileUpload() { return keyStoreFileUpload; } /** * @param keyStoreFileUpload the keyStoreFileUpload to set */ public void setKeyStoreFileUpload(List<File> keyStoreFileUpload) { this.keyStoreFileUpload = keyStoreFileUpload; } /** * @return the keyStoreFileUploadContentType */ public List<String> getKeyStoreFileUploadContentType() { return keyStoreFileUploadContentType; } /** * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set */ public void setKeyStoreFileUploadContentType(List<String> keyStoreFileUploadContentType) { this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; } /** * @return the keyStoreFileUploadFileName */ public List<String> getKeyStoreFileUploadFileName() { return keyStoreFileUploadFileName; } /** * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set */ public void setKeyStoreFileUploadFileName(List<String> keyStoreFileUploadFileName) { this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; } /** * @return the deletekeyStore */ public boolean isDeletekeyStore() { return deletekeyStore; } /** * @param deletekeyStore the deletekeyStore to set */ public void setDeletekeyStore(boolean deletekeyStore) { this.deletekeyStore = deletekeyStore; } /** * @return the validationError */ public boolean isValidationError() { return validationError; } }