Adapted for MOA-ID 1.4 (validating additional infoboxes).

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@769 d688527b-c9ab-4aba-bd8d-4036d912da1d

8 files changed, 302 insertions, 87 deletions

diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
new file mode 100644
index 000000000..241cf0afc
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -0,0 +1,88 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.text.MessageFormat;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Base class for building authentication the AUTHBlock and final OA data SAML assertions.
+ * Encapsulates methods used by the two specific builders 
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder AuthenticationBlockAssertionBuilder}
+ * and
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder AuthenticationDataAssertionBuilder}
+ * 
+ * @author Harald Bratko
+ */
+public class AuthenticationAssertionBuilder {
+  
+  /** the NewLine representation in Java*/
+  protected static String NL = "\n";
+  
+  protected static String SAML_ATTRIBUTE =
+  "   <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
+  "     <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
+  "   </saml:Attribute>"+ NL;
+
+  /**
+   * Empty constructor
+   */
+  public AuthenticationAssertionBuilder() {
+  }
+  
+  /**
+   * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion 
+   * delivered to the online application.
+   * The method traverses through the list of given SAML attribute objects and builds an 
+   * XML structure (String representation) for each of the attributes. 
+   * 
+   * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or  
+   *                               to the SAML assertion delivered to the online application.
+   * @return                       A string representation including the XML structures of
+   *                               the SAML attributes.
+   *                               
+   * @throws ParseException        If an error occurs on serializing an SAML attribute.
+   */
+  protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException
+  {
+    StringBuffer sb = new StringBuffer();
+    if (extendedSAMLAttributes!=null) {
+      Iterator it = extendedSAMLAttributes.iterator();
+      while (it.hasNext()) {
+        ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+        Object value = extendedSAMLAttribute.getValue();
+        String name = extendedSAMLAttribute.getName();
+        String namespace = extendedSAMLAttribute.getNameSpace();
+        if (value instanceof String) {
+          sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value}));
+        } else if (value instanceof Element) {
+          try {
+            String serializedValue = DOMUtils.serializeNode((Element)(value));
+            serializedValue = StringUtils.removeXMLDeclaration(serializedValue);
+            sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, serializedValue}));
+          } catch (TransformerException e) {
+            Logger.error("Error on serializing SAML attribute \"" + name + 
+              " (namespace: \"" + namespace + "\".");
+            throw new ParseException("parser.05", new Object[] { name, namespace});
+          } catch (IOException e) {
+            Logger.error("Error on serializing SAML attribute \"" + name + 
+              " (namespace: \"" + namespace + "\".");
+            throw new ParseException("parser.05", new Object[] { name, namespace});
+          }
+        }
+      }
+    }
+   return sb.toString();
+  }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index b1fe0a6df..ef50acb3f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -1,7 +1,11 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import java.text.MessageFormat;
+import java.util.List;
 
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 
 /**
@@ -11,41 +15,46 @@ import at.gv.egovernment.moa.util.Constants;
  * @author Paul Ivancsics
  * @version $Id$
  */
-public class AuthenticationBlockAssertionBuilder implements Constants {
-  /** the NewLine representation in Java*/
-	private static String nl = "\n";
+public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+
   /** template for the Auth-Block */
   private static String AUTH_BLOCK = 
-    "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + nl +
-    " <saml:AttributeStatement>" + nl +
-    "   <saml:Subject>" + nl +
-    "     <saml:NameIdentifier>{3}</saml:NameIdentifier>" + nl +
-    "   </saml:Subject>" + nl +
+    "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+    " <saml:AttributeStatement>" + NL +
+    "   <saml:Subject>" + NL +
+    "     <saml:NameIdentifier>{3}</saml:NameIdentifier>" + NL +
+    "   </saml:Subject>" + NL +
     "{4}" + 
-    "   <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
-    "     <saml:AttributeValue>{5}</saml:AttributeValue>" + nl +
-    "   </saml:Attribute>" + nl +
-    "   <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
-    "     <saml:AttributeValue>{6}</saml:AttributeValue>" + nl +
-    "   </saml:Attribute>" + nl +
-    " </saml:AttributeStatement>" + nl +
+    "   <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+    "     <saml:AttributeValue>{5}</saml:AttributeValue>" + NL +
+    "   </saml:Attribute>" + NL +
+    "   <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+    "     <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
+    "   </saml:Attribute>" + NL +
+    "{7}" +
+    " </saml:AttributeStatement>" + NL +
     "</saml:Assertion>";
   
   private static String GESCHAEFTS_BEREICH_ATTRIBUTE =
-    "   <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
-    "     <saml:AttributeValue>{0}</saml:AttributeValue>" + nl +
-    "   </saml:Attribute>" + nl;
+    "   <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+    "     <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+    "   </saml:Attribute>" + NL;
   
   private static String WBPK_ATTRIBUTE =
-    "   <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
-    "     <saml:AttributeValue>" + nl +
-    "       <pr:Identification>" + nl +
-    "         <pr:Value>{0}</pr:Value>" + nl +
-    "         <pr:Type>{1}</pr:Type>" + nl +
-    "       </pr:Identification>" + nl +
-    "     </saml:AttributeValue>" + nl +
-    "   </saml:Attribute>" + nl;
-
+    "   <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+    "     <saml:AttributeValue>" + NL +
+    "       <pr:Identification>" + NL +
+    "         <pr:Value>{0}</pr:Value>" + NL +
+    "         <pr:Type>{1}</pr:Type>" + NL +
+    "       </pr:Identification>" + NL +
+    "     </saml:AttributeValue>" + NL +
+    "   </saml:Attribute>" + NL;
+  
+  /**
+   * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
+   */
+  public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+  
   /**
    * Constructor for AuthenticationBlockAssertionBuilder.
    */
@@ -73,17 +82,26 @@ public class AuthenticationBlockAssertionBuilder implements Constants {
    *                          application used as input for wbPK computation;
    *                          maybe <code>null</code> if the application is a public service
    * @param oaURL public URL of online application requested
+   * @param gebDat The date of birth from the identity link.
+   * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
+   * 
    * @return String representation of authentication block 
    *          <code>&lt;saml:Assertion&gt;</code> built
+   *          
+   * @throws BuildException If an error occurs on serializing an extended SAML attribute 
+   *                        to be appended to the AUTH-Block.
    */
-  public String buildAuthBlock(String issuer, 
-                                String issueInstant, 
-                                String authURL, 
-                                String target,
-                                String identityLinkValue, 
-                                String identityLinkType,
-                                String oaURL, 
-                                String GebDat) 
+  public String buildAuthBlock(
+    String issuer, 
+    String issueInstant, 
+    String authURL, 
+    String target,
+    String identityLinkValue, 
+    String identityLinkType,
+    String oaURL, 
+    String gebDat,
+    List extendedSAMLAttributes)
+  throws BuildException
   {
     
     String gebeORwbpk = "";
@@ -97,8 +115,23 @@ public class AuthenticationBlockAssertionBuilder implements Constants {
         GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
     }
     
-    String assertion = MessageFormat.format(
-      AUTH_BLOCK, new Object[] { wbpkNSDeclaration, issuer, issueInstant, authURL, gebeORwbpk, oaURL, GebDat});
+    String assertion;
+    try {
+      assertion = MessageFormat.format(
+        AUTH_BLOCK, new Object[] { 
+          wbpkNSDeclaration, 
+          issuer, 
+          issueInstant, 
+          authURL, 
+          gebeORwbpk, 
+          oaURL, 
+          gebDat,
+          buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    } catch (ParseException e) {
+      Logger.error("Error on building AUTH-Block: " + e.getMessage());
+      throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+    }
+    
     return assertion;
     
   }
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 7e866089d..53520c846 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -1,10 +1,14 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import java.text.MessageFormat;
+import java.util.List;
 
 import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
 
 /**
  * Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
@@ -13,7 +17,7 @@ import at.gv.egovernment.moa.util.Constants;
  * @author Paul Ivancsics
  * @version $Id$
  */
-public class AuthenticationDataAssertionBuilder implements Constants {
+public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
   /** private static String NL contains the NewLine representation in Java*/
 	private static final String NL = "\n";
 	/**
@@ -38,11 +42,12 @@ public class AuthenticationDataAssertionBuilder implements Constants {
 	  "		<saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
 	  "			<saml:AttributeValue>{8}</saml:AttributeValue>" + NL +
 	  "		</saml:Attribute>" + NL +
-    "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
-    "     <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
-    "   </saml:Attribute>" + NL +
+      "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+      "     <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+      "   </saml:Attribute>" + NL +
 	  "{10}" + 
-    "{11}" +
+      "{11}" +
+      "{12}" +
 	  "	</saml:AttributeStatement>" + NL +
 	  "</saml:Assertion>";
 	/**
@@ -54,10 +59,10 @@ public class AuthenticationDataAssertionBuilder implements Constants {
 	  "			<saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
 	  "		</saml:Attribute>" + NL;
   
-  private static final String SIGNER_CERTIFICATE_ATT = 
-    "   <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
-    "     <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
-    "   </saml:Attribute>" + NL;
+    private static final String SIGNER_CERTIFICATE_ATT = 
+      "     <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+      "         <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+      "     </saml:Attribute>" + NL;
 	  
   /**
    * Constructor for AuthenticationDataAssertionBuilder.
@@ -92,7 +97,10 @@ public class AuthenticationDataAssertionBuilder implements Constants {
   	String xmlIdentityLink,
     String bkuURL,
     String signerCertificateBase64,
-    boolean businessService) throws BuildException {
+    boolean businessService,
+    List extendedSAMLAttributes) 
+  throws BuildException 
+  {
   		
   	String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
   	String publicAuthorityAttribute = "";
@@ -122,33 +130,27 @@ public class AuthenticationDataAssertionBuilder implements Constants {
       pkValue = authData.getBPK();
     }
     
-  	String assertion = MessageFormat.format(AUTH_DATA, new Object[] {
-  		authData.getAssertionID(), 
-  		authData.getIssuer(), 
-  		authData.getIssueInstant(), 
-      pkType,
-  		pkValue, 
-  		removeXMLDeclaration(xmlAuthBlock), 
-  		removeXMLDeclaration(xmlIdentityLink), 
-  		removeXMLDeclaration(xmlPersonData), 
-  		isQualifiedCertificate,
-      bkuURL,
-  		publicAuthorityAttribute,
-      signerCertificateAttribute}); 
+  	String assertion;
+    try {
+      assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+        authData.getAssertionID(), 
+        authData.getIssuer(), 
+        authData.getIssueInstant(), 
+        pkType,
+        pkValue, 
+        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
+        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
+        StringUtils.removeXMLDeclaration(xmlPersonData), 
+        isQualifiedCertificate,
+        bkuURL,
+        publicAuthorityAttribute,
+        signerCertificateAttribute,
+        buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    } catch (ParseException e) {
+      Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
+      throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
+    } 
     return assertion;
   }
-  
-  /**
-   * Removes the XML declaration from an XML expression.
-   * @param xmlString XML expression as String
-   * @return XML expression, XML declaration removed
-   */
-  private String removeXMLDeclaration(String xmlString) {
-    if (xmlString.startsWith("<?xml")) {
-      int firstElement = xmlString.indexOf("<", 1);
-      return xmlString.substring(firstElement);
-    }
-      else return xmlString;
-  }
 
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index 03895a38e..06c81f49e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -73,7 +73,7 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements
     
     try {
       String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8");
-      certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, 1);
+      certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, true, 1);
       return certInfoRequest;
     }
     catch (IOException ex) {
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 9baa71612..0d0595b69 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -26,6 +26,8 @@ public class GetIdentityLinkFormBuilder extends Builder {
   private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>";
   /** special tag in the HTML template to be substituted for the certificate info data URL */
   private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>";
+  /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+  private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
   /** private static int all contains the representation to replace all tags*/
   private static final int ALL = -1;
 
@@ -46,6 +48,9 @@ public class GetIdentityLinkFormBuilder extends Builder {
     "  <input type=\"hidden\" " + nl +
     "         name=\"DataURL\"" + nl +
     "         value=\"" + DATAURL_TAG + "\"/>" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"PushInfobox\"" + nl +
+    "         value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
     "  <input type=\"submit\" value=\"Anmeldung mit B&uuml;rgerkarte\"/>" + nl +
     "</form>" + nl +
     "<form name=\"CertificateInfoForm\"" + nl +
@@ -80,17 +85,24 @@ public class GetIdentityLinkFormBuilder extends Builder {
    * @param dataURL DataURL to be sent as a parameter in the form
    */
   public String build(
-  	String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL)
-    throws BuildException {
-      
+  	String htmlTemplate, 
+    String bkuURL, 
+    String xmlRequest, 
+    String dataURL, 
+    String certInfoXMLRequest, 
+    String certInfoDataURL, 
+    String pushInfobox)
+  throws BuildException 
+  {      
   	String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
 //    String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
-    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, ALL);
-    htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), ALL);
-    htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, ALL);
+    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+    htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+    htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+    htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
 //new:wird oben mitreplaced    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
-    htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), ALL);
-    htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, ALL);
+    htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
+    htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
   	return htmlForm;
   }
   /**
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
new file mode 100644
index 000000000..2d9837f9a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * This class provides one method for building parameters needed for 
+ * validating an infobox token.
+ * 
+ * @author Harald Bratko
+ */
+public class InfoboxValidatorParamsBuilder {
+
+  // hide the default constructor
+  private InfoboxValidatorParamsBuilder() {
+  }
+  
+  /**
+   * Builds the parameters passed to the validator class for validating an infobox token.
+   * 
+   * @param session                 The actual Authentication session.
+   * @param verifyInfoboxParameter  The configuration parameters for the infobox.
+   * @param infoboxTokenList        Contains the infobox token to be validated.
+   * 
+   * @return Parameters for validating an infobox token.
+   */
+  public static InfoboxValidatorParams buildInfoboxValidatorParams(
+    AuthenticationSession session, 
+    VerifyInfoboxParameter verifyInfoboxParameter,
+    List infoboxTokenList) 
+  {
+    InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
+    IdentityLink identityLink = session.getIdentityLink(); 
+    
+    // the infobox token to validate
+    infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
+    // configuration parameters
+    infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
+    infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
+    infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
+    // authentication session parameters
+    infoboxValidatorParams.setBkuURL(session.getBkuURL());
+    infoboxValidatorParams.setTarget(session.getTarget());
+    infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
+    // parameters from the identity link
+    infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
+    infoboxValidatorParams.setGivenName(identityLink.getGivenName());
+    infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
+    if (verifyInfoboxParameter.getProvideStammzahl()) {
+      infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
+    }
+    infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
+    infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
+    if (verifyInfoboxParameter.getProvideIdentityLink()) {
+      Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
+      if (!verifyInfoboxParameter.getProvideStammzahl()) {
+        Element identificationValueElem = 
+          (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+        if (identificationValueElem != null) {
+          identificationValueElem.getFirstChild().setNodeValue("");
+        }
+      }
+      infoboxValidatorParams.setIdentityLink(identityLinkElem);
+    }
+       
+    return infoboxValidatorParams;
+  }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
index 72ecb53af..312179e73 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
@@ -55,8 +55,8 @@ public class SelectBKUFormBuilder extends Builder {
     throws BuildException {
     
     String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
-    htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, 1);
-    htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, 1);
+    htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1);
+    htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1);
     return htmlForm;
   }
 
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index b98b87dee..e38ccc62a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -6,7 +6,7 @@ import java.io.InputStream;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
 
-import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -24,6 +24,8 @@ import at.gv.egovernment.moa.util.XPathUtils;
 public class VerifyXMLSignatureRequestBuilder {
   /** The MOA-Prefix */
   private static final String MOA = Constants.MOA_PREFIX + ":";
+  /** The DSIG-Prefix */
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
   /** the request as string */
   private String request;
   /** the request as DOM-Element */
@@ -53,7 +55,7 @@ public class VerifyXMLSignatureRequestBuilder {
           + "      <Base64Content>"
           + "      </Base64Content>"
           + "    </VerifySignatureEnvironment>"
-          + "    <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+          + "    <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
           + "  </VerifySignatureInfo>"
           + "  <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung
   +"     <ReferenceInfo>" + "     <VerifyTransformsInfoProfile/>"
@@ -160,7 +162,7 @@ public class VerifyXMLSignatureRequestBuilder {
         + "    <VerifySignatureEnvironment>"
         + "      <XMLContent xml:space=\"preserve\"/>"
         + "    </VerifySignatureEnvironment>"
-        + "    <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+        + "    <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
         + "  </VerifySignatureInfo>"
         + "  <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
         + "     <ReferenceInfo>";