aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/auth/builder
diff options
context:
space:
mode:
authorharald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-01-10 15:37:52 +0000
committerharald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-01-10 15:37:52 +0000
commit7bba49753c8a44fade100d3676ab0a62372d44e1 (patch)
tree2bb52651b46ea2e85ad7f08ad0759180a2057a9f /id.server/src/at/gv/egovernment/moa/id/auth/builder
parent006abfa4f5064a905b14618708768e3aa295f264 (diff)
downloadmoa-id-spss-7bba49753c8a44fade100d3676ab0a62372d44e1.tar.gz
moa-id-spss-7bba49753c8a44fade100d3676ab0a62372d44e1.tar.bz2
moa-id-spss-7bba49753c8a44fade100d3676ab0a62372d44e1.zip
Adapted for MOA-ID 1.4 (validating additional infoboxes).
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@769 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/builder')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java88
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java107
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java74
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java28
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java78
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java4
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java8
8 files changed, 302 insertions, 87 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
new file mode 100644
index 000000000..241cf0afc
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -0,0 +1,88 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.text.MessageFormat;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Base class for building authentication the AUTHBlock and final OA data SAML assertions.
+ * Encapsulates methods used by the two specific builders
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder AuthenticationBlockAssertionBuilder}
+ * and
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder AuthenticationDataAssertionBuilder}
+ *
+ * @author Harald Bratko
+ */
+public class AuthenticationAssertionBuilder {
+
+ /** the NewLine representation in Java*/
+ protected static String NL = "\n";
+
+ protected static String SAML_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
+ " <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>"+ NL;
+
+ /**
+ * Empty constructor
+ */
+ public AuthenticationAssertionBuilder() {
+ }
+
+ /**
+ * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
+ * delivered to the online application.
+ * The method traverses through the list of given SAML attribute objects and builds an
+ * XML structure (String representation) for each of the attributes.
+ *
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
+ * to the SAML assertion delivered to the online application.
+ * @return A string representation including the XML structures of
+ * the SAML attributes.
+ *
+ * @throws ParseException If an error occurs on serializing an SAML attribute.
+ */
+ protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException
+ {
+ StringBuffer sb = new StringBuffer();
+ if (extendedSAMLAttributes!=null) {
+ Iterator it = extendedSAMLAttributes.iterator();
+ while (it.hasNext()) {
+ ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+ Object value = extendedSAMLAttribute.getValue();
+ String name = extendedSAMLAttribute.getName();
+ String namespace = extendedSAMLAttribute.getNameSpace();
+ if (value instanceof String) {
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value}));
+ } else if (value instanceof Element) {
+ try {
+ String serializedValue = DOMUtils.serializeNode((Element)(value));
+ serializedValue = StringUtils.removeXMLDeclaration(serializedValue);
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, serializedValue}));
+ } catch (TransformerException e) {
+ Logger.error("Error on serializing SAML attribute \"" + name +
+ " (namespace: \"" + namespace + "\".");
+ throw new ParseException("parser.05", new Object[] { name, namespace});
+ } catch (IOException e) {
+ Logger.error("Error on serializing SAML attribute \"" + name +
+ " (namespace: \"" + namespace + "\".");
+ throw new ParseException("parser.05", new Object[] { name, namespace});
+ }
+ }
+ }
+ }
+ return sb.toString();
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index b1fe0a6df..ef50acb3f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -1,7 +1,11 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
+import java.util.List;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
/**
@@ -11,41 +15,46 @@ import at.gv.egovernment.moa.util.Constants;
* @author Paul Ivancsics
* @version $Id$
*/
-public class AuthenticationBlockAssertionBuilder implements Constants {
- /** the NewLine representation in Java*/
- private static String nl = "\n";
+public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+
/** template for the Auth-Block */
private static String AUTH_BLOCK =
- "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + nl +
- " <saml:AttributeStatement>" + nl +
- " <saml:Subject>" + nl +
- " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + nl +
- " </saml:Subject>" + nl +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + NL +
+ " </saml:Subject>" + NL +
"{4}" +
- " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>{5}</saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl +
- " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>{6}</saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl +
- " </saml:AttributeStatement>" + nl +
+ " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{5}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{7}" +
+ " </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
private static String GESCHAEFTS_BEREICH_ATTRIBUTE =
- " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>{0}</saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl;
+ " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
private static String WBPK_ATTRIBUTE =
- " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>" + nl +
- " <pr:Identification>" + nl +
- " <pr:Value>{0}</pr:Value>" + nl +
- " <pr:Type>{1}</pr:Type>" + nl +
- " </pr:Identification>" + nl +
- " </saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl;
-
+ " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>" + NL +
+ " <pr:Identification>" + NL +
+ " <pr:Value>{0}</pr:Value>" + NL +
+ " <pr:Type>{1}</pr:Type>" + NL +
+ " </pr:Identification>" + NL +
+ " </saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
+ /**
+ * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
+ */
+ public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+
/**
* Constructor for AuthenticationBlockAssertionBuilder.
*/
@@ -73,17 +82,26 @@ public class AuthenticationBlockAssertionBuilder implements Constants {
* application used as input for wbPK computation;
* maybe <code>null</code> if the application is a public service
* @param oaURL public URL of online application requested
+ * @param gebDat The date of birth from the identity link.
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
+ *
* @return String representation of authentication block
* <code>&lt;saml:Assertion&gt;</code> built
+ *
+ * @throws BuildException If an error occurs on serializing an extended SAML attribute
+ * to be appended to the AUTH-Block.
*/
- public String buildAuthBlock(String issuer,
- String issueInstant,
- String authURL,
- String target,
- String identityLinkValue,
- String identityLinkType,
- String oaURL,
- String GebDat)
+ public String buildAuthBlock(
+ String issuer,
+ String issueInstant,
+ String authURL,
+ String target,
+ String identityLinkValue,
+ String identityLinkType,
+ String oaURL,
+ String gebDat,
+ List extendedSAMLAttributes)
+ throws BuildException
{
String gebeORwbpk = "";
@@ -97,8 +115,23 @@ public class AuthenticationBlockAssertionBuilder implements Constants {
GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
}
- String assertion = MessageFormat.format(
- AUTH_BLOCK, new Object[] { wbpkNSDeclaration, issuer, issueInstant, authURL, gebeORwbpk, oaURL, GebDat});
+ String assertion;
+ try {
+ assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] {
+ wbpkNSDeclaration,
+ issuer,
+ issueInstant,
+ authURL,
+ gebeORwbpk,
+ oaURL,
+ gebDat,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ } catch (ParseException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+
return assertion;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 7e866089d..53520c846 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -1,10 +1,14 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
+import java.util.List;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
/**
* Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
@@ -13,7 +17,7 @@ import at.gv.egovernment.moa.util.Constants;
* @author Paul Ivancsics
* @version $Id$
*/
-public class AuthenticationDataAssertionBuilder implements Constants {
+public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
/** private static String NL contains the NewLine representation in Java*/
private static final String NL = "\n";
/**
@@ -38,11 +42,12 @@ public class AuthenticationDataAssertionBuilder implements Constants {
" <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
" <saml:AttributeValue>{8}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
- " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
"{10}" +
- "{11}" +
+ "{11}" +
+ "{12}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
/**
@@ -54,10 +59,10 @@ public class AuthenticationDataAssertionBuilder implements Constants {
" <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
- private static final String SIGNER_CERTIFICATE_ATT =
- " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL;
+ private static final String SIGNER_CERTIFICATE_ATT =
+ " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
/**
* Constructor for AuthenticationDataAssertionBuilder.
@@ -92,7 +97,10 @@ public class AuthenticationDataAssertionBuilder implements Constants {
String xmlIdentityLink,
String bkuURL,
String signerCertificateBase64,
- boolean businessService) throws BuildException {
+ boolean businessService,
+ List extendedSAMLAttributes)
+ throws BuildException
+ {
String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
String publicAuthorityAttribute = "";
@@ -122,33 +130,27 @@ public class AuthenticationDataAssertionBuilder implements Constants {
pkValue = authData.getBPK();
}
- String assertion = MessageFormat.format(AUTH_DATA, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- pkType,
- pkValue,
- removeXMLDeclaration(xmlAuthBlock),
- removeXMLDeclaration(xmlIdentityLink),
- removeXMLDeclaration(xmlPersonData),
- isQualifiedCertificate,
- bkuURL,
- publicAuthorityAttribute,
- signerCertificateAttribute});
+ String assertion;
+ try {
+ assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ } catch (ParseException e) {
+ Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
+ }
return assertion;
}
-
- /**
- * Removes the XML declaration from an XML expression.
- * @param xmlString XML expression as String
- * @return XML expression, XML declaration removed
- */
- private String removeXMLDeclaration(String xmlString) {
- if (xmlString.startsWith("<?xml")) {
- int firstElement = xmlString.indexOf("<", 1);
- return xmlString.substring(firstElement);
- }
- else return xmlString;
- }
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index 03895a38e..06c81f49e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -73,7 +73,7 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements
try {
String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8");
- certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, 1);
+ certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, true, 1);
return certInfoRequest;
}
catch (IOException ex) {
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 9baa71612..0d0595b69 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -26,6 +26,8 @@ public class GetIdentityLinkFormBuilder extends Builder {
private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>";
/** special tag in the HTML template to be substituted for the certificate info data URL */
private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>";
+ /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+ private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
/** private static int all contains the representation to replace all tags*/
private static final int ALL = -1;
@@ -46,6 +48,9 @@ public class GetIdentityLinkFormBuilder extends Builder {
" <input type=\"hidden\" " + nl +
" name=\"DataURL\"" + nl +
" value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"PushInfobox\"" + nl +
+ " value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
" <input type=\"submit\" value=\"Anmeldung mit B&uuml;rgerkarte\"/>" + nl +
"</form>" + nl +
"<form name=\"CertificateInfoForm\"" + nl +
@@ -80,17 +85,24 @@ public class GetIdentityLinkFormBuilder extends Builder {
* @param dataURL DataURL to be sent as a parameter in the form
*/
public String build(
- String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL)
- throws BuildException {
-
+ String htmlTemplate,
+ String bkuURL,
+ String xmlRequest,
+ String dataURL,
+ String certInfoXMLRequest,
+ String certInfoDataURL,
+ String pushInfobox)
+ throws BuildException
+ {
String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
- htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, ALL);
- htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), ALL);
- htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, ALL);
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
- htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), ALL);
- htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, ALL);
+ htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
return htmlForm;
}
/**
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
new file mode 100644
index 000000000..2d9837f9a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * This class provides one method for building parameters needed for
+ * validating an infobox token.
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxValidatorParamsBuilder {
+
+ // hide the default constructor
+ private InfoboxValidatorParamsBuilder() {
+ }
+
+ /**
+ * Builds the parameters passed to the validator class for validating an infobox token.
+ *
+ * @param session The actual Authentication session.
+ * @param verifyInfoboxParameter The configuration parameters for the infobox.
+ * @param infoboxTokenList Contains the infobox token to be validated.
+ *
+ * @return Parameters for validating an infobox token.
+ */
+ public static InfoboxValidatorParams buildInfoboxValidatorParams(
+ AuthenticationSession session,
+ VerifyInfoboxParameter verifyInfoboxParameter,
+ List infoboxTokenList)
+ {
+ InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
+ IdentityLink identityLink = session.getIdentityLink();
+
+ // the infobox token to validate
+ infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
+ // configuration parameters
+ infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
+ infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
+ infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
+ // authentication session parameters
+ infoboxValidatorParams.setBkuURL(session.getBkuURL());
+ infoboxValidatorParams.setTarget(session.getTarget());
+ infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
+ // parameters from the identity link
+ infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
+ infoboxValidatorParams.setGivenName(identityLink.getGivenName());
+ infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
+ if (verifyInfoboxParameter.getProvideStammzahl()) {
+ infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
+ }
+ infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
+ infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
+ if (verifyInfoboxParameter.getProvideIdentityLink()) {
+ Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
+ if (!verifyInfoboxParameter.getProvideStammzahl()) {
+ Element identificationValueElem =
+ (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ if (identificationValueElem != null) {
+ identificationValueElem.getFirstChild().setNodeValue("");
+ }
+ }
+ infoboxValidatorParams.setIdentityLink(identityLinkElem);
+ }
+
+ return infoboxValidatorParams;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
index 72ecb53af..312179e73 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
@@ -55,8 +55,8 @@ public class SelectBKUFormBuilder extends Builder {
throws BuildException {
String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
- htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, 1);
- htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, 1);
+ htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1);
+ htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1);
return htmlForm;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index b98b87dee..e38ccc62a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -6,7 +6,7 @@ import java.io.InputStream;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
-import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -24,6 +24,8 @@ import at.gv.egovernment.moa.util.XPathUtils;
public class VerifyXMLSignatureRequestBuilder {
/** The MOA-Prefix */
private static final String MOA = Constants.MOA_PREFIX + ":";
+ /** The DSIG-Prefix */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
/** the request as string */
private String request;
/** the request as DOM-Element */
@@ -53,7 +55,7 @@ public class VerifyXMLSignatureRequestBuilder {
+ " <Base64Content>"
+ " </Base64Content>"
+ " </VerifySignatureEnvironment>"
- + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
+ " </VerifySignatureInfo>"
+ " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung
+" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>"
@@ -160,7 +162,7 @@ public class VerifyXMLSignatureRequestBuilder {
+ " <VerifySignatureEnvironment>"
+ " <XMLContent xml:space=\"preserve\"/>"
+ " </VerifySignatureEnvironment>"
- + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
+ " </VerifySignatureInfo>"
+ " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
+ " <ReferenceInfo>";