aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/config
diff options
context:
space:
mode:
authorrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
committerrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
commitdd45e938564249a5e6897bd92dd29808d8990868 (patch)
tree372d8a4b128cff09262ad09d6a4cf5765d672d61 /id.server/src/at/gv/egovernment/moa/id/config
parent59f78a67d7357fd31de68fc2b623f95b3d654ebc (diff)
downloadmoa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.gz
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.bz2
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.zip
MOA-ID version 1.1 (initial)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/config')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java678
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java31
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java105
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java106
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java341
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java93
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java145
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java160
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java170
9 files changed, 1829 insertions, 0 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
new file mode 100644
index 000000000..f91222ac3
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -0,0 +1,678 @@
+package at.gv.egovernment.moa.id.config;
+
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.io.ByteArrayInputStream;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class that builds configuration data from a DOM based representation.
+ *
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConfigurationBuilder {
+
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** an XPATH-Expression */
+ private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
+ /** an XPATH-Expression */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+ //
+ // chaining mode constants appearing in the configuration file
+ //
+ /** an XPATH-Expression */
+ private static final String CM_CHAINING = "chaining";
+ /** an XPATH-Expression */
+ private static final String CM_PKIX = "pkix";
+ /** an XPATH-Expression */
+ private static final String DEFAULT_ENCODING = "UTF-8";
+
+ /**
+ * Default online application configuration file name
+ * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>).
+ */
+ public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
+
+ //
+ // XPath expressions to select certain parts of the configuration
+ //
+ /** an XPATH-Expression */
+ private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
+ /** an XPATH-Expression */
+ private static final String ROOTOA = "/" + CONF + "Configuration/";
+ /** an XPATH-Expression */
+ private static final String AUTH_BKU_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
+ /** an XPATH-Expression */
+ private static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
+
+ /** an XPATH-Expression */
+ private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
+ /** an XPATH-Expression */
+ private static final String PROXY_AUTH_XPATH =
+ ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
+
+ /** an XPATH-Expression */
+ private static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
+ /** an XPATH-Expression */
+ private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
+ /** an XPATH-Expression */
+ private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETER_URL_XPATH =
+ CONF + "ConnectionParameter/@URL";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
+ CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
+ CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
+ CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
+ /** an XPATH-Expression */
+ private static final String GENERIC_CONFIGURATION_XPATH =
+ ROOT + CONF + "GenericConfiguration";
+ /** an XPATH-Expression */
+ private static final String OACONF_LOGIN_TYPE_XPATH =
+ ROOTOA + CONF + "LoginType";
+ /** an XPATH-Expression */
+ private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
+ ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
+ /** an XPATH-Expression */
+ private static final String OACONF_USER_ID_XPATH =
+ ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
+ /** an XPATH-Expression */
+ private static final String OACONF_PASSWORD_XPATH =
+ ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
+ /** an XPATH-Expression */
+ private static final String OACONF_HEADER_AUTH_HEADER_XPATH =
+ ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
+ /** an XPATH-Expression */
+ private static final String CHAINING_MODES_XPATH =
+ ROOT + CONF + "ChainingModes";
+ /** an XPATH-Expression */
+ private static final String CHAINING_MODES_DEFAULT_XPATH =
+ CHAINING_MODES_XPATH + "/@systemDefaultMode";
+ /** an XPATH-Expression */
+ private static final String TRUST_ANCHOR_XPATH =
+ ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
+ /** an XPATH-Expression */
+ private static final String ISSUER_XPATH = DSIG + "X509IssuerName";
+ /** an XPATH-Expression */
+ private static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
+ /** an XPATH-Expression */
+ private static final String TRUSTED_CA_CERTIFICATES_XPATH =
+ ROOT + CONF + "TrustedCACertificates";
+
+ /** The root element of the MOA-ID configuration */
+ private Element configElem;
+
+ /**
+ * Creates a new <code>MOAConfigurationProvider</code>.
+ *
+ * @param configElem The root element of the MOA-ID configuration.
+ */
+ public ConfigurationBuilder(Element configElem) {
+ this.configElem = configElem;
+ }
+
+ /**
+ * Returns the root element of the MOA-ID configuration.
+ *
+ * @return The root element of the MOA-ID configuration.
+ */
+ public Element getConfigElem() {
+ return configElem;
+ }
+
+ /**
+ * Build a ConnectionParameter object containing all information
+ * of the moa-sp element in the authentication component
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter buildAuthBKUConnectionParameter() {
+
+ Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
+ if (authBKU==null) return null;
+ return buildConnectionParameter(authBKU);
+ }
+
+ /**
+ * Method buildAuthBKUSelectionType.
+ *
+ * Build a string with the configuration value of BKUSelectionAlternative
+ *
+ * @return String
+ */
+ public String buildAuthBKUSelectionType() {
+
+ Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
+ if (authBKU==null) return null;
+ return (authBKU).getAttribute("BKUSelectionAlternative");
+ }
+
+ /**
+ * Build a string array with all filenames leading
+ * to the Transforms Information for the Security Layer
+ * @return String[] of filenames to the Security Layer Transforms Information
+ */
+ public String[] buildTransformsInfoFileNames() {
+
+ List transformsInfoFileNames = new ArrayList();
+ NodeIterator tiIter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+ Attr tiElem;
+
+ while ((tiElem = (Attr) tiIter.nextNode()) != null) {
+
+ String tiFileName = tiElem.getNodeValue();
+ transformsInfoFileNames.add(tiFileName);
+ }
+ String[] result = new String[transformsInfoFileNames.size()];
+ transformsInfoFileNames.toArray(result);
+
+ return result;
+ }
+
+ /**
+ * Build a ConnectionParameter bean containing all information
+ * of the authentication component moa-sp element
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter buildMoaSpConnectionParameter() {
+
+ Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH);
+ if (connectionParameter==null) return null;
+ return buildConnectionParameter(connectionParameter);
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyIdentityLink trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ */
+ public String getMoaSpIdentityLinkTrustProfileID() {
+ return XPathUtils.getElementValue(
+ getConfigElem(),
+ AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
+ "");
+ }
+ /**
+ * Return a string representation of an URL pointing to trusted CA Certificates
+ * @return String representation of an URL pointing to trusted CA Certificates
+ */
+ public String getTrustedCACertificates() {
+ return XPathUtils.getElementValue(
+ getConfigElem(),
+ TRUSTED_CA_CERTIFICATES_XPATH,null);
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyAuthBlock trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String getMoaSpAuthBlockTrustProfileID() {
+ return XPathUtils.getElementValue(
+ getConfigElem(),
+ AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
+ "");
+ }
+ /**
+ * Build a string array with references to all verify transform info
+ * IDs within the moa-sp part of the authentication component
+ * @return A string array containing all urls to the
+ * verify transform info IDs
+ */
+ public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {
+
+ List verifyTransformsInfoIDs = new ArrayList();
+ NodeIterator vtIter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
+ Element vtElem;
+
+ while ((vtElem = (Element) vtIter.nextNode()) != null) {
+
+ String vtInfoIDs = DOMUtils.getText(vtElem);
+ verifyTransformsInfoIDs.add(vtInfoIDs);
+ }
+ String[] result = new String[verifyTransformsInfoIDs.size()];
+ verifyTransformsInfoIDs.toArray(result);
+
+ return result;
+ }
+
+ /**
+ * Return a string array containing all X509 Subject Names
+ * of the Identity Link Signers
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String[] getIdentityLink_X509SubjectNames() {
+
+ List x509SubjectNameList = new ArrayList();
+ NodeIterator x509Iter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
+ Element x509Elem;
+
+ while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
+
+ String vtInfoIDs = DOMUtils.getText(x509Elem);
+ x509SubjectNameList.add(vtInfoIDs);
+ }
+ String[] result = new String[x509SubjectNameList.size()];
+ x509SubjectNameList.toArray(result);
+
+ return result;
+ }
+
+ /**
+ * Build an array of the OnlineApplication Parameters containing information
+ * about the authentication component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the authentication component of the online
+ * application
+ */
+ public OAAuthParameter[] buildOnlineApplicationAuthParameters() {
+
+ List OA_set = new ArrayList();
+ NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
+
+ for (int i = 0; i < OAIter.getLength(); i++) {
+ Element oAElem = (Element) OAIter.item(i);
+ Element authComponent =
+ (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);
+
+ OAAuthParameter oap = new OAAuthParameter();
+ oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
+ //Check if there is an Auth-Block to read from configuration
+ if (authComponent!=null)
+ {
+ oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl")));
+ oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
+ oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
+ }
+ OA_set.add(oap);
+ }
+ OAAuthParameter[] result =
+ new OAAuthParameter[OA_set.size()];
+ OA_set.toArray(result);
+
+ return result;
+
+ }
+
+ /**
+ * Build a bean containing all information about the ProxyComponent
+ * @return The ConnectionParameter for the Proxy Component
+ */
+ public ConnectionParameter buildAuthComponentConnectionParameter()
+ {
+
+ Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH);
+ if (connectionParameter==null) return null;
+ return buildConnectionParameter(connectionParameter);
+
+ }
+ /**
+ * Method buildConnectionParameter: internal Method for creating a
+ * ConnectionParameter object with all data found in the incoming element
+ * @param root: this Element contains the ConnectionParameter
+ * @return ConnectionParameter
+ */
+ protected ConnectionParameter buildConnectionParameter(Element root)
+ {
+ ConnectionParameter result = new ConnectionParameter();
+ result.setAcceptedServerCertificates(
+ XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
+ result.setUrl(
+ XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
+ result.setClientKeyStore(
+ XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
+ result.setClientKeyStorePassword(
+ XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
+
+ if ((result.getAcceptedServerCertificates()==null)
+ && (result.getUrl()=="")
+ && (result.getClientKeyStore()==null)
+ && (result.getClientKeyStorePassword()==""))
+ return null;
+
+ return result;
+ }
+
+ /**
+ * Build an array of OnlineApplication Parameter Beans containing information
+ * about the proxy component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the proxy component of the online
+ * application
+ */
+ public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
+
+ List oA_list = new ArrayList();
+ NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
+
+ for (int i = 0; i < OAIter.getLength(); i++) {
+ Element oAElem = (Element) OAIter.item(i);
+ OAProxyParameter oap = new OAProxyParameter();
+
+ oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
+ Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
+ if (proxyComponentElem != null) {
+ oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
+ // default session time out: 3600 sec = 1 h
+ oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
+ oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
+ oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
+
+ ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
+ oap.setConnectionParameter(conPara);
+
+ OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
+ oap.setOaConfiguration(oaConf);
+
+ oA_list.add(oap);
+ }
+ }
+ OAProxyParameter[] result =
+ new OAProxyParameter[oA_list.size()];
+ oA_list.toArray(result);
+
+ return result;
+
+ }
+
+ /**
+ * Build the mapping of generic configuration properties.
+ *
+ * @return a {@link Map} of generic configuration properties (a name to value
+ * mapping) from the configuration.
+ */
+ public Map buildGenericConfiguration() {
+
+ Map genericConfiguration = new HashMap();
+ NodeIterator gcIter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ GENERIC_CONFIGURATION_XPATH);
+ Element gcElem;
+
+ while ((gcElem = (Element) gcIter.nextNode()) != null) {
+ String gcName = gcElem.getAttribute("name");
+ String gcValue = gcElem.getAttribute("value");
+
+ genericConfiguration.put(gcName, gcValue);
+ }
+
+ return genericConfiguration;
+ }
+ /**
+ * Method buildOAConfiguration.
+ *
+ * Build an {@link OAConfiguration} Object from the given configuration DOM element
+ *
+ * @param root
+ * @return OAConfiguration
+ * @throws ConfigurationException
+ */
+ public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
+
+ OAConfiguration oaConfiguration = new OAConfiguration();
+
+ //The LoginType hast to be "stateless" or "stateful" to be valid
+ oaConfiguration.setLoginType(
+ XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
+
+ //Try to build the Parameter Auth Parameters
+ NodeIterator paramAuthIter =
+ XPathUtils.selectNodeIterator(
+ root,
+ OACONF_PARAM_AUTH_PARAMETER_XPATH);
+ Element paramAuthElem;
+ HashMap paramAuthMap = new HashMap();
+ while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
+ String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
+ String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
+ if (paramAuthMap.containsKey(name))
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ paramAuthMap.put(name, value);
+ }
+ oaConfiguration.setParamAuthMapping(paramAuthMap);
+ // Try to build the BasicAuthParameters
+ oaConfiguration.setBasicAuthUserIDMapping(
+ XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
+ oaConfiguration.setBasicAuthPasswordMapping(
+ XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
+
+ //Try to build the Parameter Auth Parameters
+ NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
+
+ Element headerAuthElem;
+ HashMap headerAuthMap = new HashMap();
+ while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
+ String name =
+ XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
+ String value =
+ XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
+ // Contains Key (Neue Config-Exception: doppelte werte)
+ if (headerAuthMap.containsKey(name))
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ headerAuthMap.put(name, value);
+ }
+ oaConfiguration.setHeaderAuthMapping(headerAuthMap);
+
+ if (paramAuthMap.size() == 0) {
+ if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
+ oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
+ }
+ else
+ oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
+ }
+ else
+ oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
+
+ return oaConfiguration;
+ }
+
+ /**
+ * Reads the configuration file of the online application, and creates a DOM tree from it.
+ * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given,
+ * uses default configuration file location.
+ *
+ * @param oap configuration data of online application, meant for use by MOA-ID-PROXY
+ * @return Element DOM tree root element
+ * @throws ConfigurationException on any exception thrown
+ */
+ private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
+ {
+ try {
+ String configFileURL = oap.getConfigFileURL();
+ if (configFileURL == null) {
+ // use default config file URL, when config file URL is not given
+ configFileURL = oap.getConnectionParameter().getUrl();
+ if (configFileURL.charAt(configFileURL.length() - 1) != '/')
+ configFileURL += "/";
+ configFileURL += DEFAULT_OA_CONFIG_FILENAME;
+ }
+ Logger.info("Loading MOA-OA configuration " + configFileURL);
+ Element configElem = DOMUtils.parseXmlValidating(
+ new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
+ return configElem;
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
+ }
+ }
+
+ /**
+ * Returns the default chaining mode from the configuration.
+ *
+ * @return The default chaining mode.
+ */
+ public String getDefaultChainingMode() {
+ String defaultChaining =
+ XPathUtils.getAttributeValue(
+ getConfigElem(),
+ CHAINING_MODES_DEFAULT_XPATH,
+ CM_CHAINING);
+
+ return translateChainingMode(defaultChaining);
+
+ }
+ /**
+ * Build the chaining modes for all configured trust anchors.
+ *
+ * @return The mapping from trust anchors to chaining modes.
+ */
+ public Map buildChainingModes() {
+ Map chainingModes = new HashMap();
+ NodeIterator trustIter =
+ XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
+ Element trustAnchorElem;
+
+ while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
+ IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
+ String mode = trustAnchorElem.getAttribute("mode");
+
+ if (issuerAndSerial != null) {
+ chainingModes.put(issuerAndSerial, translateChainingMode(mode));
+ }
+ }
+
+ return chainingModes;
+ }
+
+ /**
+ * Build an <code>IssuerAndSerial</code> from the DOM representation.
+ *
+ * @param root The root element (being of type <code>dsig:
+ * X509IssuerSerialType</code>.
+ * @return The issuer and serial number contained in the <code>root</code>
+ * element or <code>null</code> if could not be built for any reason.
+ */
+ private IssuerAndSerial buildIssuerAndSerial(Element root) {
+ String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
+ String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);
+
+ if (issuer != null && serial != null) {
+ try {
+ RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
+ Principal issuerDN = nameParser.parse();
+
+ return new IssuerAndSerial(issuerDN, new BigInteger(serial));
+ } catch (RFC2253NameParserException e) {
+ warn("config.09", new Object[] { issuer, serial }, e);
+ return null;
+ } catch (NumberFormatException e) {
+ warn("config.09", new Object[] { issuer, serial }, e);
+ return null;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Translate the chaining mode from the configuration file to one used in the
+ * IAIK MOA API.
+ *
+ * @param chainingMode The chaining mode from the configuration.
+ * @return The chaining mode as provided by the <code>ChainingModes</code>
+ * interface.
+ * @see iaik.pki.pathvalidation.ChainingModes
+ */
+ private String translateChainingMode(String chainingMode) {
+ if (chainingMode.equals(CM_CHAINING)) {
+ return ChainingModes.CHAIN_MODE;
+ } else if (chainingMode.equals(CM_PKIX)) {
+ return ChainingModes.PKIX_MODE;
+ } else {
+ return ChainingModes.CHAIN_MODE;
+ }
+ }
+
+ /**
+ * Method warn.
+ * @param messageId to identify a country-specific message
+ * @param parameters for the logger
+ */
+ //
+ // various utility methods
+ //
+
+ private static void warn(String messageId, Object[] parameters) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ }
+
+ /**
+ * Method warn.
+ * @param messageId to identify a country-specific message
+ * @param args for the logger
+ * @param t as throwabl
+ */
+ private static void warn(String messageId, Object[] args, Throwable t) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
new file mode 100644
index 000000000..2ebec0398
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.config;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception signalling an error in the configuration.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationException extends MOAIDException {
+
+ /**
+ * Create a <code>MOAConfigurationException</code>.
+ */
+ public ConfigurationException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Create a <code>MOAConfigurationException</code>.
+ */
+ public ConfigurationException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
new file mode 100644
index 000000000..5d523ba62
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -0,0 +1,105 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+
+/**
+ * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>,
+ * providing functions common to both of them.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationProvider {
+
+ /**
+ * Constructor
+ */
+ public ConfigurationProvider() {
+ super();
+ }
+
+ /**
+ * The name of the system property which contains the file name of the
+ * configuration file.
+ */
+ public static final String CONFIG_PROPERTY_NAME =
+ "moa.id.configuration";
+
+ /**
+ * The name of the generic configuration property giving the certstore directory path.
+ */
+ public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
+ "DirectoryCertStoreParameters.RootDir";
+
+ /**
+ * A <code>Map</code> which contains generic configuration information. Maps a
+ * configuration name (a <code>String</code>) to a configuration value (also a
+ * <code>String</code>).
+ */
+ protected Map genericConfiguration;
+
+ /** The default chaining mode. */
+ protected String defaultChainingMode;
+
+ /**
+ * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
+ * chaining mode (a <code>String</code>) mapping.
+ */
+ protected Map chainingModes;
+
+ /**
+ * the URL for the trusted CA Certificates
+ */
+ protected String trustedCACertificates;
+
+ /**
+ * Returns the mapping of generic configuration properties.
+ *
+ * @return The mapping of generic configuration properties (a name to value
+ * mapping) from the configuration.
+ */
+ public Map getGenericConfiguration() {
+ return genericConfiguration;
+ }
+
+ /**
+ * Returns the value of a parameter from the generic configuration section.
+ *
+ * @return the parameter value; <code>null</code> if no such parameter
+ */
+ public String getGenericConfigurationParameter(String parameter) {
+ if (! genericConfiguration.containsKey(parameter))
+ return null;
+ return (String)genericConfiguration.get(parameter);
+ }
+
+ /**
+ * Return the chaining mode for a given trust anchor.
+ *
+ * @param trustAnchor The trust anchor for which the chaining mode should be
+ * returned.
+ * @return The chaining mode for the given trust anchor. If the trust anchor
+ * has not been configured separately, the system default will be returned.
+ */
+ public String getChainingMode(X509Certificate trustAnchor) {
+ Principal issuer = trustAnchor.getIssuerDN();
+ BigInteger serial = trustAnchor.getSerialNumber();
+ IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
+
+ String mode = (String) chainingModes.get(issuerAndSerial);
+ return mode != null ? mode : defaultChainingMode;
+ }
+
+ /**
+ * Returns the trustedCACertificates.
+ * @return String
+ */
+ public String getTrustedCACertificates() {
+ return trustedCACertificates;
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
new file mode 100644
index 000000000..30b09cfe0
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -0,0 +1,106 @@
+package at.gv.egovernment.moa.id.config;
+
+/**
+ * This bean class is used to store data for various connectionParameter
+ * within the MOA-ID configuration
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConnectionParameter {
+
+ /**
+ * Server URL
+ */
+ private String url;
+ /**
+ * File URL for a directory containing PKCS#12 server SSL certificates.
+ * From these certificates, a X509 trust store will be assembled for use
+ * by a JSSE <code>TrustManager</code>.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String acceptedServerCertificates;
+ /**
+ * File URL of a X509 key store containing the private key to be used
+ * for an HTTPS connection when the server requires client authentication.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String clientKeyStore;
+ /**
+ * Password protecting the client key store.
+ */
+ private String clientKeyStorePassword;
+
+ /**
+ * Checks whether the URL scheme is <code>"https"</code>.
+ * @return true in case of an URL starting with <code>"https"</code>
+ */
+ public boolean isHTTPSURL() {
+ return getUrl().indexOf("https") == 0;
+ }
+
+ /**
+ * Returns the url.
+ * @return String
+ */
+ public String getUrl() {
+ return url;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public String getAcceptedServerCertificates() {
+ return acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the acceptedServerCertificates.
+ * @param acceptedServerCertificates The acceptedServerCertificates to set
+ */
+ public void setAcceptedServerCertificates(String acceptedServerCertificates) {
+ this.acceptedServerCertificates = acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the url.
+ * @param url The url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public String getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ /**
+ * Sets the clientKeyStore.
+ * @param clientKeyStore The clientKeyStore to set
+ */
+ public void setClientKeyStore(String clientKeyStore) {
+ this.clientKeyStore = clientKeyStore;
+ }
+
+ /**
+ * Sets the clientKeyStorePassword.
+ * @param clientKeyStorePassword The clientKeyStorePassword to set
+ */
+ public void setClientKeyStorePassword(String clientKeyStorePassword) {
+ this.clientKeyStorePassword = clientKeyStorePassword;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
new file mode 100644
index 000000000..e3c869d53
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -0,0 +1,341 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * A class providing access to the Auth Part of the MOA-ID configuration data.
+ *
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.id.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>AuthConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>AuthConfigurationProvider</code> local to that request.</p>
+ *
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ *
+ * @version $Id$
+ */
+public class AuthConfigurationProvider extends ConfigurationProvider {
+
+ /** DEFAULT_ENCODING is "UTF-8" */
+ private static final String DEFAULT_ENCODING="UTF-8";
+ /**
+ * The name of the generic configuration property giving the authentication session time out.
+ */
+ public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
+ "AuthenticationSession.TimeOut";
+ /**
+ * The name of the generic configuration property giving the authentication data time out.
+ */
+ public static final String AUTH_DATA_TIMEOUT_PROPERTY =
+ "AuthenticationData.TimeOut";
+
+ /**
+ * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code>
+ */
+ public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
+ "HTMLComplete";
+
+ /**
+ * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code>
+ */
+ public static final String BKU_SELECTION_TYPE_HTMLSELECT =
+ "HTMLSelect";
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static AuthConfigurationProvider instance;
+
+ //
+ // configuration data
+ //
+
+ /**
+ * configuration files containing transformations for rendering in the
+ * secure viewer of the security layer implementation;
+ * multiple files can be given for different mime types
+ */
+ private String[] transformsInfoFileNames;
+ /**
+ * transformations for rendering in the secure viewer of the security layer implementation,
+ * read from {@link transformsInfoFileNames};
+ * multiple transformation can be given for different mime types
+ */
+ private String[] transformsInfos;
+ /**
+ * parameters for connection to MOA SP component
+ */
+ private ConnectionParameter moaSpConnectionParameter;
+ /**
+ * trust profile ID to be used for verifying the identity link signature via MOA ID SP
+ */
+ private String moaSpIdentityLinkTrustProfileID;
+ /**
+ * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
+ */
+ private String moaSpAuthBlockTrustProfileID;
+ /**
+ * transformations to be used for verifying the AUTH block signature via MOA ID SP
+ */
+ private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
+ /**
+ * X509 SubjectNames which will be trusted
+ */
+ private String[] identityLinkX509SubjectNames;
+
+ /**
+ * configuration parameters for online applications
+ */
+ private OAAuthParameter[] onlineApplicationAuthParameters;
+ /**
+ * the Selection Type of the bku Selection Element
+ */
+ private String bKUSelectionType;
+ /**
+ * is the bku Selection Element present?
+ */
+ private boolean bKUSelectable;
+ /**
+ * the bku Selection Connection Parameters
+ */
+ private ConnectionParameter bKUConnectionParameter;
+ /**
+ * Return the single instance of configuration data.
+ *
+ * @return AuthConfigurationProvider The current configuration data.
+ * @throws ConfigurationException
+ */
+ public static synchronized AuthConfigurationProvider getInstance()
+ throws ConfigurationException {
+
+ if (instance == null) {
+ reload();
+ }
+ return instance;
+ }
+
+ /**
+ * Reload the configuration data and set it if successful.
+ *
+ * @return AuthConfigurationProvider The loaded configuration data.
+ * @throws ConfigurationException Failure to load the configuration data.
+ */
+ public static synchronized AuthConfigurationProvider reload()
+ throws ConfigurationException {
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+ if (fileName == null) {
+ throw new ConfigurationException("config.01", null);
+ }
+ Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
+
+ instance = new AuthConfigurationProvider(fileName);
+ return instance;
+ }
+
+ /**
+ * Constructor for AuthConfigurationProvider.
+ * @param fileName
+ * @throws ConfigurationException
+ */
+ public AuthConfigurationProvider(String fileName)
+ throws ConfigurationException {
+
+ load(fileName);
+ }
+
+ /**
+ * Load the configuration data from XML file with the given name and build
+ * the internal data structures representing the MOA ID configuration.
+ *
+ * @param fileName The name of the XML file to load.
+ * @throws ConfigurationException The MOA configuration could not be
+ * read/built.
+ */
+ private void load(String fileName) throws ConfigurationException {
+ InputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ try {
+ // load the main config file
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseXmlValidating(stream);
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ } catch (IOException e) {
+ }
+ }
+ try {
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem);
+ bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+ bKUSelectable = (bKUConnectionParameter!=null);
+ bKUSelectionType = builder.buildAuthBKUSelectionType();
+ genericConfiguration = builder.buildGenericConfiguration();
+ transformsInfoFileNames = builder.buildTransformsInfoFileNames();
+ loadTransformsInfos();
+ moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+ moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+ moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+ moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+ onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters();
+ identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+ defaultChainingMode = builder.getDefaultChainingMode();
+ chainingModes = builder.buildChainingModes();
+ trustedCACertificates = builder.getTrustedCACertificates(); }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ /**
+ * Loads the <code>transformsInfos</code> from files.
+ * @throws Exception on any exception thrown
+ */
+ private void loadTransformsInfos() throws Exception {
+ transformsInfos = new String[transformsInfoFileNames.length];
+ for (int i = 0; i < transformsInfoFileNames.length; i++) {
+ String fileURL = transformsInfoFileNames[i];
+ String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
+ transformsInfos[i] = transformsInfo;
+ }
+ }
+ /**
+ * Return a string array with all filenames leading
+ * to the Transforms Information for the Security Layer
+ * @return String[] of filenames to the Security Layer Transforms Information
+ */
+ public String[] getTransformsInfoFileNames() {
+ return transformsInfoFileNames;
+ }
+
+ /**
+ * Build an array of the OnlineApplication Parameters containing information
+ * about the authentication component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for theauthentication component of the online
+ * application
+ */
+ public OAAuthParameter[] getOnlineApplicationParameters() {
+ return onlineApplicationAuthParameters;
+ }
+
+ /**
+ * Provides configuration information regarding the online application behind
+ * the given URL, relevant to the MOA-ID Auth component.
+ *
+ * @param oaURL URL requested for an online application
+ * @return an <code>OAAuthParameter</code>, or <code>null</code>
+ * if none is applicable
+ */
+ public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
+ OAAuthParameter[] oaParams = getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAAuthParameter oaParam = oaParams[i];
+ if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
+ return oaParam;
+ }
+ return null;
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyAuthBlock trust
+ * profile id within the moa-sp part of the authentication component
+ *
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String getMoaSpAuthBlockTrustProfileID() {
+ return moaSpAuthBlockTrustProfileID;
+ }
+
+ /**
+ * Return a string array with references to all verify transform info
+ * IDs within the moa-sp part of the authentication component
+ * @return A string array containing all urls to the
+ * verify transform info IDs
+ */
+ public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
+ return moaSpAuthBlockVerifyTransformsInfoIDs;
+ }
+
+ /**
+ * Return a ConnectionParameter bean containing all information
+ * of the authentication component moa-sp element
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter getMoaSpConnectionParameter() {
+ return moaSpConnectionParameter;
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyIdentityLink trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ */
+ public String getMoaSpIdentityLinkTrustProfileID() {
+ return moaSpIdentityLinkTrustProfileID;
+ }
+ /**
+ * Returns the transformsInfos.
+ * @return String[]
+ */
+ public String[] getTransformsInfos() {
+ return transformsInfos;
+ }
+
+ /**
+ * Returns the identityLinkX509SubjectNames.
+ * @return String[]
+ */
+ public String[] getIdentityLinkX509SubjectNames() {
+ return identityLinkX509SubjectNames;
+ }
+
+ /**
+ * Returns the bKUConnectionParameter.
+ * @return ConnectionParameter
+ */
+ public ConnectionParameter getBKUConnectionParameter() {
+ return bKUConnectionParameter;
+ }
+
+ /**
+ * Returns the bKUSelectable.
+ * @return boolean
+ */
+ public boolean isBKUSelectable() {
+ return bKUSelectable;
+ }
+
+ /**
+ * Returns the bKUSelectionType.
+ * @return String
+ */
+ public String getBKUSelectionType() {
+ return bKUSelectionType;
+ }
+
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
new file mode 100644
index 000000000..9ee1ec606
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -0,0 +1,93 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Auth component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAAuthParameter {
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+ /**
+ * determines whether "ZMR-Zahl" is to be included in the authentication data
+ */
+ private boolean provideZMRZahl;
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
+ private boolean provideAuthBlock;
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
+ private boolean provideIdentityLink;
+
+ /**
+ * Returns the provideAuthBlock.
+ * @return String
+ */
+ public boolean getProvideAuthBlock() {
+ return provideAuthBlock;
+ }
+
+ /**
+ * Returns the provideIdentityLink.
+ * @return String
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink;
+ }
+
+ /**
+ * Returns the provideZMRZahl.
+ * @return String
+ */
+ public boolean getProvideZMRZahl() {
+ return provideZMRZahl;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ * Sets the provideAuthBlock.
+ * @param provideAuthBlock The provideAuthBlock to set
+ */
+ public void setProvideAuthBlock(boolean provideAuthBlock) {
+ this.provideAuthBlock = provideAuthBlock;
+ }
+
+ /**
+ * Sets the provideIdentityLink.
+ * @param provideIdentityLink The provideIdentityLink to set
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ this.provideIdentityLink = provideIdentityLink;
+ }
+
+ /**
+ * Sets the provideZMRZahl.
+ * @param provideZMRZahl The provideZMRZahl to set
+ */
+ public void setProvideZMRZahl(boolean provideZMRZahl) {
+ this.provideZMRZahl = provideZMRZahl;
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String publicURLPrefix) {
+ this.publicURLPrefix = publicURLPrefix;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
new file mode 100644
index 000000000..c9a13fee5
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
@@ -0,0 +1,145 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ * These include the login type (stateful or stateless), the HTTP authentication type,
+ * and information needed to add authentication parameters or headers for a URL connection
+ * to the remote online application.
+ * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code>
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAConfiguration {
+
+ /** Constant for an login method */
+ public static final String LOGINTYPE_STATEFUL = "stateful";
+ /** Constant for an login method */
+ public static final String LOGINTYPE_STATELESS = "stateless";
+
+ /** Constant for an auth method */
+ public static final String BASIC_AUTH = "basic";
+ /** Constant for an auth method */
+ public static final String HEADER_AUTH = "header";
+ /** Constant for an auth method */
+ public static final String PARAM_AUTH = "param";
+
+ /** login type: stateful or stateless */
+ String loginType;
+ /** authentication type: basic, header, or param */
+ String authType;
+ /**
+ * mapping of parameter names to AuthenticationData field names
+ * in case of authentication type <code>"header-auth"</code>
+ */
+ Map paramAuthMapping;
+ /**
+ * mapping of parameter names to AuthenticationData field names
+ * in case of authentication type <code>"param-auth"</code>
+ */
+ Map headerAuthMapping;
+ /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */
+ String basicAuthUserIDMapping;
+ /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */
+ String basicAuthPasswordMapping;
+
+ /**
+ * Returns the basicAuthPasswordMapping.
+ * @return String
+ */
+ public String getBasicAuthPasswordMapping() {
+ return basicAuthPasswordMapping;
+ }
+
+ /**
+ * Returns the basicAuthUserIDMapping.
+ * @return String
+ */
+ public String getBasicAuthUserIDMapping() {
+ return basicAuthUserIDMapping;
+ }
+
+ /**
+ * Returns the headerAuthMapping.
+ * @return HashMap
+ */
+ public Map getHeaderAuthMapping() {
+ return headerAuthMapping;
+ }
+
+ /**
+ * Returns the loginType.
+ * @return String
+ */
+ public String getLoginType() {
+ return loginType;
+ }
+
+ /**
+ * Returns the paramAuthMapping.
+ * @return HashMap
+ */
+ public Map getParamAuthMapping() {
+ return paramAuthMapping;
+ }
+
+ /**
+ * Sets the basicAuthPasswordMapping.
+ * @param basicAuthPasswordMapping The basicAuthPasswordMapping to set
+ */
+ public void setBasicAuthPasswordMapping(String basicAuthPassword) {
+ this.basicAuthPasswordMapping = basicAuthPassword;
+ }
+
+ /**
+ * Sets the basicAuthUserIDMapping.
+ * @param basicAuthUserIDMapping The basicAuthUserIDMapping to set
+ */
+ public void setBasicAuthUserIDMapping(String basicAuthUserID) {
+ this.basicAuthUserIDMapping = basicAuthUserID;
+ }
+
+ /**
+ * Sets the headerAuthMapping.
+ * @param headerAuthMapping The headerAuthMapping to set
+ */
+ public void setHeaderAuthMapping(HashMap headerAuth) {
+ this.headerAuthMapping = headerAuth;
+ }
+
+ /**
+ * Sets the loginType.
+ * @param loginType The loginType to set
+ */
+ public void setLoginType(String loginType) {
+ this.loginType = loginType;
+ }
+
+ /**
+ * Sets the paramAuthMapping.
+ * @param paramAuthMapping The paramAuthMapping to set
+ */
+ public void setParamAuthMapping(HashMap paramAuth) {
+ this.paramAuthMapping = paramAuth;
+ }
+
+ /**
+ * Returns the authType.
+ * @return String
+ */
+ public String getAuthType() {
+ return authType;
+ }
+
+ /**
+ * Sets the authType.
+ * @param authType The authType to set
+ */
+ public void setAuthType(String authLoginType) {
+ this.authType = authLoginType;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
new file mode 100644
index 000000000..f08c60736
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -0,0 +1,160 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Proxy component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAProxyParameter {
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+ /**
+ * URL of online application configuration file;
+ * defaults to relative URL <code>/moaconfig.xml</code>
+ */
+ private String configFileURL;
+ /**
+ * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface
+ * to be used for authenticating the online application;
+ * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver}
+ */
+ private String loginParameterResolverImpl;
+ /**
+ * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface
+ * to be used for connecting to the online application;
+ * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder}
+ */
+ private String connectionBuilderImpl;
+ /**
+ * session time out to be used in case of a stateless online application
+ */
+ private int sessionTimeOut;
+ /**
+ * parameters regarding the connection from the proxy to the online application
+ */
+ private ConnectionParameter connectionParameter;
+ /**
+ * parameters for logging into the online application
+ */
+ private OAConfiguration oaConfiguration;
+
+ /**
+ * Returns the configFileURL.
+ * @return String
+ */
+ public String getConfigFileURL() {
+ return configFileURL;
+ }
+
+ /**
+ * Returns the sessionTimeOut.
+ * @return int
+ */
+ public int getSessionTimeOut() {
+ return sessionTimeOut;
+ }
+
+ /**
+ * Returns the connectionParameter.
+ * @return ConnectionParameter
+ */
+ public ConnectionParameter getConnectionParameter() {
+ return connectionParameter;
+ }
+
+ /**
+ * Sets the configFileURL.
+ * @param configFileURL The configFileURL to set
+ */
+ public void setConfigFileURL(String oaProxyConfigFileURL) {
+ this.configFileURL = oaProxyConfigFileURL;
+ }
+
+ /**
+ * Sets the sessionTimeOut.
+ * @param sessionTimeOut The sessionTimeOut to set
+ */
+ public void setSessionTimeOut(int oaProxySessionTimeOut) {
+ this.sessionTimeOut = oaProxySessionTimeOut;
+ }
+
+ /**
+ * Sets the connectionParameter.
+ * @param connectionParameter The connectionParameter to set
+ */
+ public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) {
+ this.connectionParameter = proxyConnectionParameter;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String url) {
+ this.publicURLPrefix = url;
+ }
+
+ /**
+ * Returns the connectionBuilderImpl.
+ * @return String
+ */
+ public String getConnectionBuilderImpl() {
+ return connectionBuilderImpl;
+ }
+
+ /**
+ * Returns the loginParameterResolverImpl.
+ * @return String
+ */
+ public String getLoginParameterResolverImpl() {
+ return loginParameterResolverImpl;
+ }
+
+ /**
+ * Sets the connectionBuilderImpl.
+ * @param connectionBuilderImpl The connectionBuilderImpl to set
+ */
+ public void setConnectionBuilderImpl(String connectionBuilderImp) {
+ this.connectionBuilderImpl = connectionBuilderImp;
+ }
+
+ /**
+ * Sets the loginParameterResolverImpl.
+ * @param loginParameterResolverImpl The loginParameterResolverImpl to set
+ */
+ public void setLoginParameterResolverImpl(String loginParameterResolverImpl) {
+ this.loginParameterResolverImpl = loginParameterResolverImpl;
+ }
+
+ /**
+ * Returns the oaConfiguration.
+ * @return OAConfiguration
+ */
+ public OAConfiguration getOaConfiguration() {
+ return oaConfiguration;
+ }
+
+ /**
+ * Sets the oaConfiguration.
+ * @param oaConfiguration The oaConfiguration to set
+ */
+ public void setOaConfiguration(OAConfiguration oaConfiguration) {
+ this.oaConfiguration = oaConfiguration;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
new file mode 100644
index 000000000..897d14da9
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -0,0 +1,170 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * A class providing access to the Proxy Part of the MOA-ID configuration data.
+ *
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.id.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>ProxyConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>ProxyConfigurationProvider</code> local to that request.</p>
+ *
+ * @author Stefan Knirsch
+ */
+public class ProxyConfigurationProvider extends ConfigurationProvider {
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static ProxyConfigurationProvider instance;
+
+ //
+ // configuration data
+ //
+ /**
+ * connection parameters for connection to MOA ID Auth component
+ */
+ private ConnectionParameter authComponentConnectionParameter;
+ /**
+ * configuration parameters for online applications
+ */
+ private OAProxyParameter[] onlineApplicationProxyParameter;
+
+ /**
+ * Return the single instance of configuration data.
+ *
+ * @return ProxyConfigurationProvider The current configuration data.
+ * @throws ConfigurationException
+ */
+ public static synchronized ProxyConfigurationProvider getInstance()
+ throws ConfigurationException {
+
+ if (instance == null) {
+ reload();
+ }
+ return instance;
+ }
+
+ /**
+ * Reload the configuration data and set it if successful.
+ *
+ * @return ProxyConfigurationProvider The loaded configuration data.
+ * @throws ConfigurationException Failure to load the configuration data.
+ */
+ public static synchronized ProxyConfigurationProvider reload()
+ throws ConfigurationException {
+ String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
+ if (fileName == null) {
+ throw new ConfigurationException("config.01", null);
+ }
+ Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
+
+ instance = new ProxyConfigurationProvider(fileName);
+ return instance;
+ }
+
+ /**
+ * Constructor for ProxyConfigurationProvider.
+ */
+ public ProxyConfigurationProvider(String fileName)
+ throws ConfigurationException {
+
+ load(fileName);
+ }
+
+ /**
+ * Load the configuration data from XML file with the given name and build
+ * the internal data structures representing the MOA configuration.
+ *
+ * @param fileName The name of the XML file to load.
+ * @throws ConfigurationException The MOA configuration could not be
+ * read/built.
+ */
+ private void load(String fileName) throws ConfigurationException {
+ FileInputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ try {
+ // load the main config file
+ stream = new FileInputStream(fileName);
+ configElem = DOMUtils.parseXmlValidating(stream);
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ }
+ catch (IOException e) {
+ }
+ }
+ try {
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem);
+ authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
+ onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
+ genericConfiguration = builder.buildGenericConfiguration();
+ defaultChainingMode = builder.getDefaultChainingMode();
+ chainingModes = builder.buildChainingModes();
+ trustedCACertificates = builder.getTrustedCACertificates();
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ /**
+ * Return a bean containing all information about the ProxyComponent
+ * @return The ConnectionParameter for the Proxy Component
+ */
+ public ConnectionParameter getAuthComponentConnectionParameter() {
+ return authComponentConnectionParameter;
+ }
+
+ /**
+ * Build an array of OnlineApplication Parameter Beans containing all
+ * information about the proxy component of the online application
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the proxy component of the online
+ * application
+ */
+ public OAProxyParameter[] getOnlineApplicationParameters() {
+ return onlineApplicationProxyParameter;
+ }
+ /**
+ * Provides configuration information regarding the online application behind
+ * the given URL, relevant to the MOA-ID Proxy component.
+ *
+ * @param oaURL URL requested for an online application
+ * @return an <code>OAProxyParameter</code>, or <code>null</code>
+ * if none is applicable
+ */
+ public OAProxyParameter getOnlineApplicationParameter(String oaURL) {
+ OAProxyParameter[] oaParams = getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAProxyParameter oaParam = oaParams[i];
+ if (oaURL.startsWith(oaParam.getPublicURLPrefix()))
+ return oaParam;
+ }
+ return null;
+ }
+
+} \ No newline at end of file