diff options
| author | harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2005-07-22 15:11:48 +0000 |
|---|---|---|
| committer | harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2005-07-22 15:11:48 +0000 |
| commit | c8223bd5aaf9466fb6c72fe8a5a13b1b105b7c17 (patch) | |
| tree | b5ecda8d6df344cb3ebe245c24ccb012686d175d /id.server/src/at/gv/egovernment/moa/id/auth | |
| parent | 44a961d0df8d9721b1bdb8185e3a68df762c5ba6 (diff) | |
| download | moa-id-spss-c8223bd5aaf9466fb6c72fe8a5a13b1b105b7c17.tar.gz moa-id-spss-c8223bd5aaf9466fb6c72fe8a5a13b1b105b7c17.tar.bz2 moa-id-spss-c8223bd5aaf9466fb6c72fe8a5a13b1b105b7c17.zip | |
updated for wbPK
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@398 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth')
18 files changed, 701 insertions, 266 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 4c44e807c..8cb71402f 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; +import iaik.x509.X509Certificate; import java.io.IOException; import java.security.GeneralSecurityException; @@ -12,6 +13,8 @@ import java.util.Iterator; import java.util.Map; import java.util.Set; +import javax.xml.transform.TransformerException; + import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; @@ -47,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidat import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -55,7 +59,9 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; @@ -139,8 +145,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(authURL)) throw new WrongParametersException("StartAuthentication", "AuthURL"); - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); if (isEmpty(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA); @@ -154,6 +158,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + } else { + if (!isEmpty(target)) { + Logger.info("Ignoring target parameter thus application type is \"businessService\""); + } + target = null; + } + AuthenticationSession session = newSession(); Logger.info("MOASession " + session.getSessionID() + " angelegt"); session.setTarget(target); @@ -161,6 +176,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); + session.setBusinessService(oaParam.getBusinessService()); String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); @@ -258,28 +274,45 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); if (isEmpty(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA); } AuthenticationSession session; - if (sessionID != null) + OAAuthParameter oaParam; + if (sessionID != null) { session = getSession(sessionID); - else { - OAAuthParameter oaParam = + oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } else { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { oaURL }); + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + } else { + target = null; + } session = newSession(); Logger.info("MOASession " + session.getSessionID() + " angelegt"); session.setTarget(target); session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); - session.setTemplateURL(templateURL); + session.setTemplateURL(templateURL); + session.setBusinessService(oaParam.getBusinessService()); + } + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + bkuURL = DEFAULT_BKU; } - String infoboxReadRequest = new InfoboxReadRequestBuilder().build(); + session.setBkuURL(bkuURL); + String infoboxReadRequest = + new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), + oaParam.getBusinessService(), + oaParam.getIdentityLinkDomainIdentifier()); String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), @@ -296,7 +329,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { ex); } } - String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); String certInfoDataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), @@ -371,25 +404,38 @@ public class AuthenticationServer implements MOAIDAuthConstants { // debug output if(null != domVerifyXMLSignatureResponse) OutputXML2File.debugOutputXML2File("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse, DEBUG_OUTPUT_HIERARCHY); + if (identityLink.getIdentificationType().equalsIgnoreCase(Constants.URN_PREFIX_BASEID)) { + } + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // if OA is type is business service the manifest validation result has to be ignored + boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true : false; + // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, authConf.getIdentityLinkX509SubjectNames(), - VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + ignoreManifestValidationResult); session.setIdentityLink(identityLink); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); - session.setAuthBlock(authBlock); +// session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> - String[] transformInfos = authConf.getTransformsInfos(); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - + String[] transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.length == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } String createXMLSignatureRequest = - new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), transformInfos); + new CreateXMLSignatureRequestBuilder().build(authBlock, + oaParam.getKeyBoxIdentifier(), + transformsInfos, + oaParam.getSlVersion12()); return createXMLSignatureRequest; } /** @@ -401,12 +447,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getGivenName() + " " + identityLink.getFamilyName(); String gebDat = identityLink.getDateOfBirth(); + String identificationValue = identityLink.getIdentificationValue(); + String identificationType = identityLink.getIdentificationType(); String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); String authURL = session.getAuthURL(); String target = session.getTarget(); String oaURL = session.getPublicOAURLPrefix(); - String authBlock = - new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL, gebDat); + String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(issuer, + issueInstant, + authURL, + target, + identificationValue, + identificationType, + oaURL, + gebDat); + return authBlock; } /** @@ -450,13 +505,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses <CreateXMLSignatureResponse> CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + try { + String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate( - csresp, - session.getTarget(), - session.getPublicOAURLPrefix()); - // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call + new CreateXMLSignatureResponseValidator().validate(csresp, session); + // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); @@ -474,7 +534,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponseValidator.getInstance().validate( vsresp, null, - VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); + VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, + true); // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( vsresp, @@ -507,36 +568,64 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean businessService = oaParam.getBusinessService(); authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String bpkBase64 = - new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - authData.setIdentificationType(identityLink.getIdentificationType()); - authData.setPBK(bpkBase64); + + authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideStammzahl()); - - try { + authData.setBkuURL(session.getBkuURL()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); + if (provideStammzahl) { + authData.setIdentificationValue(identityLink.getIdentificationValue()); + } + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + + try { + String signerCertificateBase64 = ""; + if (oaParam.getProvideCertifcate()) { + X509Certificate signerCertificate = verifyXMLSigResp.getX509certificate(); + if (signerCertificate != null) { + signerCertificateBase64 = Base64Utils.encode(signerCertificate.getEncoded()); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } + } + authData.setSignerCertificate(signerCertificateBase64); + if (businessService) { + authData.setWPBK(identityLink.getIdentificationValue()); + } else { + // only compute bPK if online applcation is a public service + String bpkBase64 = + new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setPBK(bpkBase64); + } String ilAssertion = oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; String samlAssertion = - new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion); + new AuthenticationDataAssertionBuilder().build(authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + businessService); authData.setSamlAssertion(samlAssertion); return authData; } catch (Throwable ex) { diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index ddba20049..15d21b4b9 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -16,6 +16,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_BKU = "bkuURI"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** default BKU URL */ + public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** servlet parameter "returnURI" */ public static final String PARAM_RETURN = "returnURI"; /** servlet parameter "Template" */ diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 41f439d04..ec412deb3 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -12,26 +12,39 @@ import at.gv.egovernment.moa.util.Constants; * @version $Id$ */ public class AuthenticationBlockAssertionBuilder implements Constants { - /** private static String nl contains the NewLine representation in Java*/ + /** the NewLine representation in Java*/ private static String nl = "\n"; - /** private static String AUTH_BLOCK contains an XML-Auth-Block-Template */ + /** template for the Auth-Block */ private static String AUTH_BLOCK = - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{0}'' IssueInstant=''{1}''>" + nl + - " <saml:AttributeStatement>" + nl + - " <saml:Subject>" + nl + - " <saml:NameIdentifier>{2}</saml:NameIdentifier>" + nl + - " </saml:Subject>" + nl + - " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{3}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{4}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{5}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " </saml:AttributeStatement>" + nl + - "</saml:Assertion>"; + "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + nl + + " <saml:AttributeStatement>" + nl + + " <saml:Subject>" + nl + + " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + nl + + " </saml:Subject>" + nl + + "{4}" + + " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + + " <saml:AttributeValue>{5}</saml:AttributeValue>" + nl + + " </saml:Attribute>" + nl + + " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + + " <saml:AttributeValue>{6}</saml:AttributeValue>" + nl + + " </saml:Attribute>" + nl + + " </saml:AttributeStatement>" + nl + + "</saml:Assertion>"; + + private static String GESCHAEFTS_BEREICH_ATTRIBUTE = + " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + + " <saml:AttributeValue>{0}</saml:AttributeValue>" + nl + + " </saml:Attribute>" + nl; + + private static String WBPK_ATTRIBUTE = + " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + + " <saml:AttributeValue>" + nl + + " <pr:Identification>" + nl + + " <pr:Value>{0}</pr:Value>" + nl + + " <pr:Type>{1}</pr:Type>" + nl + + " </pr:Identification>" + nl + + " </saml:AttributeValue>" + nl + + " </saml:Attribute>" + nl; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -39,21 +52,56 @@ public class AuthenticationBlockAssertionBuilder implements Constants { public AuthenticationBlockAssertionBuilder() { super(); } + /** - * Builds the authentication block <code><saml:Assertion></code>. + * Builds the authentication block <code><saml:Assertion></code> * * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code> * @param issueInstant current timestamp * @param authURL URL of MOA-ID authentication component - * @param target "Geschäftsbereich" + * @param target "Geschäftsbereich"; maybe <code>null</code> if the application + * is a business application + * @param identityLinkValue the content of the <code><pr:Value></code> + * child element of the <code><pr:Identification></code> + * element derived from the Identitylink; this is the + * value of the <code>wbPK</code>; + * maybe <code>null</code> if the application is a public service + * @param identiyLinkType the content of the <code><pr:Type></code> + * child element of the <code><pr:Identification></code> + * element derived from the Identitylink; this includes the + * URN prefix and the identification number of the business + * application used as input for wbPK computation; + * maybe <code>null</code> if the application is a public service * @param oaURL public URL of online application requested * @return String representation of authentication block * <code><saml:Assertion></code> built */ - public String build(String issuer, String issueInstant, String authURL, String target, String oaURL, String GebDat) { - String assertion = MessageFormat.format( - AUTH_BLOCK, new Object[] { issuer, issueInstant, authURL, target, oaURL, GebDat}); - return assertion; + public String buildAuthBlock(String issuer, + String issueInstant, + String authURL, + String target, + String identityLinkValue, + String identityLinkType, + String oaURL, + String GebDat) + { + + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + if (target == null) { + // OA is a business application + gebeORwbpk = MessageFormat.format( + WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\" xmlns:si=\"" + PD_NS_URI + "\""; + } else { + gebeORwbpk = MessageFormat.format( + GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + } + + String assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { wbpkNSDeclaration, issuer, issueInstant, authURL, gebeORwbpk, oaURL, GebDat}); + return assertion; + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index eaf9aa0ae..cdb660010 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -26,19 +26,23 @@ public class AuthenticationDataAssertionBuilder implements Constants { " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + " <saml:AttributeStatement>" + NL + " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''urn:publicid:gv.at:cdid+bPK''>{3}</saml:NameIdentifier>" + NL + + " <saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL + " <saml:SubjectConfirmation>" + NL + " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{4}{5}</saml:SubjectConfirmationData>" + NL + + " <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL + " </saml:SubjectConfirmation>" + NL + " </saml:Subject>" + NL + " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL + + " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL + + " <saml:AttributeValue>{8}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + - "{8}" + + " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + + " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL + + " </saml:Attribute>" + NL + + "{10}" + + "{11}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; /** @@ -49,6 +53,11 @@ public class AuthenticationDataAssertionBuilder implements Constants { " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL + " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL; + + private static final String SIGNER_CERTIFICATE_ATT = + " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + + " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + + " </saml:Attribute>" + NL; /** * Constructor for AuthenticationDataAssertionBuilder. @@ -67,6 +76,12 @@ public class AuthenticationDataAssertionBuilder implements Constants { * <code>lt;saml:SubjectConfirmationData></code> element; may include * the <code>"Stammzahl"</code> or not; may be empty * @param xmlIdentityLink the IdentityLink + * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe + * an empty string if the signer certificate should not be provided. + * Will be ignored if the <code>businessService</code> parameter is + * set to <code>false</code>. + * @param businessService <code>true</code> if the online application is a + * business service, otherwise <code>false</code> * @return the <code><saml:Assertion></code> * @throws BuildException if an error occurs during the build process */ @@ -74,7 +89,10 @@ public class AuthenticationDataAssertionBuilder implements Constants { AuthenticationData authData, String xmlPersonData, String xmlAuthBlock, - String xmlIdentityLink) throws BuildException { + String xmlIdentityLink, + String bkuURL, + String signerCertificateBase64, + boolean businessService) throws BuildException { String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; String publicAuthorityAttribute = ""; @@ -85,17 +103,38 @@ public class AuthenticationDataAssertionBuilder implements Constants { publicAuthorityAttribute = MessageFormat.format( PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); } - + + + String signerCertificateAttribute = ""; + if (signerCertificateBase64 != "") { + signerCertificateAttribute = MessageFormat.format( + SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); + } + + String pkType; + String pkValue; + if (businessService) { + pkType = authData.getIdentificationType(); + pkValue = authData.getWPBK(); + + } else { + pkType = URN_PREFIX_BPK; + pkValue = authData.getPBK(); + } + String assertion = MessageFormat.format(AUTH_DATA, new Object[] { - authData.getAssertionID(), + authData.getAssertionID(), authData.getIssuer(), authData.getIssueInstant(), - authData.getPBK(), - removeXMLDeclaration(xmlAuthBlock), - removeXMLDeclaration(xmlIdentityLink), + pkType, + pkValue, + removeXMLDeclaration(xmlAuthBlock), + removeXMLDeclaration(xmlIdentityLink), removeXMLDeclaration(xmlPersonData), - isQualifiedCertificate, - publicAuthorityAttribute}); + isQualifiedCertificate, + bkuURL, + publicAuthorityAttribute, + signerCertificateAttribute}); return assertion; } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index 5ceb1d1c0..cb6c8b31b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -1,9 +1,13 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.io.File; import java.io.IOException; +import java.text.MessageFormat; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the <code><VerifyXMLSignatureRequest></code> structure @@ -12,10 +16,26 @@ import at.gv.egovernment.moa.util.FileUtils; * @author Paul Ivancsics * @version $Id$ */ -public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder { +public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements Constants { /** special tag in the VerifyXMLRequest template to be substituted for a <code><dsig:Signature></code> */ private static final String SIGNATURE_TAG = "<dsig:Signature/>"; + + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** + * XML template for the CertInfoVerifyXMLSignatureRequest to be built + */ + static final String CERTINFO_REQUEST = + "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl + + "<{0}:VerifyXMLSignatureRequest {2} xmlns:xml=\"" + XML_NS_URI + "\" xmlns:dsig=\"" + DSIG_NS_URI + "\">" + nl + + " <{0}:SignatureInfo>" + nl + + " <{0}:SignatureEnvironment>" + nl + + " <{1}:XMLContent xml:space=\"preserve\"><dsig:Signature/></{1}:XMLContent>" + nl + + " </{0}:SignatureEnvironment>" + nl + + " <{0}:SignatureLocation>//dsig:Signature</{0}:SignatureLocation>" + nl + + " </{0}:SignatureInfo>" + nl + + "</{0}:VerifyXMLSignatureRequest>"; /** * Constructor @@ -28,16 +48,30 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder { * @return the XML structure * @throws BuildException */ - public String build() throws BuildException { - String resCertInfoRequest = "resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml"; - String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; - String certInfoRequest; - try { - certInfoRequest = FileUtils.readResource(resCertInfoRequest, "UTF-8"); - } - catch (IOException ex) { - throw new BuildException("auth.04", new Object[] {resCertInfoRequest, ex.toString()}); + public String build(boolean slVersion12) throws BuildException { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + if (slVersion12) { + + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\""; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; + } + + String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration}); + String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; + + try { String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 48320c4f5..51429251e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the <code><CreateXMLSignatureRequest></code> structure @@ -17,22 +18,23 @@ public class CreateXMLSignatureRequestBuilder implements Constants { private static final String nl = "\n"; /** * XML template for the <code><moa:CreateXMLSignatureRequest></code> to be built - */ + */ private static final String CREATE_XML_SIGNATURE_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + - "<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl + - " <sl11:KeyboxIdentifier>{1}</sl11:KeyboxIdentifier>" + nl + - " <sl11:DataObjectInfo Structure=''detached''>" + nl + - " <sl10:DataObject Reference=''''/>" + nl + - "{2}" + - " </sl11:DataObjectInfo>" + nl + - " <sl11:SignatureInfo>" + nl + - " <sl11:SignatureEnvironment>" + nl + - " <sl10:XMLContent>{0}</sl10:XMLContent>" + nl + - " </sl11:SignatureEnvironment>" + nl + - " <sl11:SignatureLocation Index=''2''>/saml:Assertion</sl11:SignatureLocation>" + nl + - " </sl11:SignatureInfo>" + nl + - "</sl11:CreateXMLSignatureRequest>"; + "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + + "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl + + " <{3}:KeyboxIdentifier>{1}</{3}:KeyboxIdentifier>" + nl + + " <{3}:DataObjectInfo Structure=''detached''>" + nl + + " <{4}:DataObject Reference=''''/>" + nl + + "{2}" + + " </{3}:DataObjectInfo>" + nl + + " <{3}:SignatureInfo>" + nl + + " <{3}:SignatureEnvironment>" + nl + + " <{4}:XMLContent>{0}</{4}:XMLContent>" + nl + + " </{3}:SignatureEnvironment>" + nl + + " <{3}:SignatureLocation Index=''2''>/saml:Assertion</{3}:SignatureLocation>" + nl + + " </{3}:SignatureInfo>" + nl + + "</{3}:CreateXMLSignatureRequest>"; + /** * Constructor for CreateXMLSignatureRequestBuilder. @@ -46,14 +48,46 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * * @param authBlock String representation of XML authentication block * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeypair) + * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <code><CreateXMLSignatureRequest></code> */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) { - String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) + public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + String dsigTransformInfosString = ""; + for (int i = 0; i < dsigTransformInfos.length; i++) { dsigTransformInfosString += dsigTransformInfos[i]; + } + + if (slVersion12) { + + // replace the SecurityLayer namespace prefixes and URIs within the transforms + dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, + SL10_PREFIX, SL12_PREFIX, + SL10_NS_URI, SL12_NS_URI); + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; + + } + String request = MessageFormat.format( - CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, keyBoxIdentifier, dsigTransformInfosString }); + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, + keyBoxIdentifier, + dsigTransformInfosString, + sl11Prefix, + sl10Prefix, + slNsDeclaration }); + return request; } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index dbc14804d..4fb5b0837 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -27,8 +27,6 @@ public class GetIdentityLinkFormBuilder extends Builder { /** special tag in the HTML template to be substituted for the certificate info data URL */ private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>"; - /** default BKU URL */ - private static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** default HTML template */ private static final String DEFAULT_HTML_TEMPLATE = "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + @@ -84,11 +82,11 @@ public class GetIdentityLinkFormBuilder extends Builder { throws BuildException { String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); +// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest)); htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL); - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest)); htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL); return htmlForm; diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index d3e100671..c2bafe43b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -11,29 +11,76 @@ import at.gv.egovernment.moa.util.Constants; */ public class InfoboxReadRequestBuilder implements Constants { - /** - * XML template for the <code><sl10:InfoboxReadRequest></code> to be built - */ - String INFOBOX_READ_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<sl10:InfoboxReadRequest xmlns:sl10=\"" + SL10_NS_URI + "\">" + - "<sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier>" + - "<sl10:BinaryFileParameters ContentIsXMLEntity=\"true\"/>" + - "</sl10:InfoboxReadRequest>"; /** * Constructor for InfoboxReadRequestBuilder. */ public InfoboxReadRequestBuilder() { } + + /** * Builds an <code><InfoboxReadRequest></code>. * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe <code>null</code> if the OA + * is a public service; must not be <code>null</code> + * if the OA is a business service + * * @return <code><InfoboxReadRequest></code> as String */ - public String build() { - String request = INFOBOX_READ_REQUEST; - return request; + public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + if (slVersion12) { + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + } else { + slPrefix = SL10_PREFIX; + slNsDeclaration = SL10_NS_URI; + } + + StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink</"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append("</sl:IdentityLinkDomainIdentifier>"); + sb.append("</"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + } + sb.append("</"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest>"); + + return sb.toString(); + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index ba4a9e367..27d91bf1f 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -15,7 +15,8 @@ public class AuthenticationSession { */ private String sessionID; /** - * "Geschäftsbereich" the online application belongs to + * "Geschäftsbereich" the online application belongs to; maybe <code>null</code> + * if the online application is a business application */ private String target; /** @@ -34,6 +35,10 @@ public class AuthenticationSession { * HTML template URL */ private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; /** * identity link read from smartcard */ @@ -49,8 +54,13 @@ public class AuthenticationSession { /** * timestamp logging when identity link has been received */ - private Date timestampIdentityLink; - + private Date timestampIdentityLink; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; + /** * Constructor for AuthenticationSession. * @@ -108,6 +118,14 @@ public class AuthenticationSession { public String getPublicOAURLPrefix() { return oaPublicURLPrefix; } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } /** * Returns the target. @@ -132,6 +150,14 @@ public class AuthenticationSession { public void setPublicOAURLPrefix(String url) { this.oaPublicURLPrefix = url; } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } /** * Sets the target. @@ -180,6 +206,23 @@ public class AuthenticationSession { public Date getTimestampIdentityLink() { return timestampIdentityLink; } + + /** + * Returns the businessService. + * @return <code>true</code> if the corresponding online application is + * a business application, otherwise <code>false</code> + */ + public boolean getBusinessService() { + return businessService; + } + + /** + * Sets the businessService variable. + * @param businessService the value for setting the businessService variable. + */ + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } /** * Returns the timestampStart. diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java index c787b2a81..76ba6366d 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java @@ -9,17 +9,18 @@ package at.gv.egovernment.moa.id.auth.data; * */ public class SAMLAttribute { -/** the name to be stored */ -private String name; -/** the namespace to be stored */ -private String namespace; -/** the value to be stored */ -private String value; + + /** the name to be stored */ + private String name; + /** the namespace to be stored */ + private String namespace; + /** the value to be stored */ + private Object value; /** * Constructor for SAMLAttribute. */ - public SAMLAttribute(String name, String namespace, String value) { + public SAMLAttribute(String name, String namespace, Object value) { this.name = name; this.namespace = namespace; @@ -27,52 +28,52 @@ private String value; } -/** - * Returns the name. - * @return String - */ -public String getName() { - return name; -} - -/** - * Returns the namespace. - * @return String - */ -public String getNamespace() { - return namespace; -} - -/** - * Returns the value. - * @return String - */ -public String getValue() { - return value; -} - -/** - * Sets the name. - * @param name The name to set - */ -public void setName(String name) { - this.name = name; -} - -/** - * Sets the namespace. - * @param namespace The namespace to set - */ -public void setNamespace(String namespace) { - this.namespace = namespace; -} - -/** - * Sets the value. - * @param value The value to set - */ -public void setValue(String value) { - this.value = value; -} + /** + * Returns the name. + * @return String + */ + public String getName() { + return name; + } + + /** + * Returns the namespace. + * @return String + */ + public String getNamespace() { + return namespace; + } + + /** + * Returns the value. + * @return String + */ + public Object getValue() { + return value; + } + + /** + * Sets the name. + * @param name The name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * Sets the namespace. + * @param namespace The namespace to set + */ + public void setNamespace(String namespace) { + this.namespace = namespace; + } + + /** + * Sets the value. + * @param value The value to set + */ + public void setValue(Object value) { + this.value = value; + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index 1079a48de..094fa091f 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -6,9 +6,11 @@ import java.util.ArrayList; import java.util.List; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.id.*; +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.util.Constants; @@ -27,16 +29,13 @@ public class CreateXMLSignatureResponseParser { // // XPath namespace prefix shortcuts // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */ - private static final String SL11 = Constants.SL11_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ private static final String SAML = Constants.SAML_PREFIX + ":"; /** Xpath prefix for reaching XML-DSIG Namespaces */ private static final String DSIG = Constants.DSIG_PREFIX + ":"; /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL11 + "CreateXMLSignatureResponse/"; + private static final String ROOT = ":CreateXMLSignatureResponse/"; /** Xpath expression to the SAML:Assertion element */ private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion"; /** Xpath expression to the SAML:NameIdentifier element */ @@ -45,7 +44,8 @@ public class CreateXMLSignatureResponseParser { private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; /** Xpath expression to the AttributeValue element */ private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue"; - + + /** This is the root element of the XML-Document provided by the Security Layer Card */ private Element sigResponse; @@ -89,6 +89,7 @@ public class CreateXMLSignatureResponseParser { try { sigResponse = DOMUtils.parseXmlValidating(is); + } catch (Throwable t) { throw new ParseException("parser.01", new Object[] { t.toString()}, t); @@ -114,17 +115,23 @@ public class CreateXMLSignatureResponseParser { public CreateXMLSignatureResponse parseResponse() throws ParseException { CreateXMLSignatureResponse cResp; try { - cResp = new CreateXMLSignatureResponse(); - cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse, SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null)); - cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse, SAML_ASSERTION_XPATH)); - NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse, SAML_ATTRIBUTE_XPATH); + String slPrefix = sigResponse.getPrefix(); + cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse, "/" + slPrefix + SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null)); + cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse, "/" + slPrefix + SAML_ASSERTION_XPATH)); + NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse, "/" + slPrefix + SAML_ATTRIBUTE_XPATH); Element samlAttr; List samlAttributes = new ArrayList(); while ((samlAttr = (Element) attrIter.nextNode()) != null) { String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", ""); String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", ""); - String attrValue = XPathUtils.getElementValue(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH, ""); + Object attrValue; + if ("wbPK".equals(attrName)) { + Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH); + attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes()); + } else { + attrValue = XPathUtils.getElementValue(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH, ""); + } samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); } SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; @@ -136,5 +143,37 @@ public class CreateXMLSignatureResponseParser { } return cResp; } - + +// public CreateXMLSignatureResponse parseResponse1() throws ParseException { +// CreateXMLSignatureResponse cResp; +// try { +// cResp = new CreateXMLSignatureResponse(); +// Element samlAssertion = (Element)sigResponse.getElementsByTagNameNS(Constants.SAML_NS_URI, "Assertion").item(0); +// cResp.setSamlAssertion(samlAssertion); +// Element samlAttributeStatement = (Element)samlAssertion.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeStatement").item(0); +// Element samlSubject = (Element)samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Subject").item(0); +// Element samlNameIdentifier = (Element)samlSubject.getElementsByTagNameNS(Constants.SAML_NS_URI, "NameIdentifier").item(0); +// cResp.setSamlNameIdentifier(samlNameIdentifier.getFirstChild().getNodeValue()); +// NodeList nl = samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Attribute"); +// List samlAttributes = new ArrayList(); +// for (int i=0; i<nl.getLength(); i++) { +// Element samlAttribute = (Element)nl.item(i); +// String attrName = samlAttribute.getAttribute("AttributeName"); +// String attrNamespace = samlAttribute.getAttribute("AttributeNamespace"); +// String attrValue = ((Element)samlAttribute.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeValue").item(0)).getFirstChild().getNodeValue(); +// samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); +// } +// SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; +// samlAttributes.toArray(result); +// cResp.setSamlAttributes(result); +// } +// catch (Throwable t) { +// throw new ParseException("parser.01", new Object[] { t.toString()}, t); +// } +// return cResp; +// } + + + + } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java index 4fbc58977..a952b2066 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java @@ -6,7 +6,6 @@ import java.io.InputStream; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -18,20 +17,6 @@ import at.gv.egovernment.moa.util.XPathUtils; */ public class ErrorResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL10 + "ErrorResponse/"; - /** Xpath expression to the ErrorCode element */ - private static final String ERROR_CODE_XPATH = - ROOT + SL10 + "ErrorCode"; - /** Xpath expression to the Info element */ - private static final String ERROR_INFO_XPATH = - ROOT + SL10 + "Info"; - /** This is the root element of the XML-Document provided by the Security Layer Card */ private Element errorElement; @@ -72,8 +57,16 @@ public class ErrorResponseParser { * @return String */ public String getErrorCode() { - - return XPathUtils.getElementValue(errorElement,ERROR_CODE_XPATH,null); + + String slPrefix = errorElement.getPrefix(); + StringBuffer sb = new StringBuffer("/"); + sb.append(slPrefix); + sb.append(":ErrorResponse/"); + sb.append(slPrefix); + sb.append(":ErrorCode"); + String errorCodeXPath = sb.toString(); + return XPathUtils.getElementValue(errorElement,errorCodeXPath,null); + } /** @@ -82,7 +75,15 @@ public class ErrorResponseParser { */ public String getErrorInfo() { - return XPathUtils.getElementValue(errorElement,ERROR_INFO_XPATH,null); + String slPrefix = errorElement.getPrefix(); + StringBuffer sb = new StringBuffer("/"); + sb.append(slPrefix); + sb.append(":ErrorResponse/"); + sb.append(slPrefix); + sb.append(":Info"); + String errorInfoXPath = sb.toString(); + return XPathUtils.getElementValue(errorElement,errorInfoXPath,null); + } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 012a5b559..05272a695 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -19,17 +19,17 @@ import at.gv.egovernment.moa.util.XPathUtils; */ public class InfoboxReadResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL10 + "InfoboxReadResponse/"; - /** Xpath expression to the SAML:Assertion element */ - private static final String SAML_ASSERTION_XPATH = ROOT + SL10 + "BinaryFileData/" + SL10 + "XMLContent/" + SAML + "Assertion"; +// // +// // XPath namespace prefix shortcuts +// // +// /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ +// private static final String SL10 = Constants.SL10_PREFIX + ":"; +// /** Xpath prefix for reaching SAML Namespaces */ +// private static final String SAML = Constants.SAML_PREFIX + ":"; +// /** Xpath expression to the root element */ +// private static final String ROOT = "/" + SL10 + "InfoboxReadResponse/"; +// /** Xpath expression to the SAML:Assertion element */ +// private static final String SAML_ASSERTION_XPATH = ROOT + SL10 + "BinaryFileData/" + SL10 + "XMLContent/" + SAML + "Assertion"; /** This is the root element of the XML-Document provided by the Security Layer Card*/ private Element infoBoxElem; @@ -86,8 +86,21 @@ public class InfoboxReadResponseParser { */ public String parseSAMLAssertion() throws ParseException { try { - Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem, SAML_ASSERTION_XPATH); + + String slPrefix = infoBoxElem.getPrefix(); + StringBuffer sb = new StringBuffer("/"); + sb.append(slPrefix); + sb.append(":InfoboxReadResponse/"); + sb.append(slPrefix); + sb.append(":BinaryFileData/"); + sb.append(slPrefix); + sb.append(":XMLContent/"); + sb.append(Constants.SAML_PREFIX); + sb.append(":Assertion"); + String samlAssertionXPath = sb.toString(); + Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem, samlAssertionXPath); return DOMUtils.serializeNode(samlAssertion); + } catch (Throwable t) { throw new ParseException("parser.01", new Object[] { t.toString()}, t); @@ -105,5 +118,6 @@ public class InfoboxReadResponseParser { IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString); return ilParser.parseIdentityLink(); } + } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index e628cb997..e0f3fcaff 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -121,6 +121,7 @@ public class VerifyXMLSignatureResponseParser { */ public VerifyXMLSignatureResponse parseData() throws ParseException { + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 50d3225d2..4dc69c70b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -78,8 +78,7 @@ public class SelectBKUServlet extends AuthServlet { resp.setContentType("text/html"); resp.sendRedirect(redirectURL); Logger.info("REDIRECT TO: " + redirectURL); - } - else { + } else { // bkuSelectionType==HTMLSelect String htmlForm = returnValue; resp.setContentType("text/html;charset=UTF-8"); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 89748da3f..d0f11c3bf 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -58,7 +58,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { * <ul> * <li>Status: <code>302</code></li> * <li>Header <code>"Location"</code>: URL of the online application requested, with - * parameters <code>"Target"</code> and <code>"SAMLArtifact"</code> added</li> + * parameters <code>"Target"</code>(only if the online application is + * a public service) and <code>"SAMLArtifact"</code> added</li> * <li>Error status: <code>500</code> * </ul> * @see AuthenticationServer#verifyAuthenticationBlock @@ -80,7 +81,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); String redirectURL = session.getOAURLRequested(); - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget()); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget()); + } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL); resp.setContentType("text/html"); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 3c15b9ec4..2eafaa297 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth.validator; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.util.Constants; @@ -17,7 +18,7 @@ import at.gv.egovernment.moa.util.XPathUtils; */ public class CreateXMLSignatureResponseValidator { - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ + /** Xpath prefix for reaching SAML Namespaces */ private static final String SAML = Constants.SAML_PREFIX + ":"; /** Xpath prefix for reaching XML-DSIG Namespaces */ private static final String DSIG = Constants.DSIG_PREFIX + ":"; @@ -59,45 +60,78 @@ public class CreateXMLSignatureResponseValidator { * @param oaURL * @throws ValidateException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, String gbTarget, String oaURL) + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) throws ValidateException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - - - XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH); + + String gbTarget = session.getTarget(); + String oaURL = session.getPublicOAURLPrefix(); + boolean businessService = session.getBusinessService(); + +// XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH); - SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes(); + SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes(); - boolean foundOA = false; - boolean foundGB = false; - for (int i = 0; i < samlattributes.length; i++) - { - if (samlattributes[i].getName().equals("Geschaeftsbereich")) - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) - - { - foundGB = true; - if (!gbTarget.equals(samlattributes[i].getValue())) - { - throw new ValidateException("validator.13", null); - } + boolean foundOA = false; + boolean foundGB = false; + boolean foundWBPK = false; + + for (int i = 0; i < samlattributes.length; i++) { + if (samlattributes[i].getName().equals("Geschaeftsbereich")) { + if (businessService) { + throw new ValidateException("validator.26", null); + } + if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundGB = true; + if (!gbTarget.equals((String)samlattributes[i].getValue())) { + throw new ValidateException("validator.13", null); + } + } else { + throw new ValidateException("validator.12", null); + } + } + if (samlattributes[i].getName().equals("OA")) { + if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlattributes[i].getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()}); + } + } else { + throw new ValidateException("validator.15", null); + } + } + if (samlattributes[i].getName().equals("wbPK")) { + if (!businessService) { + throw new ValidateException("validator.27", null); + } + if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundWBPK = true; + try { + Element attrValue = (Element)samlattributes[i].getValue(); + String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue(); + String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue(); + if (!value.equals(session.getIdentityLink().getIdentificationValue())) { + throw new ValidateException("validator.28", null); } - else throw new ValidateException("validator.12", null); - if (samlattributes[i].getName().equals("OA")) - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) - { - foundOA = true; - if (!oaURL.equals(samlattributes[i].getValue())) // CHECKS für die AttributeVALUES fehlen noch - { - throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()}); - } - + if (!type.equals(session.getIdentityLink().getIdentificationType())) { + throw new ValidateException("validator.28", null); } - else throw new ValidateException("validator.15", null); - } - if (!foundOA) throw new ValidateException("validator.14", null); + } catch (Exception ex) { + throw new ValidateException("validator.29", null); + } + } else { + throw new ValidateException("validator.30", null); + } + } + } + + if (!foundOA) throw new ValidateException("validator.14", null); + if (businessService) { + if (!foundWBPK) throw new ValidateException("validator.31", null); + } else { if (!foundGB) throw new ValidateException("validator.11", null); + } //Check if dsig:Signature exists Element dsigSignature = (Element) XPathUtils.selectSingleNode(createXMLSignatureResponse.getSamlAssertion(),DSIG + "Signature"); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 5adbc5b3d..1127b3f43 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -11,6 +11,7 @@ import iaik.x509.X509Certificate; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; /** * This class is used to validate an {@link VerifyXMLSignatureResponse} @@ -46,11 +47,15 @@ public class VerifyXMLSignatureResponseValidator { * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code> * @param identityLinkSignersSubjectDNNames subject names configured * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated + * @param ignoreManifestValidationResult specifies whether the validation result of the + * manifest has to be ignored (identityLink validation if + * the OA is a business service) or not * @throws ValidateException on any validation error */ - public void validate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - String[] identityLinkSignersSubjectDNNames, String whatToCheck) + public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, + String[] identityLinkSignersSubjectDNNames, + String whatToCheck, + boolean ignoreManifestValidationResult) throws ValidateException { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) @@ -74,9 +79,13 @@ public class VerifyXMLSignatureResponseValidator { else throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); } - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); + if (ignoreManifestValidationResult) { + Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); + } else { + if (verifyXMLSignatureResponse.isXmlDSIGManigest()) + if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) + throw new ValidateException("validator.08", null); + } //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not if (identityLinkSignersSubjectDNNames != null) { String subjectDN = ""; |