.) Setting IssueInstant from the identity link as verification date for identity link.

.) Completely rewrite class to increase performance git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@790 d688527b-c9ab-4aba-bd8d-4036d912da1d
author: harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2007-01-18 14:32:14 +0000
committer: harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2007-01-18 14:32:14 +0000
commit: 03310b34dbc9e7099e2ca10560e710b176d06087 (patch)
tree: 7edd0bd26e69b50150f5099e0dbe759caf8535ea
parent: 80608f716e4b86630af90d9e9e3f152ad9526824 (diff)
download: moa-id-spss-03310b34dbc9e7099e2ca10560e710b176d06087.tar.gz
moa-id-spss-03310b34dbc9e7099e2ca10560e710b176d06087.tar.bz2
moa-id-spss-03310b34dbc9e7099e2ca10560e710b176d06087.zip
1 files changed, 146 insertions, 152 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index e38ccc62a..758f28150 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -1,18 +1,18 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
 
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Text;
+import org.w3c.dom.Node;
 
+import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
@@ -22,124 +22,121 @@ import at.gv.egovernment.moa.util.XPathUtils;
  * @version $Id$
  */
 public class VerifyXMLSignatureRequestBuilder {
-  /** The MOA-Prefix */
-  private static final String MOA = Constants.MOA_PREFIX + ":";
+  
+  /** shortcut for XMLNS namespace URI */
+  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+  /** shortcut for MOA namespace URI */
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
   /** The DSIG-Prefix */
   private static final String DSIG = Constants.DSIG_PREFIX + ":";
-  /** the request as string */
-  private String request;
-  /** the request as DOM-Element */
-  private Element reqElem;
-
+  
+  /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+  private Document requestDoc_;
+  /** the <code>VerifyXMLsignatureRequest</code> root element */
+  private Element requestElem_;
+  
+  
   /**
-   * Constructor for VerifyXMLSignatureRequestBuilder.
+   * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root
+   * element and namespace declarations.
+   * 
+   * @throws BuildException If an error occurs on building the document.
    */
-  public VerifyXMLSignatureRequestBuilder() {
+  public VerifyXMLSignatureRequestBuilder() throws BuildException {
+    try {
+      DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();        
+      requestDoc_ = docBuilder.newDocument();
+      requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+      requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+      requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+      requestDoc_.appendChild(requestElem_);       
+    } catch (Throwable t) {
+      throw new BuildException(
+        "builder.00", 
+        new Object[] {"VerifyXMLSignatureRequest", t.toString()}, 
+        t);
+    }
   }
+  
+  
   /**
    * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
    * from an IdentityLink with a known trustProfileID which 
    * has to exist in MOA-SP
-   * @param idl - The IdentityLink
+   * @param identityLink - The IdentityLink
    * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * 
    * @return Element - The complete request as Dom-Element
+   * 
    * @throws ParseException
    */
-  public Element build(IdentityLink idl, String trustProfileID)
-    throws ParseException { //samlAssertionObject
-      request =
-        "<?xml version='1.0' encoding='UTF-8' ?>"
-          + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
-          + "  <VerifySignatureInfo>"
-          + "    <VerifySignatureEnvironment>"
-          + "      <Base64Content>"
-          + "      </Base64Content>"
-          + "    </VerifySignatureEnvironment>"
-          + "    <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
-          + "  </VerifySignatureInfo>"
-          + "  <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung
-  +"     <ReferenceInfo>" + "     <VerifyTransformsInfoProfile/>"
-      // Profile ID für create    (alle auslesen aus IDCOnfig VerifyAuthBlock)
-  +"     </ReferenceInfo>"
-    + "  </SignatureManifestCheckParams>"
-    + "  <ReturnHashInputData/>"
-    + "  <TrustProfileID>"
-    + trustProfileID
-    + "</TrustProfileID>"
-    + "</VerifyXMLSignatureRequest>";
-
+  public Element build(IdentityLink identityLink, String trustProfileID)
+    throws ParseException 
+  { 
     try {
-      InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
-      reqElem = DOMUtils.parseXmlValidating(s);
-
-      String CONTENT_XPATH =
-        "//"
-          + MOA
-          + "VerifyXMLSignatureRequest/"
-          + MOA
-          + "VerifySignatureInfo/"
-          + MOA
-          + "VerifySignatureEnvironment/"
-          + MOA
-          + "Base64Content";
-
-      Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
-
-      String dtdString = "" 
-      		/* TODO MOA-ID-AUTH remove dtdString processing if it is not nec. in further versions
-        	+ "<!DOCTYPE saml:Assertion [\n"
-          + "  <!ATTLIST saml:Assertion AssertionID ID #REQUIRED\n"
-          + ">\n"
-          + "]>"
-					*/
-					;	
-
-      String serializedAssertion = idl.getSerializedSamlAssertion();
-      //insert mini dtd after xml declaration to allow usage of AssertionID 
-      //encode then base64 and put this into Element Base64Content
-      String dtdAndIL =
-        serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2)
-          + dtdString
-          + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2);
-      String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8"));
-			//replace all '\r' characters by no char.
-			String replaced = "";
-			for (int i = 0; i < b64dtdAndIL.length(); i ++) {
-				if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i);
-			}
-			b64dtdAndIL = replaced;
-      Text b64content = (Text) insertTo.getFirstChild();
-      b64content.setData(b64dtdAndIL);
-
-      String SIGN_MANI_CHECK_PARAMS_XPATH =
-        "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams";
-      insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH);
-      insertTo.removeChild(
-        (Element) XPathUtils.selectSingleNode(
-          reqElem,
-          SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo"));
-      Element[] dsigTransforms = idl.getDsigReferenceTransforms();
-      for (int i = 0; i < 1; i++) //dsigTransforms.length; i++)  
-        {
-        Element refInfo =
-          insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo");
-        insertTo.appendChild(refInfo);
-        Element verifyTransformsInfoProfile =
-          insertTo.getOwnerDocument().createElementNS(
-            Constants.MOA_NS_URI,
-            "VerifyTransformsInfoProfile");
-        refInfo.appendChild(verifyTransformsInfoProfile);
-        verifyTransformsInfoProfile.appendChild(
-          insertTo.getOwnerDocument().importNode(dsigTransforms[i], true));
+      // build the request
+      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+      requestElem_.appendChild(dateTimeElem);
+      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+      dateTimeElem.appendChild(dateTime);
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+      // insert the base64 encoded identity link SAML assertion
+      String serializedAssertion = identityLink.getSerializedSamlAssertion();
+      String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8"));
+      //replace all '\r' characters by no char.
+      StringBuffer replaced = new StringBuffer();
+      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+        char c = base64EncodedAssertion.charAt(i);
+        if (c != '\r') {
+          replaced.append(c);
+        }
       }
+      base64EncodedAssertion = replaced.toString();
+      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+      base64ContentElem.appendChild(base64Content);      
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+      // add the transforms
+      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+      signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+      for (int i = 0; i < dsigTransforms.length; i++) {        
+        Element verifyTransformsInfoProfileElem = 
+          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));        
+      }
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
     } catch (Throwable t) {
-      throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)");
-      "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+      throw new ParseException("builder.00", 
+        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
     }
 
-    return reqElem;
+    return requestElem_;
   }
-
+  
+  
   /**
    * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
    * from the signed AUTH-Block with a known trustProfileID which 
@@ -154,59 +151,56 @@ public class VerifyXMLSignatureRequestBuilder {
     CreateXMLSignatureResponse csr,
     String[] verifyTransformsInfoProfileID,
     String trustProfileID)
-    throws ParseException { //samlAssertionObject
-    request =
-      "<?xml version='1.0' encoding='UTF-8' ?>"
-        + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
-        + "  <VerifySignatureInfo>"
-        + "    <VerifySignatureEnvironment>"
-        + "      <XMLContent xml:space=\"preserve\"/>"
-        + "    </VerifySignatureEnvironment>"
-        + "    <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
-        + "  </VerifySignatureInfo>"
-        + "  <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
-        + "     <ReferenceInfo>";
-
-    for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
-      request += "     <VerifyTransformsInfoProfileID>"
-        + verifyTransformsInfoProfileID[i]
-        + "</VerifyTransformsInfoProfileID>";
-      // Profile ID für create    (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....)
-
-    }
-
-    request += "     </ReferenceInfo>" + "  </SignatureManifestCheckParams>"
-    // Testweise ReturnReferenceInputData = False
-    +"  <ReturnHashInputData/>"
-      + "  <TrustProfileID>"
-      + trustProfileID
-      + "</TrustProfileID>"
-      + "</VerifyXMLSignatureRequest>";
-
+    throws BuildException { //samlAssertionObject
+    
     try {
-      // Build a DOM-Tree of the obove String
-      InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
-      reqElem = DOMUtils.parseXmlValidating(s);
-      //Insert the SAML-Assertion-Object
-      String CONTENT_XPATH =
-        "//"
-          + MOA
-          + "VerifyXMLSignatureRequest/"
-          + MOA
-          + "VerifySignatureInfo/"
-          + MOA
-          + "VerifySignatureEnvironment/"
-          + MOA
-          + "XMLContent";
-
-      Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
-      insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
+      // build the request
+//      requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" 
+//        + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+      verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+      xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+      // insert the SAML assertion
+      xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true));          
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+      // add the transform profile IDs
+      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+        signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+      for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+        Element verifyTransformsInfoProfileIDElem = 
+          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+        referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+        verifyTransformsInfoProfileIDElem.appendChild(
+          requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));        
+      }
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
 
     } catch (Throwable t) {
-      throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+      throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
     }
 
-    return reqElem;
+    return requestElem_;
   }
 
 }
author	harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2007-01-18 14:32:14 +0000
committer	harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2007-01-18 14:32:14 +0000
commit	03310b34dbc9e7099e2ca10560e710b176d06087 (patch)
tree	7edd0bd26e69b50150f5099e0dbe759caf8535ea
parent	80608f716e4b86630af90d9e9e3f152ad9526824 (diff)
download	moa-id-spss-03310b34dbc9e7099e2ca10560e710b176d06087.tar.gz moa-id-spss-03310b34dbc9e7099e2ca10560e710b176d06087.tar.bz2 moa-id-spss-03310b34dbc9e7099e2ca10560e710b176d06087.zip