aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/auth
diff options
context:
space:
mode:
authorharald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-01-10 15:37:52 +0000
committerharald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-01-10 15:37:52 +0000
commit7bba49753c8a44fade100d3676ab0a62372d44e1 (patch)
tree2bb52651b46ea2e85ad7f08ad0759180a2057a9f /id.server/src/at/gv/egovernment/moa/id/auth
parent006abfa4f5064a905b14618708768e3aa295f264 (diff)
downloadmoa-id-spss-7bba49753c8a44fade100d3676ab0a62372d44e1.tar.gz
moa-id-spss-7bba49753c8a44fade100d3676ab0a62372d44e1.tar.bz2
moa-id-spss-7bba49753c8a44fade100d3676ab0a62372d44e1.zip
Adapted for MOA-ID 1.4 (validating additional infoboxes).
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@769 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java261
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java88
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java107
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java74
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java28
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java78
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java4
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java8
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java81
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java73
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java137
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java65
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java129
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java159
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java326
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java26
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java63
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java9
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java157
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java40
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java71
25 files changed, 1855 insertions, 137 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 8359623b1..cd4b26df3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -10,8 +10,10 @@ import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.Vector;
import javax.xml.transform.TransformerException;
@@ -23,36 +25,42 @@ import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.OAParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -65,7 +73,6 @@ import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.OutputXML2File;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -338,6 +345,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
ex);
}
}
+ String pushInfobox = "";
+ VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
+ if (verifyInfoboxParameters != null) {
+ pushInfobox = verifyInfoboxParameters.getPushInfobox();
+ }
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12());
String certInfoDataURL =
new DataURLBuilder().buildDataURL(
@@ -351,7 +363,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
infoboxReadRequest,
dataURL,
certInfoRequest,
- certInfoDataURL);
+ certInfoDataURL,
+ pushInfobox);
return htmlForm;
}
/**
@@ -363,6 +376,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Verifies identity link by calling the MOA SP component</li>
* <li>Checks certificate authority of identity link</li>
* <li>Stores identity link in the session</li>
+ * <li>Verifies all additional infoboxes returned from the BKU</li>
* <li>Creates an authentication block to be signed by the user</li>
* <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
* containg the authentication block, meant to be returned to the
@@ -370,13 +384,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* </ul>
*
* @param sessionID ID of associated authentication session data
- * @param xmlInfoboxReadResponse String representation of the
- * <code>&lt;InfoboxReadResponse&gt;</code>
+ * @param infoboxReadResponseParameters The parameters from the response returned from
+ * the BKU including the <code>&lt;InfoboxReadResponse&gt;</code>
* @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse)
+ public String verifyIdentityLink(String sessionID, Map infoboxReadResponseParameters)
throws
AuthenticationException,
+ BuildException,
ParseException,
ConfigurationException,
ValidateException,
@@ -384,8 +399,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (isEmpty(sessionID))
throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+
+ String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE);
if (isEmpty(xmlInfoboxReadResponse))
throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
+
AuthenticationSession session = getSession(sessionID);
if (session.getTimestampIdentityLink() != null)
throw new AuthenticationException("auth.01", new Object[] { sessionID });
@@ -427,6 +445,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
ignoreManifestValidationResult);
session.setIdentityLink(identityLink);
+ // now validate the extended infoboxes
+ verifyInfoboxes(session, infoboxReadResponseParameters);
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session);
// session.setAuthBlock(authBlock);
@@ -446,29 +466,222 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
* @param session authentication session
+ *
* @return <code>&lt;saml:Assertion&gt;</code> as a String
+ *
+ * @throws BuildException If an error occurs on serializing an extended SAML attribute
+ * to be appended to the AUTH-Block.
*/
- private String buildAuthenticationBlock(AuthenticationSession session) {
+ private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
String identificationValue = identityLink.getIdentificationValue();
String identificationType = identityLink.getIdentificationType();
String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
String oaURL = session.getPublicOAURLPrefix();
- String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(issuer,
- issueInstant,
- authURL,
- target,
- identificationValue,
- identificationType,
- oaURL,
- gebDat);
+ List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(
+ issuer,
+ issueInstant,
+ authURL,
+ target,
+ identificationValue,
+ identificationType,
+ oaURL,
+ gebDat,
+ extendedSAMLAttributes);
return authBlock;
}
+
+ /**
+ * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by
+ * calling appropriate validator classes.
+ *
+ * @param session The actual authentication session.
+ * @param infoboxReadResponseParams The parameters returned from the BKU as response
+ * to an infobox read request (including the infobox
+ * tokens to be verified).
+ *
+ * @throws AuthenticationException If the verification of at least one infobox fails.
+ * @throws ConfigurationException If the OAuthParameter cannot be extracted.
+ */
+ private void verifyInfoboxes(
+ AuthenticationSession session, Map infoboxReadResponseParams)
+ throws ValidateException, ConfigurationException
+ {
+
+ AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance();
+ // get the default VerifyInfobox parameters
+ Map defaultInfoboxParameters = null;
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters =
+ authConfigurationProvider.getDefaultVerifyInfoboxParameters();
+ if (defaultVerifyInfoboxParameters != null) {
+ defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
+ }
+ // get the OA specific VerifyInfobox parameters
+ Map infoboxParameters = null;
+ OAAuthParameter oaParam =
+ authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
+ if (verifyInfoboxParameters != null) {
+ Vector authAttributes = new Vector();
+ Vector oaAttributes = new Vector();
+ infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
+ // get the list of infobox identifiers
+ List identifiers = verifyInfoboxParameters.getIdentifiers();
+ if (identifiers != null) {
+ // step through the identifiers and verify the infoboxes
+ Iterator it = identifiers.iterator();
+ while (it.hasNext()) {
+ String identifier = (String)it.next();
+ // get the infobox read response from the map of parameters
+ String infoboxReadResponse = (String)infoboxReadResponseParams.get(identifier);
+ // get the configuration parameters
+ VerifyInfoboxParameter verifyInfoboxParameter = null;
+ Object object = infoboxParameters.get(identifier);
+ // if not present, use default
+ if ((object == null) && (defaultInfoboxParameters != null)) {
+ object = defaultInfoboxParameters.get(identifier);
+ }
+ if (object != null) {
+ verifyInfoboxParameter = (VerifyInfoboxParameter)object;
+ }
+ if (infoboxReadResponse != null) {
+ if (verifyInfoboxParameter == null) {
+ // should not happen because of the pushinfobox mechanism; check it anyway
+ Logger.error("No validator for verifying \"" + identifier + "\"-infobox configured.");
+ throw new ValidateException("validator.41", new Object[] {identifier});
+ } else {
+ String friendlyName = verifyInfoboxParameter.getFriendlyName();
+ // get the class for validating the infobox
+ InfoboxValidator infoboxValidator = null;
+ try {
+ Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName());
+ infoboxValidator = (InfoboxValidator) validatorClass.newInstance();
+ } catch (Exception e) {
+ Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
+ "\" for \"" + identifier + "\"-infobox: " + e.getMessage());
+ throw new ValidateException("validator.42", new Object[] {friendlyName});
+ }
+ Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
+ "\" for \"" + identifier + "\"-infobox.");
+ // parse the infobox read reponse
+ List infoboxTokenList = null;
+ try {
+ infoboxTokenList =
+ ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName);
+ } catch (ParseException e) {
+ Logger.error("InfoboxReadResponse for \"" + identifier +
+ "\"-infobox could not be parsed successfully: " + e.getMessage());
+ throw new ValidateException("validator.43", new Object[] {friendlyName});
+ }
+ // build the parameters for validating the infobox
+ InfoboxValidatorParams infoboxValidatorParams =
+ InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams(
+ session, verifyInfoboxParameter, infoboxTokenList);
+ // now validate the infobox
+ boolean infoboxValid = false;
+ try {
+ infoboxValid = infoboxValidator.validate(infoboxValidatorParams);
+ } catch (ValidateException e) {
+ Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
+ throw new ValidateException(
+ "validator.44", new Object[] {friendlyName});
+ }
+ if (!infoboxValid) {
+ Logger.info("Validation of " + identifier + " infobox failed.");
+ throw new ValidateException(
+ "validator.40", new Object[] {friendlyName, infoboxValidator.getErrorMessage()});
+ }
+
+ Logger.info(identifier + " infobox successfully validated.");
+
+ // get the SAML attributes to be appended to the AUTHBlock or to the final
+ // SAML Assertion
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidator.getExtendedSamlAttributes();
+ if (extendedSAMLAttributes != null) {
+ int length = extendedSAMLAttributes.length;
+ for (int i=0; i<length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+ String name = samlAttribute.getName();
+ if (name == null) {
+ Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"});
+ }
+ if (name == "") {
+ Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is empty.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"});
+ }
+ if (samlAttribute.getNameSpace() == null) {
+ Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"});
+ }
+ Object value = samlAttribute.getValue();
+ if (value == null) {
+ Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
+ }
+ if ((value instanceof String) || (value instanceof Element)) {
+
+ switch (samlAttribute.getAddToAUTHBlock()) {
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+ authAttributes.add(samlAttribute);
+ oaAttributes.add(samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+ authAttributes.add(samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
+ oaAttributes.add(samlAttribute);
+ break;
+ default:
+ Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
+ + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number "
+ + (i+1) + " for infobox " + identifier);
+ throw new ValidateException(
+ "validator.47", new Object[] {friendlyName, String.valueOf((i+1))});
+ }
+ } else {
+ Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" +
+ " or \"org.w3c.dom.Element\"");
+ throw new ValidateException(
+ "validator.46", new Object[] {identifier, String.valueOf((i+1))});
+
+ }
+ }
+
+ }
+ }
+ } else {
+ if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) {
+ Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU");
+ throw new ValidateException(
+ "validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()});
+
+ }
+ Logger.debug("Infobox \"" + identifier + "\" not returned from BKU.");
+ }
+ }
+ session.setExtendedSAMLAttributesAUTH(authAttributes);
+ session.setExtendedSAMLAttributesOA(oaAttributes);
+ }
+ }
+ }
+
/**
* Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
* security layer implementation.<br>
@@ -630,13 +843,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
String samlAssertion =
- new AuthenticationDataAssertionBuilder().build(authData,
- prPerson,
- authBlock,
- ilAssertion,
- session.getBkuURL(),
- signerCertificateBase64,
- businessService);
+ new AuthenticationDataAssertionBuilder().build(
+ authData,
+ prPerson,
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ businessService,
+ session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
return authData;
} catch (Throwable ex) {
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
new file mode 100644
index 000000000..241cf0afc
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -0,0 +1,88 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.text.MessageFormat;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Base class for building authentication the AUTHBlock and final OA data SAML assertions.
+ * Encapsulates methods used by the two specific builders
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder AuthenticationBlockAssertionBuilder}
+ * and
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder AuthenticationDataAssertionBuilder}
+ *
+ * @author Harald Bratko
+ */
+public class AuthenticationAssertionBuilder {
+
+ /** the NewLine representation in Java*/
+ protected static String NL = "\n";
+
+ protected static String SAML_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
+ " <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>"+ NL;
+
+ /**
+ * Empty constructor
+ */
+ public AuthenticationAssertionBuilder() {
+ }
+
+ /**
+ * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
+ * delivered to the online application.
+ * The method traverses through the list of given SAML attribute objects and builds an
+ * XML structure (String representation) for each of the attributes.
+ *
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
+ * to the SAML assertion delivered to the online application.
+ * @return A string representation including the XML structures of
+ * the SAML attributes.
+ *
+ * @throws ParseException If an error occurs on serializing an SAML attribute.
+ */
+ protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException
+ {
+ StringBuffer sb = new StringBuffer();
+ if (extendedSAMLAttributes!=null) {
+ Iterator it = extendedSAMLAttributes.iterator();
+ while (it.hasNext()) {
+ ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+ Object value = extendedSAMLAttribute.getValue();
+ String name = extendedSAMLAttribute.getName();
+ String namespace = extendedSAMLAttribute.getNameSpace();
+ if (value instanceof String) {
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value}));
+ } else if (value instanceof Element) {
+ try {
+ String serializedValue = DOMUtils.serializeNode((Element)(value));
+ serializedValue = StringUtils.removeXMLDeclaration(serializedValue);
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, serializedValue}));
+ } catch (TransformerException e) {
+ Logger.error("Error on serializing SAML attribute \"" + name +
+ " (namespace: \"" + namespace + "\".");
+ throw new ParseException("parser.05", new Object[] { name, namespace});
+ } catch (IOException e) {
+ Logger.error("Error on serializing SAML attribute \"" + name +
+ " (namespace: \"" + namespace + "\".");
+ throw new ParseException("parser.05", new Object[] { name, namespace});
+ }
+ }
+ }
+ }
+ return sb.toString();
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index b1fe0a6df..ef50acb3f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -1,7 +1,11 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
+import java.util.List;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
/**
@@ -11,41 +15,46 @@ import at.gv.egovernment.moa.util.Constants;
* @author Paul Ivancsics
* @version $Id$
*/
-public class AuthenticationBlockAssertionBuilder implements Constants {
- /** the NewLine representation in Java*/
- private static String nl = "\n";
+public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+
/** template for the Auth-Block */
private static String AUTH_BLOCK =
- "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + nl +
- " <saml:AttributeStatement>" + nl +
- " <saml:Subject>" + nl +
- " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + nl +
- " </saml:Subject>" + nl +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + NL +
+ " </saml:Subject>" + NL +
"{4}" +
- " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>{5}</saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl +
- " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>{6}</saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl +
- " </saml:AttributeStatement>" + nl +
+ " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{5}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{7}" +
+ " </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
private static String GESCHAEFTS_BEREICH_ATTRIBUTE =
- " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>{0}</saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl;
+ " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
private static String WBPK_ATTRIBUTE =
- " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
- " <saml:AttributeValue>" + nl +
- " <pr:Identification>" + nl +
- " <pr:Value>{0}</pr:Value>" + nl +
- " <pr:Type>{1}</pr:Type>" + nl +
- " </pr:Identification>" + nl +
- " </saml:AttributeValue>" + nl +
- " </saml:Attribute>" + nl;
-
+ " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>" + NL +
+ " <pr:Identification>" + NL +
+ " <pr:Value>{0}</pr:Value>" + NL +
+ " <pr:Type>{1}</pr:Type>" + NL +
+ " </pr:Identification>" + NL +
+ " </saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
+ /**
+ * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
+ */
+ public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+
/**
* Constructor for AuthenticationBlockAssertionBuilder.
*/
@@ -73,17 +82,26 @@ public class AuthenticationBlockAssertionBuilder implements Constants {
* application used as input for wbPK computation;
* maybe <code>null</code> if the application is a public service
* @param oaURL public URL of online application requested
+ * @param gebDat The date of birth from the identity link.
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
+ *
* @return String representation of authentication block
* <code>&lt;saml:Assertion&gt;</code> built
+ *
+ * @throws BuildException If an error occurs on serializing an extended SAML attribute
+ * to be appended to the AUTH-Block.
*/
- public String buildAuthBlock(String issuer,
- String issueInstant,
- String authURL,
- String target,
- String identityLinkValue,
- String identityLinkType,
- String oaURL,
- String GebDat)
+ public String buildAuthBlock(
+ String issuer,
+ String issueInstant,
+ String authURL,
+ String target,
+ String identityLinkValue,
+ String identityLinkType,
+ String oaURL,
+ String gebDat,
+ List extendedSAMLAttributes)
+ throws BuildException
{
String gebeORwbpk = "";
@@ -97,8 +115,23 @@ public class AuthenticationBlockAssertionBuilder implements Constants {
GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
}
- String assertion = MessageFormat.format(
- AUTH_BLOCK, new Object[] { wbpkNSDeclaration, issuer, issueInstant, authURL, gebeORwbpk, oaURL, GebDat});
+ String assertion;
+ try {
+ assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] {
+ wbpkNSDeclaration,
+ issuer,
+ issueInstant,
+ authURL,
+ gebeORwbpk,
+ oaURL,
+ gebDat,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ } catch (ParseException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+
return assertion;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 7e866089d..53520c846 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -1,10 +1,14 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
+import java.util.List;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
/**
* Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
@@ -13,7 +17,7 @@ import at.gv.egovernment.moa.util.Constants;
* @author Paul Ivancsics
* @version $Id$
*/
-public class AuthenticationDataAssertionBuilder implements Constants {
+public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
/** private static String NL contains the NewLine representation in Java*/
private static final String NL = "\n";
/**
@@ -38,11 +42,12 @@ public class AuthenticationDataAssertionBuilder implements Constants {
" <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
" <saml:AttributeValue>{8}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
- " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
"{10}" +
- "{11}" +
+ "{11}" +
+ "{12}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
/**
@@ -54,10 +59,10 @@ public class AuthenticationDataAssertionBuilder implements Constants {
" <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
- private static final String SIGNER_CERTIFICATE_ATT =
- " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL;
+ private static final String SIGNER_CERTIFICATE_ATT =
+ " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
/**
* Constructor for AuthenticationDataAssertionBuilder.
@@ -92,7 +97,10 @@ public class AuthenticationDataAssertionBuilder implements Constants {
String xmlIdentityLink,
String bkuURL,
String signerCertificateBase64,
- boolean businessService) throws BuildException {
+ boolean businessService,
+ List extendedSAMLAttributes)
+ throws BuildException
+ {
String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
String publicAuthorityAttribute = "";
@@ -122,33 +130,27 @@ public class AuthenticationDataAssertionBuilder implements Constants {
pkValue = authData.getBPK();
}
- String assertion = MessageFormat.format(AUTH_DATA, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- pkType,
- pkValue,
- removeXMLDeclaration(xmlAuthBlock),
- removeXMLDeclaration(xmlIdentityLink),
- removeXMLDeclaration(xmlPersonData),
- isQualifiedCertificate,
- bkuURL,
- publicAuthorityAttribute,
- signerCertificateAttribute});
+ String assertion;
+ try {
+ assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ } catch (ParseException e) {
+ Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
+ }
return assertion;
}
-
- /**
- * Removes the XML declaration from an XML expression.
- * @param xmlString XML expression as String
- * @return XML expression, XML declaration removed
- */
- private String removeXMLDeclaration(String xmlString) {
- if (xmlString.startsWith("<?xml")) {
- int firstElement = xmlString.indexOf("<", 1);
- return xmlString.substring(firstElement);
- }
- else return xmlString;
- }
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index 03895a38e..06c81f49e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -73,7 +73,7 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements
try {
String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8");
- certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, 1);
+ certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, true, 1);
return certInfoRequest;
}
catch (IOException ex) {
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 9baa71612..0d0595b69 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -26,6 +26,8 @@ public class GetIdentityLinkFormBuilder extends Builder {
private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>";
/** special tag in the HTML template to be substituted for the certificate info data URL */
private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>";
+ /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+ private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
/** private static int all contains the representation to replace all tags*/
private static final int ALL = -1;
@@ -46,6 +48,9 @@ public class GetIdentityLinkFormBuilder extends Builder {
" <input type=\"hidden\" " + nl +
" name=\"DataURL\"" + nl +
" value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"PushInfobox\"" + nl +
+ " value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
" <input type=\"submit\" value=\"Anmeldung mit B&uuml;rgerkarte\"/>" + nl +
"</form>" + nl +
"<form name=\"CertificateInfoForm\"" + nl +
@@ -80,17 +85,24 @@ public class GetIdentityLinkFormBuilder extends Builder {
* @param dataURL DataURL to be sent as a parameter in the form
*/
public String build(
- String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL)
- throws BuildException {
-
+ String htmlTemplate,
+ String bkuURL,
+ String xmlRequest,
+ String dataURL,
+ String certInfoXMLRequest,
+ String certInfoDataURL,
+ String pushInfobox)
+ throws BuildException
+ {
String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
- htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, ALL);
- htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), ALL);
- htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, ALL);
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
- htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), ALL);
- htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, ALL);
+ htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
return htmlForm;
}
/**
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
new file mode 100644
index 000000000..2d9837f9a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * This class provides one method for building parameters needed for
+ * validating an infobox token.
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxValidatorParamsBuilder {
+
+ // hide the default constructor
+ private InfoboxValidatorParamsBuilder() {
+ }
+
+ /**
+ * Builds the parameters passed to the validator class for validating an infobox token.
+ *
+ * @param session The actual Authentication session.
+ * @param verifyInfoboxParameter The configuration parameters for the infobox.
+ * @param infoboxTokenList Contains the infobox token to be validated.
+ *
+ * @return Parameters for validating an infobox token.
+ */
+ public static InfoboxValidatorParams buildInfoboxValidatorParams(
+ AuthenticationSession session,
+ VerifyInfoboxParameter verifyInfoboxParameter,
+ List infoboxTokenList)
+ {
+ InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
+ IdentityLink identityLink = session.getIdentityLink();
+
+ // the infobox token to validate
+ infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
+ // configuration parameters
+ infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
+ infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
+ infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
+ // authentication session parameters
+ infoboxValidatorParams.setBkuURL(session.getBkuURL());
+ infoboxValidatorParams.setTarget(session.getTarget());
+ infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
+ // parameters from the identity link
+ infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
+ infoboxValidatorParams.setGivenName(identityLink.getGivenName());
+ infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
+ if (verifyInfoboxParameter.getProvideStammzahl()) {
+ infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
+ }
+ infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
+ infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
+ if (verifyInfoboxParameter.getProvideIdentityLink()) {
+ Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
+ if (!verifyInfoboxParameter.getProvideStammzahl()) {
+ Element identificationValueElem =
+ (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ if (identificationValueElem != null) {
+ identificationValueElem.getFirstChild().setNodeValue("");
+ }
+ }
+ infoboxValidatorParams.setIdentityLink(identityLinkElem);
+ }
+
+ return infoboxValidatorParams;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
index 72ecb53af..312179e73 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
@@ -55,8 +55,8 @@ public class SelectBKUFormBuilder extends Builder {
throws BuildException {
String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
- htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, 1);
- htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, 1);
+ htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1);
+ htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1);
return htmlForm;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index b98b87dee..e38ccc62a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -6,7 +6,7 @@ import java.io.InputStream;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
-import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -24,6 +24,8 @@ import at.gv.egovernment.moa.util.XPathUtils;
public class VerifyXMLSignatureRequestBuilder {
/** The MOA-Prefix */
private static final String MOA = Constants.MOA_PREFIX + ":";
+ /** The DSIG-Prefix */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
/** the request as string */
private String request;
/** the request as DOM-Element */
@@ -53,7 +55,7 @@ public class VerifyXMLSignatureRequestBuilder {
+ " <Base64Content>"
+ " </Base64Content>"
+ " </VerifySignatureEnvironment>"
- + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
+ " </VerifySignatureInfo>"
+ " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung
+" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>"
@@ -160,7 +162,7 @@ public class VerifyXMLSignatureRequestBuilder {
+ " <VerifySignatureEnvironment>"
+ " <XMLContent xml:space=\"preserve\"/>"
+ " </VerifySignatureEnvironment>"
- + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
+ " </VerifySignatureInfo>"
+ " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
+ " <ReferenceInfo>";
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 74e31e45e..50d15007e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.auth.data;
import java.util.Date;
+import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -12,6 +13,9 @@ import at.gv.egovernment.moa.util.Constants;
* @version $Id$
*/
public class AuthenticationSession {
+
+ private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
+
/**
* session ID
*/
@@ -63,7 +67,22 @@ public class AuthenticationSession {
*/
private boolean businessService;
- private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
+ /**
+ * SAML attributes from an extended infobox validation to be appended
+ * to the SAML assertion delivered to the final online application.
+ */
+ private List extendedSAMLAttributesOA;
+
+ /**
+ * SAML attributes from an extended infobox validation to be appended
+ * to the SAML assertion of the AUTHBlock.
+ */
+ private List extendedSAMLAttributesAUTH;
+
+ /**
+ * The issuing time of the AUTH-Block SAML assertion.
+ */
+ private String issueInstant;
/**
* Constructor for AuthenticationSession.
@@ -273,4 +292,64 @@ public class AuthenticationSession {
templateURL = string;
}
+ /**
+ * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ */
+ public List getExtendedSAMLAttributesAUTH() {
+ return extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the AUTHBlock.
+ *
+ * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock.
+ */
+ public void setExtendedSAMLAttributesAUTH(
+ List extendedSAMLAttributesAUTH) {
+ this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Returns the SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application
+ */
+ public List getExtendedSAMLAttributesOA() {
+ return extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application.
+ *
+ * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML
+ * assertion delivered to the online application.
+ */
+ public void setExtendedSAMLAttributesOA(
+ List extendedSAMLAttributesOA) {
+ this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * Sets the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @param issueInstant The issueInstant to set.
+ */
+ public void setIssueInstant(String issueInstant) {
+ this.issueInstant = issueInstant;
+ }
+
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
new file mode 100644
index 000000000..795079227
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * A SAML-Attribute to be appended to the final SAML-Assertion
+ * that will be passed to the online application.
+ */
+public interface ExtendedSAMLAttribute {
+ /**
+ * Add this attribute only to the SAML-Assertion
+ * passed to the online application, but not to
+ * the AUTH-Block.
+ */
+ public final static int NOT_ADD_TO_AUTHBLOCK = 0;
+ /**
+ * Add this attribute to both, the AUTH-Block and the
+ * final SAML-Assertion passed to the online application.
+ */
+ public final static int ADD_TO_AUTHBLOCK = 1;
+ /**
+ * Add this attribute to only the AUTH-Block, but not
+ * to the final SAML-Assertion passed to the online application.
+ */
+ public final static int ADD_TO_AUTHBLOCK_ONLY = 2;
+
+ /**
+ * The value of the SAML-Attribute. This must be either a
+ * <code>org.w3c.Element</code> or a <code>java.lang.String</code>
+ * object. Each other type will be ignored. <br>
+ * If, for example, the type of the actual SAML-Attribute is a
+ * <code>&lt;xsd:boolean&gt;</code> the value must be either the String
+ * <code>&quot;true&quot;</code> or <code>&quot;false&quot;</code>.
+ * Or the <code>&lt;xsd:integer&gt;</code> number <code>273</code>
+ * has to be the String <code>&quot;273&quot;</code>.
+ *
+ * @return The value of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public Object getValue();
+
+ /**
+ * The name of the SAML-Attribute.
+ *
+ * @return The name of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public String getName();
+
+ /**
+ * The namespace of the SAML-Attribute.
+ * An application will use the context specific namespace URI for the attribute it returns.
+ * However, if the application cannot explicitely assign a namespace URI, the
+ * {@link at.gv.egovernment.moa.util.Constants#MOA_NS_URI default} MOA namespace URI
+ * should be used.
+ *
+ * @return The namespace of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public String getNameSpace();
+
+ /**
+ * Specifies if this SAML-Attribute should be added to the AUTH-Block.
+ * <br>
+ * Depending on the returned value, this SAML-Attribute should be only added to the
+ * final SAML-Assertion passed to the online application (0), to both, the final
+ * assertion and the AUTH-Block (1) or to the AUTH-Block only (2).
+ *
+ * @return <ul>
+ * <li>0 - add this SAML-Attribute to the final SAML-Assertion only</li>
+ * <li>1 - add this SAML-Attribute to both, the final SAML-Assertion and the
+ * AUTH-Block</li>
+ * <li>2 - add this SAML-Attribute to the AUTH-Block only
+ * </ul>
+ */
+ public int getAddToAUTHBlock();
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
new file mode 100644
index 000000000..9aedd86e6
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -0,0 +1,137 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * This class contains SAML attributes to be appended to the SAML assertion delivered to
+ * the Online application.
+ *
+ * @author Harald Bratko
+ */
+public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute {
+
+ /**
+ * The value of this SAML attribute. Must be either of type <code>java.lang.String</code>
+ * or <code>org.w3c.Element</code>.
+ */
+ private Object value_;
+
+ /**
+ * The name of this SAML attribute.
+ */
+ private String name_;
+
+ /**
+ * The namespace URI of this SAML attribute.
+ */
+ private String namespace_;
+
+ /**
+ * Specifies whether this SAML attribute should be appended to AUTH Block.
+ */
+ private int addToAUTHBlock_;
+
+ /**
+ * Sets this ExtendedSAMLAttribute.
+ * @param name The name of this SAML Attribute.
+ * @param value The value of this SAML Attribute. Must be either of type
+ * <code>java.lang.String</code> or <code>org.w3c.dom.Element</code>.
+ * @param namespace The namespace of this SAML Attribute.
+ * @param addToAUTHBlock Specifies if this SAML Attribute should be added to the AUTHBlock.
+ * The following values are allowed:
+ * <ul>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * </li>
+ * </ul>
+ *
+ */
+ public ExtendedSAMLAttributeImpl(String name, Object value, String namespace, int addToAUTHBlock) {
+ name_ = name;
+ value_ = value;
+ namespace_ = namespace;
+ addToAUTHBlock_ = addToAUTHBlock;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue()
+ */
+ public Object getValue() {
+ return value_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName()
+ */
+ public String getName() {
+ return name_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace()
+ */
+ public String getNameSpace() {
+ return namespace_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
+ */
+ public int getAddToAUTHBlock() {
+ return addToAUTHBlock_;
+ }
+
+ /**
+ * Specifies if this SAML Attribute should be added to the AUTHBlock.
+ *
+ * @param addToAUTHBlock One of the following values:
+ * <ul>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * </li>
+ * </ul>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK)
+ */
+ public void setAddToAUTHBlock(int addToAUTHBlock) {
+ addToAUTHBlock_ = addToAUTHBlock;
+ }
+
+ /**
+ * Sets the name of this SAML attribute.
+ *
+ * @param name The name of this SAML attribute.
+ */
+ public void setName(String name) {
+ name_ = name;
+ }
+
+ /**
+ * Sets the namespace of this SAML attribute.
+ *
+ * @param namespace The namespace to set.
+ */
+ public void setNamespace(String namespace) {
+ namespace_ = namespace;
+ }
+
+ /**
+ * Sets the value of this SAML attribute.
+ *
+ * @param value The value of this SAML Attribute. Must be either of type
+ * <code>java.lang.String</code> or <code>org.w3c.dom.Element</code>.
+ */
+ public void setValue(Object value) {
+ value_ = value;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
new file mode 100644
index 000000000..6b1f24aba
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * Contains an infobox token included in an <code>InfoboxReadResponse</code>.
+ * Depending on whether the token is extracted from an <code>XMLContent</code> or a
+ * <code>Base64Content</code> it is either returned as DOM element
+ * ({@link #getXMLToken()}) or base64 encoded string ({@link #getBase64Token()}).
+ *
+ * @author Harald Bratko
+ */
+public interface InfoboxToken {
+
+ /**
+ * The key of the corresponding infobox.
+ * This is the value of <code>Key</code> attribute of the <code>&lt;Pair&gt;</code> child
+ * element in an <code>&lt;AssocArrayData&gt;</code> content of an InfoboxReadResponse.
+ * Maybe <code>null</code> if the InfoboxReadResponse conatains <code>BinaryFileData</code>.
+ *
+ *
+ * @return The key identifier of the corresponding infobox.
+ */
+ public String getKey();
+
+ /**
+ * Specifies if this token is the first token (e.g in an array of tokens) included in an
+ * <code>InfoboxReadResponse</code>. If <code>true</code> this token is the token to be
+ * validated by a corresponding
+ * {@link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator InfoboxValidator}.
+ * If <code>false</code> this token maybe needed to validate the primary token.
+ *
+ * @return <code>True</code> if this token is the first token.
+ */
+ public boolean isPrimary();
+
+ /**
+ * Returns the infobox token.
+ * Maybe <code>null</code> if the token is returned by method {@link #getBase64Token()}
+ * as base64 encoded string.
+ * <br>
+ * Note that this token is <code><i><b>not</b></i></code> validated against the
+ * application specific schema (e.g. Mandates schema in the mandates context).
+ * Thus the validating application <code><i><b>has to</b></i></code> validate the token
+ * against the appropriate schema.
+ *
+ * @return The infobox token. If <code>null</code> the token is returned by method
+ * {@link #getBase64Token()} as base64 encoded string.
+ */
+ public Element getXMLToken();
+
+ /**
+ * Returns the infobox token.
+ * Maybe <code>null</code> if the token is returned by method {@link #getXMLToken()}
+ * as a DOM element.
+ * <br>
+ * Note, that the base64 encoded string actually may include more than one infobox
+ * elements.
+ *
+ * @return The infobox token. If <code>null</code> the token is returned by method
+ * {@link #getBase64Token()} as base64 encoded string.
+ */
+ public String getBase64Token();
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
new file mode 100644
index 000000000..f1ff30a8a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
@@ -0,0 +1,129 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * This class contains an infobox token.
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxTokenImpl implements InfoboxToken {
+
+ /**
+ * The key of the infobox token.
+ */
+ private String key_;
+
+ /**
+ * Specifies whether this token is the primary (first in an array) token.
+ */
+ private boolean primary_;
+
+ /**
+ * The infobox token.
+ */
+ private Element xmlToken_;
+
+ /**
+ * The base64 encoded infobox token.
+ */
+ private String base64Token_;
+
+ /**
+ * Sets an XML infobox token.
+ *
+ * @param key The key of the infobox token.
+ * @param primary <code>True</code> this token is the primary (e.g .first in an array)
+ * token, otherwise <code>false</code>
+ * @param xmlToken The infobox token.
+ */
+ public InfoboxTokenImpl(String key, boolean primary, Element xmlToken) {
+ key_ = key;
+ primary_ = primary;
+ xmlToken_ = xmlToken;
+ base64Token_ = null;
+ }
+
+ /**
+ * Sets a base64 encoded infobox token.
+ *
+ * @param key The key of the infobox token.
+ * @param primary <code>True</code> this token is the primary (e.g .first in an array)
+ * token, otherwise <code>false</code>
+ * @param base64Token The base64 encoded infobox token.
+ */
+ public InfoboxTokenImpl(String key, boolean primary, String base64Token) {
+ key_ = key;
+ primary_ = primary;
+ base64Token_ = base64Token;
+ xmlToken_ = null;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getKey()
+ */
+ public String getKey() {
+ return key_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#isPrimary()
+ */
+ public boolean isPrimary() {
+ return primary_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getXMLToken()
+ */
+ public Element getXMLToken() {
+ return xmlToken_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getBase64Token()
+ */
+ public String getBase64Token() {
+ return base64Token_;
+ }
+
+ /**
+ * Sets the key of the infobox token.
+ *
+ * @param key The key of the infobox token.
+ */
+ public void setKey(String key) {
+ key_ = key;
+ }
+
+ /**
+ * Specifies whether this token is the primary (e.g. first in an array) token.
+ *
+ * @param primary <code>True</code> this token is the primary (e.g .first in an array)
+ * token, otherwise <code>false</code>.
+ */
+ public void setPrimary(boolean primary) {
+ primary_ = primary;
+ }
+
+ /**
+ * Sets the base64 encoded token.
+ *
+ * @param base64Token The base64 encoded token.
+ */
+ public void setBase64Token(String base64Token) {
+ base64Token_ = base64Token;
+ }
+
+ /**
+ * Sets the infobox token.
+ *
+ * @param xmlToken The infobox token.
+ */
+ public void setXmlToken(Element xmlToken) {
+ xmlToken_ = xmlToken;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
new file mode 100644
index 000000000..26070dc51
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
@@ -0,0 +1,159 @@
+
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.PublicKey;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+/**
+ * Parameters for validating an infobox.
+ *
+ * This interface is used by MOA-ID to provide parameters to an
+ * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator
+ * InfoboxValidator}.
+ *
+ * @author Harald Bratko
+ */
+public interface InfoboxValidatorParams {
+
+ /**
+ * Returns a list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects. The first token in this list is the one to be validated. Each further token
+ * maybe needed to validate this first token.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects.
+ */
+ public List getInfoboxTokenList();
+
+ /**
+ * Returns the ID of the trust profile to be used for validating
+ * certificates. Maybe ignored by a validator, if no certificates
+ * has to be validated.
+ *
+ * @return The ID of a trust profile.
+ */
+ public String getTrustProfileID();
+
+ /**
+ * Returns schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link Schema} specifying the location
+ * of an XML schema.
+ *
+ * @return A list of {@link Schema} objects each of them specifying the
+ * location of an XML schema.
+ */
+ public List getSchemaLocations();
+
+ /**
+ * Returns the URL of the BKU.
+ * Maybe needed by a validator.
+ *
+ * @return The url of the BKU.
+ */
+ public String getBkuURL();
+
+ /**
+ * Returns the target parameter.
+ * <code>null</code> in the case of a business service.
+ *
+ * @return The target parameter.
+ */
+ public String getTarget();
+
+ /**
+ * Returns <code>true</code> if the application is a business
+ * service, otherwise <code>false</code>. This may be useful
+ * for the validating application.
+ *
+ * @return <code>True</code> if the application is a business
+ * service, otherwise <code>false</code>
+ */
+ public boolean getBusinessApplication();
+
+ /**
+ * Returns the family name from the identity link.
+ * Maybe needed by a validator.
+ *
+ * @return The family name from the identity link.
+ */
+ public String getFamilyName();
+
+ /**
+ * Returns the given name from the identity link.
+ * Maybe needed by a validator.
+ *
+ * @return The given name from the identity link.
+ */
+ public String getGivenName();
+
+ /**
+ * The date of birth from the identity link.
+ * The method returns the value of the <pr:DateOfBirth>
+ * element from the identity link.
+ * Maybe needed by a validator.
+ *
+ * @return The date of birth from the identity link.
+ */
+ public String getDateOfBirth();
+
+ /**
+ * Returns he identification value from the identity
+ * link. This may be the <code>Stammzahl</code>
+ * in the case of a public application or the
+ * <code>wbPK</code> in the case of a business
+ * application. This parameter is only returned
+ * if specified within the config file.
+ *
+ * @return The identification value from the identity link.
+ */
+ public String getIdentificationValue();
+
+ /**
+ * Returns the type of the identification value
+ * from the identity link. This may be
+ * especially of interest for business
+ * applications.
+ *
+ * @return The type of the identification value
+ * from the identity link.
+ */
+ public String getIdentificationType();
+
+ /**
+ * Returns the public keys from the identity link.
+ * Maybe needed by the application.
+ *
+ * @return PublicKey[] The public keys from the
+ * identity link.
+ */
+ public PublicKey[] getPublicKeys();
+
+ /**
+ * Returns the identity link.
+ * A validator may need other data from the identity link, than
+ * family name, given name, date of birth and identification value.
+ * The identity link element is only returned if specified within the
+ * config file.
+ *
+ * @return The identity link.
+ */
+ public Element getIdentityLink();
+
+ /**
+ * Returns application specific parameters.
+ * Each child element of this element contains
+ * a validating application specific parameter. The
+ * element is passed as specified within the config
+ * file and its up to the implementing class to
+ * parse and interprete its children.
+ *
+ * @return Application specific parameters.
+ */
+ public Element getApplicationSpecificParams();
+
+}
+
+
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
new file mode 100644
index 000000000..46a67d48b
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
@@ -0,0 +1,326 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.PublicKey;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+/**
+ * Parameters for validating an infobox.
+ *
+ * This interface is used by MOA-ID to provide parameters to an
+ * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator
+ * InfoboxValidator}.
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
+
+ /**
+ * A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects.
+ * The first token in this list is the one to be validated. Each further token
+ * maybe needed to validate this first token.
+ */
+ private List infoboxTokenList_;
+
+ /**
+ * The ID of the trust profile used for validating certificates.
+ */
+ private String trustProfileID_;
+
+ /**
+ * The locations of schemas that maybe needed for validating infobox tokens.
+ */
+ private List schemaLocations_;
+
+ /**
+ * The URL of the BKU.
+ */
+ private String bkuURL_;
+
+ /**
+ * Specifies whether the current online application is a business or a public application.
+ */
+ private boolean businessApplication_;
+
+ /**
+ * The target parameter.
+ */
+ private String target_;
+
+ /**
+ * The family name from the identity link.
+ */
+ private String familyName_;
+
+ /**
+ * The given name from the identity link.
+ */
+ private String givenName_;
+
+ /**
+ * The date of birth from the identity link.
+ */
+ private String dateOfBirth_;
+
+ /**
+ * The date of identification value.
+ */
+ private String identificationValue_;
+
+ /**
+ * The identification type.
+ */
+ private String identificationType_;
+
+ /**
+ * The public keys from the identity link.
+ */
+ private PublicKey[] publicKeys_;
+
+ /**
+ * The identity link.
+ */
+ private Element identityLink_;
+
+ /**
+ * Application specific parameters.
+ */
+ private Element applicationSpecificParams_;
+
+ /**
+ * Empty constructor.
+ */
+ public InfoboxValidatorParamsImpl() {
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getInfoboxTokenList()
+ */
+ public List getInfoboxTokenList() {
+ return infoboxTokenList_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTrustProfileID()
+ */
+ public String getTrustProfileID() {
+ return trustProfileID_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getSchemaLocations()
+ */
+ public List getSchemaLocations() {
+ return schemaLocations_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBkuURL()
+ */
+ public String getBkuURL() {
+ return bkuURL_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTarget()
+ */
+ public String getTarget() {
+ return target_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication()
+ */
+ public boolean getBusinessApplication() {
+ return businessApplication_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getFamilyName()
+ */
+ public String getFamilyName() {
+ return familyName_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getGivenName()
+ */
+ public String getGivenName() {
+ return givenName_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDateOfBirth()
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationValue()
+ */
+ public String getIdentificationValue() {
+ return identificationValue_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationType()
+ */
+ public String getIdentificationType() {
+ return identificationType_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getPublicKeys()
+ */
+ public PublicKey[] getPublicKeys() {
+ return publicKeys_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentityLink()
+ */
+ public Element getIdentityLink() {
+ return identityLink_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getApplicationSpecificParams()
+ */
+ public Element getApplicationSpecificParams() {
+ return applicationSpecificParams_;
+ }
+
+ /**
+ * Sets the application specific parameters.
+ *
+ * @param applicationSpecificParams The application specific parameters to set.
+ */
+ public void setApplicationSpecificParams(Element applicationSpecificParams) {
+ applicationSpecificParams_ = applicationSpecificParams;
+ }
+
+ /**
+ * Sets the bku URL.
+ *
+ * @param bkuURL The bku URL to set.
+ */
+ public void setBkuURL(String bkuURL) {
+ bkuURL_ = bkuURL;
+ }
+
+ /**
+ * Sets the business application parameter.
+ *
+ * @param businessApplication The business application parameter to set.
+ * (<code>True</code> if the application is a business
+ * application, otherwies <code>false</code>).
+ */
+ public void setBusinessApplication(boolean businessApplication) {
+ businessApplication_ = businessApplication;
+ }
+
+ /**
+ * Sets the date of birth.
+ *
+ * @param dateOfBirth The date of birth.
+ */
+ public void setDateOfBirth(String dateOfBirth) {
+ dateOfBirth_ = dateOfBirth;
+ }
+
+ /**
+ * Sets the family name.
+ *
+ * @param familyName The family name.
+ */
+ public void setFamilyName(String familyName) {
+ familyName_ = familyName;
+ }
+
+ /**
+ * Sets the given name.
+ *
+ * @param givenName The given name.
+ */
+ public void setGivenName(String givenName) {
+ givenName_ = givenName;
+ }
+
+ /**
+ * Sets the identification type.
+ *
+ * @param identificationType The identification type.
+ */
+ public void setIdentificationType(String identificationType) {
+ identificationType_ = identificationType;
+ }
+
+ /**
+ * Sets the identification value.
+ *
+ * @param identificationValue The identification value.
+ */
+ public void setIdentificationValue(String identificationValue) {
+ identificationValue_ = identificationValue;
+ }
+
+ /**
+ * Sets the identity link.
+ *
+ * @param identityLink The identity link.
+ */
+ public void setIdentityLink(Element identityLink) {
+ identityLink_ = identityLink;
+ }
+
+ /**
+ * Sets the infobox token to be validated.
+ *
+ * @param infoboxTokenList A list {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects.
+ */
+ public void setInfoboxTokenList(List infoboxTokenList) {
+ infoboxTokenList_ = infoboxTokenList;
+ }
+
+ /**
+ * Sets the public Keys.
+ *
+ * @param publicKeys The public keys.
+ */
+ public void setPublicKeys(PublicKey[] publicKeys) {
+ publicKeys_ = publicKeys;
+ }
+
+ /**
+ * Sets the schema locations.
+ *
+ * @param schemaLocations The schema locations. A list of
+ * {@link Schema} objects.
+ */
+ public void setSchemaLocations(List schemaLocations) {
+ schemaLocations_ = schemaLocations;
+ }
+
+ /**
+ * Sets the target.
+ *
+ * @param target The target.
+ */
+ public void setTarget(String target) {
+ target_ = target;
+ }
+
+
+ /**
+ * Sets the ID of the trust profile used for validating certificates.
+ *
+ * @param trustProfileID the ID of the trust profile used for validating certificates.
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ trustProfileID_ = trustProfileID;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java
new file mode 100644
index 000000000..c113f16b8
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java
@@ -0,0 +1,26 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * Specifies the location of a schema.
+ *
+ * @author Harald Bratko
+ */
+public interface Schema {
+
+ /**
+ * The namespace URI of this schema.
+ *
+ * @return The namespace of this schema.
+ */
+ public String getNamespace();
+
+ /**
+ * The location URI of this schema.
+ * Relative paths have to be interpreted relative to the
+ * location of the MOA-ID config file.
+ *
+ * @return The location URI of this schema.
+ */
+ public String getSchemaLocation();
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
new file mode 100644
index 000000000..e6755b58c
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
@@ -0,0 +1,63 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * This class specifies the location of a schema.
+ *
+ * @author Harald Bratko
+ */
+public class SchemaImpl implements Schema {
+
+ /**
+ * The namespace of this schema.
+ */
+ private String namespace_;
+
+ /**
+ * The location (URI) of this schema;
+ */
+ private String schemaLocation_;
+
+ /**
+ * Sets the namespace and schema location URIS of this schema.
+ *
+ * @param namespace The namespace URI of this schema.
+ * @param schemaLocation The location URI of this schema.
+ */
+ public SchemaImpl(String namespace, String schemaLocation) {
+ namespace_ = namespace;
+ schemaLocation_ = schemaLocation;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.Schema#getNamespace()
+ */
+ public String getNamespace() {
+ return namespace_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.Schema#getSchemaLocation()
+ */
+ public String getSchemaLocation() {
+ return schemaLocation_;
+ }
+
+ /**
+ * Sets the namespace.
+ *
+ * @param namespace The namespace to set.
+ */
+ public void setNamespace(String namespace) {
+ namespace_ = namespace;
+ }
+
+ /**
+ * Sets the location URI of this schema.
+ *
+ * @param schemaLocation The schemaLocation to set.
+ */
+ public void setSchemaLocation(String schemaLocation) {
+ schemaLocation_ = schemaLocation;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index eb7d76fda..6287c99dd 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -137,11 +137,10 @@ public class CreateXMLSignatureResponseParser {
String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", "");
String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", "");
Object attrValue;
- if ("wbPK".equals(attrName)) {
- Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH);
- attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes());
- } else {
- attrValue = XPathUtils.getElementValue(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH, "");
+ Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH);
+ attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes());
+ if (attrValue == null) {
+ attrValue = attrValueElem.getFirstChild().getNodeValue();
}
samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
new file mode 100644
index 000000000..e493f07fb
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
@@ -0,0 +1,157 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
+import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Parses and unmarshales <code>InfoboxReadResponse<code>.
+ * This parser is especially used for parsing additional responses (additional to that
+ * one containing the <code>IdentityLink</code> retuned from the BKU as an answer of
+ * a <code>&lt;PushInfobox&gt;</code> request.
+ */
+public class ExtendedInfoboxReadResponseParser {
+
+ /**
+ * Hide default constructor.
+ */
+ private ExtendedInfoboxReadResponseParser() {
+ }
+
+ /**
+ * Parses and unmarshales the given <code>infoboxReadResponse</code> to a list of
+ * {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects.
+ * The method parses the given <code>infoboxReadResponse</code>
+ *
+ * @param infoboxReadResponse The infobox read response to be unmarshaled.
+ * @param infoboxName The name of the infobox the reponse corresponds to.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects. Maybe empty.
+ *
+ * @throws ParseException If an error occurs on parsing and unmarshaling the response.
+ */
+ public static List parseInfoboxReadResponse(String infoboxReadResponse, String infoboxName)
+ throws ParseException
+ {
+ Element infoboxReadResponseElem = null;
+ try {
+ Document doc =
+ DOMUtils.parseDocument(infoboxReadResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null);
+ infoboxReadResponseElem = doc.getDocumentElement();
+ } catch (Exception e) {
+ Logger.error("InfoboxReadResponse for \"" + infoboxName +
+ "\"-infobox could not be parsed successfully: " + e.getMessage());
+ throw new ParseException("parser.01", new Object[] {infoboxName + "-InfoboxReadResponse"});
+ }
+
+ Vector infoboxTokenList = new Vector();
+
+ if (infoboxReadResponseElem != null) {
+ // avoid using namespace URI or prefix, because it might change within the response
+ // (e.g.: sl11-namespace, some child sl10-namespace
+ List infoboxReadResponseChildren = DOMUtils.getChildElements(infoboxReadResponseElem);
+ String key = null;
+ boolean primary = true;
+ Element infoboxReadResponseChild = (Element)infoboxReadResponseChildren.get(0);
+ String infoboxReadResponseChildName = infoboxReadResponseChild.getLocalName();
+ if (infoboxReadResponseChildName.equals("AssocArrayData")) {
+ // get the <Pair> child elements from the <AssocArrayData> element
+ List assocArrayPairs = DOMUtils.getChildElements(infoboxReadResponseChild);
+ Iterator assocArrayPairIt = assocArrayPairs.iterator();
+ int pairCount = 0;
+ // step through the <Pair> elemnts
+ while (assocArrayPairIt.hasNext()) {
+ Element assocArrayPair = (Element)assocArrayPairIt.next();
+ // check if the element actually a "Pair" element and not only a "key"
+ if (assocArrayPair.getLocalName().equals("Key")) {
+ // do not accept only a Key
+ throw new ParseException("parser.07", new Object[] {infoboxName});
+ }
+ key = assocArrayPair.getAttribute("Key");
+ if (pairCount > 0) {
+ primary = false;
+ }
+ pairCount++;
+ infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(assocArrayPair, infoboxName, key, primary));
+ }
+
+ } else if (infoboxReadResponseChildName.equals("BinaryFileData")) {
+ infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(infoboxReadResponseChild, infoboxName, null, true));
+ }
+ }
+ return infoboxTokenList;
+ }
+
+ /**
+ * Unmarshales the <code>&lt;XMLContent&gt;</code> or
+ * <code>&lt;Base64Content&gt;</code> child of the given element to a list of
+ * infobox token.
+ *
+ * @param contentParent The elment including the <code>&lt;XMLContent&gt;</code> or
+ * <code>&lt;Base64Content&gt;</code> child to unmarshal the
+ * infobox token from.
+ * @param infoboxName The name of the infobox.
+ * @param key The key of an <code>AssocArrayData-Pair</code>.
+ * Maybe <code>null</code>.
+ * @param primary Specifies whether this token is the first (e.g. in an
+ * AssocArrayData) token.
+ *
+ * @return A infobox token list.
+ *
+ * @throws ParseException If the <code>contentParent</code> has no <code>&lt;XMLContent&gt;</code>
+ * or <code>&lt;Base64Content&gt;</code> child or the
+ * <code>&lt;XMLContent&gt;</code> is empty.
+ */
+ public static List getTokenFromXMLOrBase64Content(
+ Element contentParent,
+ String infoboxName,
+ String key,
+ boolean primary)
+ throws ParseException
+ {
+ Vector tokenList = new Vector();
+ // get the <XMLContent> or <Base64Content>
+ List content = DOMUtils.getChildElements(contentParent);
+ if (content.size() == 1) {
+ Element contentElem = (Element)content.get(0);
+ if (contentElem.getLocalName().equals("XMLContent")) {
+ List xmlContentChildren = DOMUtils.getChildElements(contentElem);
+ if (xmlContentChildren.size() == 0) {
+ throw new ParseException("parser.06", new Object[] {infoboxName, "Inhalt", "XMLContent"});
+ }
+ int xmlCount = 0;
+ Iterator contentIt = xmlContentChildren.iterator();
+ while (contentIt.hasNext()) {
+ Element xmlToken = (Element)contentIt.next();
+ if (xmlCount > 0) {
+ primary = false;
+ }
+ InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, xmlToken);
+ tokenList.add(infoboxToken);
+ xmlCount++;
+ }
+ } else {
+ String base64Token = contentElem.getFirstChild().getNodeValue();
+ InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, base64Token);
+ tokenList.add(infoboxToken);
+ }
+ } else {
+ throw new ParseException("parser.06",
+ new Object[] {infoboxName, "XMLContent oder Base64Content", contentParent.getLocalName()});
+ }
+ return tokenList;
+ }
+
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index 092bc68c9..9d8cff6f5 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -89,7 +89,7 @@ public class IdentityLinkAssertionParser {
+ "Identification";
/** Xpath expression to the Identification Value element */
- private static final String PERSON_IDENT_VALUE_XPATH =
+ public static final String PERSON_IDENT_VALUE_XPATH =
PERSON_XPATH
+ "/"
+ PDATA
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 70e53d83e..96e8e6dd6 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -131,7 +131,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
{
// request is encoded as mulitpart/form-data
FileItemFactory factory = new DiskFileItemFactory();
- ServletFileUpload upload = null;;
+ ServletFileUpload upload = null;
upload = new ServletFileUpload(factory);
List items = null;
items = upload.parseRequest(req);
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 9d5c4b191..2134c1444 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -2,11 +2,14 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.OutputStream;
+import java.util.Enumeration;
import java.util.Map;
+import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.FileUploadException;
@@ -75,29 +78,30 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
- String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);
- try {
- String createXMLSignatureRequest =
- AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse);
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- resp.setStatus(307);
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
- resp.addHeader("Location", dataURL);
-
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+ String createXMLSignatureRequest =
+ AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+ resp.setStatus(307);
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ resp.addHeader("Location", dataURL);
+
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
OutputStream out = resp.getOutputStream();
out.write(createXMLSignatureRequest.getBytes("UTF-8"));
- out.flush();
+ out.flush();
out.close();
- Logger.debug("Finished POST VerifyIdentityLink");
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+ Logger.debug("Finished POST VerifyIdentityLink");
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index 0bd45e3e9..444f706e4 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -153,7 +153,7 @@ public class IdentityLinkValidator implements Constants {
//Check if dsig:Signature exists
Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature");
- if (dsigSignature==null) throw new ValidateException("validator.05", null);
+ if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"});
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
new file mode 100644
index 000000000..e17e03a20
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+
+/**
+ * Validates an InfoboxReadResponse.
+ * An implementing class has to validate the content of the InfoboxReadResponse
+ * according to the type specific rules and guidelines of the underlying
+ * application.
+ * If validation succeeds, the class may provide an array of
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes}. Each of these SAML-Attributes will be either appended to the
+ * final SAML-Assertion passed to the online application or to the AUTH-Block,
+ * or to both.
+ * <br>
+ * If validation fails the implementing class has to provide a short error message.
+ */
+public interface InfoboxValidator {
+
+ /**
+ * This method validates an InfoboxReadResponse.
+ * The method validates the content of the passed <code>infoboxReadResponse</code>
+ * according to the type specific rules and guidelines of the underlying
+ * application.
+ * <br>
+ * The method returns <code>true</code> if validation succeeds. In that case
+ * method {@link #getExtendedSamlAttributes()} may provide an array of
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the
+ * AUTH-Block or to both.
+ * <br>
+ * The method returns <code>false</code> if validation fails. In that case
+ * method {@link #getErrorMessage()} has to provide a short error description.
+ *
+ * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams
+ * Parameters} needed by the validator.
+ *
+ * @return <code>True</code> if validation succeeds,
+ * otherwise <code>false</code>.
+ *
+ * @throws ValidateException If an error occurs on validating the
+ * InfoboxReadResponse.
+ */
+ public boolean validate (InfoboxValidatorParams params)
+ throws ValidateException;
+
+ /**
+ * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+ * provided to the online application.
+ * The SAML-Attributes in that array will be added to the final
+ * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
+ * in the array this method returns.
+ *
+ * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+ * provided to the online application, the AUTH-Block, or both. If no attributes should
+ * be added this array maybe <code>null</code> or empty.
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes();
+
+ /**
+ * A short error description that should be displayed by MOA-ID if
+ * validation of the InfoBoxReadResponse fails.
+ *
+ * @return An short error message if validation fails.
+ */
+ public String getErrorMessage();
+
+}