MOA-ID version 1.1 (initial)

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d

1 files changed, 106 insertions, 0 deletions

diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
new file mode 100644
index 000000000..e596e79a4
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -0,0 +1,106 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * 
+ * This class is used to validate an {@link CreateXMLSignatureResponse} 
+ * returned by the security layer.
+ * This class implements the Singleton pattern.
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseValidator {
+
+  /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
+  private static final String SAML = Constants.SAML_PREFIX + ":";
+  /** Xpath prefix for reaching XML-DSIG Namespaces */
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  /** Xpath expression to the SAML:Assertion element */
+  private static final String  ROOT =  SAML + "Assertion";
+  /** Xpath expression to the SAML:NameIdentifier element */
+  private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = 
+     SAML + "AttributeStatement/" + SAML + "Subject/" + 
+     SAML + "NameIdentifier";
+  /** Xpath expression to the SAML:Attribute element */     
+  private static final String SAML_ATTRIBUTE_XPATH = 
+     ROOT + "/" + SAML + "AttributeStatement/" + SAML + "Attribute";
+  /** Xpath expression to the SAML:AttributeValue element */     
+  private static final String SAML_ATTRIBUTE_VALUE_XPATH = 
+     SAML + "AttributeValue";
+     
+     
+ /** Singleton instance. <code>null</code>, if none has been created. */
+  private static CreateXMLSignatureResponseValidator instance;
+
+  /**
+   * Constructor for a singleton CreateXMLSignatureResponseValidator.
+   * @return an instance of CreateXMLSignatureResponseValidator
+   * @throws ValidateException if no instance can be created
+   */
+   public static synchronized CreateXMLSignatureResponseValidator getInstance() 
+   throws ValidateException {
+   if (instance == null) {
+      instance = new CreateXMLSignatureResponseValidator();
+    }
+    return instance;
+  } 
+  
+  
+  /**
+   * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
+   * @param createXMLSignatureResponse
+   * @param gbTarget
+   * @param oaURL
+   * @throws ValidateException
+   */
+  public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, String gbTarget, String oaURL)
+  	throws ValidateException {
+      
+      // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
+      
+      XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH);
+       
+      SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes();
+      boolean foundOA = false;
+      boolean foundGB = false;
+      for (int i = 0; i < samlattributes.length; i++) 
+      {
+        if (samlattributes[i].getName().equals("Geschäftsbereich"))
+          if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#"))
+
+            {
+              foundGB = true;
+              if (!gbTarget.equals(samlattributes[i].getValue()))
+              {
+                throw new ValidateException("validator.13", null); 
+              }
+            }
+            else throw new ValidateException("validator.12", null); 
+        if (samlattributes[i].getName().equals("OA"))
+           if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#"))
+            {
+              foundOA = true;            
+              if (!oaURL.equals(samlattributes[i].getValue())) // CHECKS für die AttributeVALUES fehlen noch
+              {
+                throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()}); 
+              }
+              
+            }
+           else throw new ValidateException("validator.15", null); 
+      }      
+      if (!foundOA) throw new ValidateException("validator.14", null); 
+      if (!foundGB) throw new ValidateException("validator.11", null);
+  
+     //Check if dsig:Signature exists
+     Element dsigSignature = (Element) XPathUtils.selectSingleNode(createXMLSignatureResponse.getSamlAssertion(),DSIG + "Signature");
+     if (dsigSignature==null) throw new ValidateException("validator.05", null);
+  
+    
+  }
+}