diff options
author | (no author) <(no author)@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2003-12-22 17:28:21 +0000 |
---|---|---|
committer | (no author) <(no author)@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2003-12-22 17:28:21 +0000 |
commit | 057f884903954203339182649daa100ef4ce89e3 (patch) | |
tree | 7d6d5b0dc4aea4a63674b90800ebbf6ffcc0ca4d /id.server/src/at | |
parent | 92cca056c7935075012576b684c3678a9ec9f4ad (diff) | |
download | moa-id-spss-057f884903954203339182649daa100ef4ce89e3.tar.gz moa-id-spss-057f884903954203339182649daa100ef4ce89e3.tar.bz2 moa-id-spss-057f884903954203339182649daa100ef4ce89e3.zip |
This commit was manufactured by cvs2svn to create tag 'Build_001'.tags/Build_001
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/tags/Build_001@85 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at')
91 files changed, 0 insertions, 11518 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java b/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java deleted file mode 100644 index 96a5e0673..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java +++ /dev/null @@ -1,31 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown during handling of AuthenticationSession - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationException extends MOAIDException { - - /** - * Constructor for AuthenticationException. - * @param messageId - */ - public AuthenticationException(String messageId, Object[] parameters) { - super(messageId, parameters, null); - } - /** - * Constructor for AuthenticationException. - * @param messageId - * @param parameters - * @param wrapped - */ - public AuthenticationException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/BuildException.java b/id.server/src/at/gv/egovernment/moa/id/BuildException.java deleted file mode 100644 index 785dce7a3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/BuildException.java +++ /dev/null @@ -1,34 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown while building an XML or HTML structure. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class BuildException extends MOAIDException { - - /** - * Constructor for BuildException. - * @param messageId - * @param parameters - */ - public BuildException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for BuildException. - * @param messageId - * @param parameters - * @param wrapped - */ - public BuildException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java b/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java deleted file mode 100644 index bce2c4778..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java +++ /dev/null @@ -1,159 +0,0 @@ -package at.gv.egovernment.moa.id; - -import java.io.PrintStream; -import java.io.PrintWriter; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.DOMImplementation; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.util.Constants; - -/** - * Base class of technical MOA exceptions. - * - * Technical exceptions are exceptions that originate from system failure (e.g., - * a database connection fails, a component is not available, etc.) - * - * @author Patrick Peck, Ivancsics Paul - * @version $Id$ - */ -public class MOAIDException extends Exception { - /** message ID */ - private String messageId; - /** wrapped exception */ - private Throwable wrapped; - - /** - * Create a new <code>MOAIDException</code>. - * - * @param messageId The identifier of the message associated with this - * exception. - * @param parameters Additional message parameters. - */ - public MOAIDException(String messageId, Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - this.messageId = messageId; - } - - /** - * Create a new <code>MOAIDException</code>. - * - * @param messageId The identifier of the message associated with this - * <code>MOAIDException</code>. - * @param parameters Additional message parameters. - * @param wrapped The exception wrapped by this - * <code>MOAIDException</code>. - */ - public MOAIDException( - String messageId, - Object[] parameters, - Throwable wrapped) { - - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - this.messageId = messageId; - this.wrapped = wrapped; - } - - /** - * Print a stack trace of this exception to <code>System.err</code>. - * - * @see java.lang.Throwable#printStackTrace() - */ - public void printStackTrace() { - printStackTrace(System.err); - } - - /** - * Print a stack trace of this exception, including the wrapped exception. - * - * @param s The stream to write the stack trace to. - * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) - */ - public void printStackTrace(PrintStream s) { - if (getWrapped() == null) - super.printStackTrace(s); - else { - s.print("Root exception: "); - getWrapped().printStackTrace(s); - } - } - - /** - * Print a stack trace of this exception, including the wrapped exception. - * - * @param s The stream to write the stacktrace to. - * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) - */ - public void printStackTrace(PrintWriter s) { - if (getWrapped() == null) - super.printStackTrace(s); - else { - s.print("Root exception: "); - getWrapped().printStackTrace(s); - } - } - - /** - * @return message ID - */ - public String getMessageId() { - return messageId; - } - - /** - * @return wrapped exception - */ - public Throwable getWrapped() { - return wrapped; - } - - /** - * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code> - * element from the MOA namespace. - * - * @return An <code>ErrorResponse</code> element, containing the subelements - * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema. - */ - public Element toErrorResponse() { - DocumentBuilder builder; - DOMImplementation impl; - Document doc; - Element errorResponse; - Element errorCode; - Element info; - - // create a new document - try { - builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - impl = builder.getDOMImplementation(); - } catch (ParserConfigurationException e) { - return null; - } - - // build the ErrorResponse element - doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); - errorResponse = doc.getDocumentElement(); - - // add MOA namespace declaration - errorResponse.setAttributeNS( - Constants.XMLNS_NS_URI, - "xmlns", - Constants.MOA_NS_URI); - - // build the child elements - errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); - errorCode.appendChild(doc.createTextNode(messageId)); - info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); - info.appendChild(doc.createTextNode(toString())); - errorResponse.appendChild(errorCode); - errorResponse.appendChild(info); - return errorResponse; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/ParseException.java b/id.server/src/at/gv/egovernment/moa/id/ParseException.java deleted file mode 100644 index a5e0088d9..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/ParseException.java +++ /dev/null @@ -1,34 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown while parsing an XML structure. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ParseException extends MOAIDException { - - /** - * Constructor for ParseException. - * @param messageId - * @param parameters - */ - public ParseException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ParseException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ParseException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java b/id.server/src/at/gv/egovernment/moa/id/ServiceException.java deleted file mode 100644 index 9e6ab2361..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java +++ /dev/null @@ -1,34 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown while calling the MOA-SPSS web service. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ServiceException extends MOAIDException { - - /** - * Constructor for ServiceException. - * @param messageId - * @param parameters - */ - public ServiceException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ServiceException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ServiceException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java deleted file mode 100644 index bc3e075be..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ /dev/null @@ -1,722 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import iaik.pki.PKIException; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.Calendar; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Map; -import java.util.Set; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; -import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.VPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; -import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * API for MOA ID Authentication Service.<br> - * {@link AuthenticationSession} is stored in a session store and retrieved - * by giving the session ID. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationServer implements MOAIDAuthConstants { - - /** single instance */ - private static AuthenticationServer instance; - /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data store - */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - /** - * Returns the single instance of <code>AuthenticationServer</code>. - * - * @return the single instance of <code>AuthenticationServer</code> - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - /** - * Constructor for AuthenticationServer. - */ - public AuthenticationServer() { - super(); - } - /** - * Processes request to select a BKU. - * <br/>Processing depends on value of {@link AuthConfigurationProvider#getBKUSelectionType}. - * <br/>For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> for the - * "BKU Auswahl" service is returned. - * <br/>For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection is returned. - * @param authURL base URL of MOA-ID Auth component - * @param target "Geschäftsbereich" - * @param oaURL online application URL requested - * @param bkuSelectionTemplateURL template for BKU selection form to be used - * in case of <code>HTMLSelect</code>; may be null - * @param templateURL URL providing an HTML template for the HTML form to be used - * for call <code>startAuthentication</code> - * @return for <code>bkuSelectionType==HTMLComplete</code>, the <code>returnURI</code> for the - * "BKU Auswahl" service; - * for <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection - * @throws WrongParametersException upon missing parameters - * @throws AuthenticationException when the configured BKU selection service cannot be reached, - * and when the given bkuSelectionTemplateURL cannot be reached - * @throws ConfigurationException on missing configuration data - * @throws BuildException while building the HTML form - */ - public String selectBKU( - String authURL, - String target, - String oaURL, - String bkuSelectionTemplateURL, - String templateURL) - throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - - //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); - - ConnectionParameter bkuConnParam = - AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); - if (bkuConnParam == null) - throw new ConfigurationException( - "config.08", - new Object[] { "BKUSelection/ConnectionParameter" }); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - AuthenticationSession session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - String returnURL = - new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL; - return redirectURL; - } else { - // bkuSelectionType==HTMLSelect - String bkuSelectTag; - try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); - } catch (Throwable ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { bkuConnParam.getUrl(), ex.toString()}, - ex); - } - String bkuSelectionTemplate = null; - if (bkuSelectionTemplateURL != null) { - try { - bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { bkuSelectionTemplateURL, ex.toString()}, - ex); - } - } - String htmlForm = - new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); - return htmlForm; - } - } - /** - * Method readBKUSelectTag. - * @param conf the ConfigurationProvider - * @param connParam the ConnectionParameter for that connection - * @return String - * @throws ConfigurationException on config-errors - * @throws PKIException on PKI errors - * @throws IOException on any data error - * @throws GeneralSecurityException on security errors - */ - private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - if (connParam.isHTTPSURL()) - return new String(SSLUtils.readHttpsURL(conf, connParam)); - else - return new String(FileUtils.readURL(connParam.getUrl())); - } - /** - * Processes the beginning of an authentication session. - * <ul> - * <li>Starts an authentication session</li> - * <li>Creates an <code><InfoboxReadRequest></code></li> - * <li>Creates an HTML form for querying the identity link from the - * security layer implementation. - * <br>Form parameters include - * <ul> - * <li>the <code><InfoboxReadRequest></code></li> - * <li>the data URL where the security layer implementation sends it response to</li> - * </ul> - * </ul> - * @param authURL URL of the servlet to be used as data URL - * @param target "Geschäftsbereich" of the online application requested - * @param oaURL online application URL requested - * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; - * may be <code>null</code>; in this case, the default location will be used - * @param templateURL URL providing an HTML template for the HTML form generated - * @return HTML form - * @throws AuthenticationException - * @see GetIdentityLinkFormBuilder - * @see InfoboxReadRequestBuilder - */ - public String startAuthentication( - String authURL, - String target, - String oaURL, - String templateURL, - String bkuURL, - String sessionID) - throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); - - //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = - AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); - } - AuthenticationSession session; - if (sessionID != null) - session = getSession(sessionID); - else { - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - } - String infoboxReadRequest = new InfoboxReadRequestBuilder().build(); - String dataURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_IDENTITY_LINK, - session.getSessionID()); - String template = null; - if (session.getTemplateURL() != null) { - try { - template = new String(FileUtils.readURL(session.getTemplateURL())); - } catch (IOException ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { session.getTemplateURL(), ex.toString()}, - ex); - } - } - String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); - String certInfoDataURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_START_AUTHENTICATION, - session.getSessionID()); - String htmlForm = - new GetIdentityLinkFormBuilder().build( - template, - bkuURL, - infoboxReadRequest, - dataURL, - certInfoRequest, - certInfoDataURL); - return htmlForm; - } - /** - * Processes an <code><InfoboxReadResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><InfoboxReadResponse></code></li> - * <li>Parses identity link enclosed in <code><InfoboxReadResponse></code></li> - * <li>Verifies identity link by calling the MOA SP component</li> - * <li>Checks certificate authority of identity link</li> - * <li>Stores identity link in the session</li> - * <li>Creates an authentication block to be signed by the user</li> - * <li>Creates and returns a <code><CreateXMLSignatureRequest></code> - * containg the authentication block, meant to be returned to the - * security layer implementation</li> - * </ul> - * - * @param sessionID ID of associated authentication session data - * @param xmlInfoboxReadResponse String representation of the - * <code><InfoboxReadResponse></code> - * @return String representation of the <code><CreateXMLSignatureRequest></code> - */ - public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse) - throws - AuthenticationException, - ParseException, - ConfigurationException, - ValidateException, - ServiceException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); - if (isEmpty(xmlInfoboxReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); - AuthenticationSession session = getSession(sessionID); - if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", new Object[] { sessionID }); - session.setTimestampIdentityLink(); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - // parses the <InfoboxReadResponse> - IdentityLink identityLink = - new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); - // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); - // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP - Element domVerifyXMLSignatureRequest = - new VerifyXMLSignatureRequestBuilder().build( - identityLink, - authConf.getMoaSpIdentityLinkTrustProfileID()); - // debug output - if(null != domVerifyXMLSignatureRequest) - debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest); - // invokes the call - Element domVerifyXMLSignatureResponse = - new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse verifyXMLSignatureResponse = - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); - // debug output - if(null != domVerifyXMLSignatureResponse) - debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse); - // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), - VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); - - session.setIdentityLink(identityLink); - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); - session.setAuthBlock(authBlock); - // builds the <CreateXMLSignatureRequest> - String[] transformInfos = authConf.getTransformsInfos(); - String createXMLSignatureRequest = - new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos); - return createXMLSignatureRequest; - } - /** - * Builds an authentication block <code><saml:Assertion></code> from given session data. - * @param session authentication session - * @return <code><saml:Assertion></code> as a String - */ - private String buildAuthenticationBlock(AuthenticationSession session) { - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getGivenName() + " " + identityLink.getFamilyName(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String oaURL = session.getPublicOAURLPrefix(); - String authBlock = - new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL); - return authBlock; - } - /** - * Processes a <code><CreateXMLSignatureResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><CreateXMLSignatureResponse></code></li> - * <li>Parses <code><CreateXMLSignatureResponse></code> for error codes</li> - * <li>Parses authentication block enclosed in - * <code><CreateXMLSignatureResponse></code></li> - * <li>Verifies authentication block by calling the MOA SP component</li> - * <li>Creates authentication data</li> - * <li>Creates a corresponding SAML artifact</li> - * <li>Stores authentication data in the authentication data store - * indexed by the SAML artifact</li> - * <li>Deletes authentication session</li> - * <li>Returns the SAML artifact, encoded BASE64</li> - * </ul> - * - * @param sessionID session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse String representation of the - * <code><CreateXMLSignatureResponse></code> - * @return SAML artifact needed for retrieving authentication data, encoded BASE64 - */ - public String verifyAuthenticationBlock( - String sessionID, - String xmlCreateXMLSignatureReadResponse) - throws - AuthenticationException, - BuildException, - ParseException, - ConfigurationException, - ServiceException, - ValidateException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); - if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); - AuthenticationSession session = getSession(sessionID); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - // parses <CreateXMLSignatureResponse> - CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); - // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate( - csresp, - session.getTarget(), - session.getPublicOAURLPrefix()); - // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); - // debug output - if(null != domVsreq) - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq); - // invokes the call - Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); - // debug output - if(null != domVsresp) - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp); - // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate( - vsresp, - null, - VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); - // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( - vsresp, - session.getIdentityLink()); - - // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); - String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); - storeAuthenticationData(samlArtifact, authData); - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info( - "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; - } - /** - * Builds the AuthenticationData object together with the - * corresponding <code><saml:Assertion></code> - * @param session authentication session - * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP - * @return AuthenticationData object - * @throws ConfigurationException while accessing configuration data - * @throws BuildException while building the <code><saml:Assertion></code> - */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = - new VPKBuilder().buildVPK( - identityLink.getIdentificationValue(), - identityLink.getDateOfBirth(), - session.getTarget()); - authData.setVPK(vpkBase64); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl()); - - try { - String ilAssertion = - oaParam.getProvideIdentityLink() - ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) - : ""; - String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; - String samlAssertion = - new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion); - authData.setSamlAssertion(samlAssertion); - return authData; - } catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "AuthenticationData", ex.toString()}, - ex); - } - } - /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws AuthenticationException { - String assertionHandle; - try { - assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); - } catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); - } - AuthenticationData authData = null; - synchronized (authenticationDataStore) { - authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); - throw new AuthenticationException("1206", new Object[] { samlArtifact }); - } - authenticationDataStore.remove(assertionHandle); - } - long now = new Date().getTime(); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", new Object[] { samlArtifact }); - Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } - /** - * Stores authentication data indexed by the assertion handle contained in the - * given saml artifact. - * @param samlArtifact SAML artifact - * @param authData authentication data - * @throws AuthenticationException when SAML artifact is invalid - */ - private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) - throws AuthenticationException { - - try { - SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); - // check type code 0x0001 - byte[] typeCode = parser.parseTypeCode(); - if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); - synchronized (authenticationDataStore) { - Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); - } - } catch (AuthenticationException ex) { - throw ex; - } catch (Throwable ex) { - throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); - } - } - /** - * Creates a new session and puts it into the session store. - * - * @param id Session ID - * @return AuthenticationSession created - * @exception AuthenticationException - * thrown when an <code>AuthenticationSession</code> is running - * already for the given session ID - */ - private static AuthenticationSession newSession() throws AuthenticationException { - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); - } - return newSession; - } - /** - * Retrieves a session from the session store. - * - * @param id session ID - * @return <code>AuthenticationSession</code> stored with given session ID, - * <code>null</code> if session ID unknown - */ - public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = (AuthenticationSession) sessionStore.get(id); - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; - } - /** - * Cleans up expired session and authentication data stores. - */ - public void cleanup() { - long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info( - MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", - new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } - synchronized (authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlArtifact = (String) iter.next(); - AuthenticationData authData = - (AuthenticationData) authenticationDataStore.get(samlArtifact); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info( - MOAIDMessageProvider.getInstance().getMessage( - "cleaner.03", - new Object[] { samlArtifact })); - authenticationDataStore.remove(samlArtifact); - } - } - } - } - - /** - * Sets the sessionTimeOut. - * @param sessionTimeOut time out in seconds - */ - public void setSecondsSessionTimeOut(long seconds) { - sessionTimeOut = 1000 * seconds; - } - /** - * Sets the authDataTimeOut. - * @param authDataTimeOut time out in seconds - */ - public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = 1000 * seconds; - } - - /** - * Checks a parameter. - * @param param parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - - /** - * Writes an XML structure to file for debugging purposes, encoding UTF-8. - * - * @param filename file name - * @param rootElem root element in DOM tree - */ - public static void debugOutputXMLFile(String filename, Element rootElem) { - if (Logger.isDebugEnabled(DEBUG_OUTPUT_HIERARCHY)) { - try { - String xmlString = new String(DOMUtils.serializeNode(rootElem)); - debugOutputXMLFile(filename, xmlString); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - } - /** - * Writes an XML structure to file for debugging purposes, encoding UTF-8. - * - * @param filename file name - * @param xmlString XML string - */ - public static void debugOutputXMLFile(String filename, String xmlString) { - if (Logger.isDebugEnabled(DEBUG_OUTPUT_HIERARCHY)) { - try { - java.io.OutputStream fout = new java.io.FileOutputStream(filename); - byte[] xmlData = xmlString.getBytes("UTF-8"); - fout.write(xmlData); - fout.close(); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java deleted file mode 100644 index 7e5ed6ec7..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ /dev/null @@ -1,52 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Thread cleaning the <code>AuthenticationServer</code> session store - * and authentication data store from garbage. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationSessionCleaner implements Runnable { - - /** interval the <code>AuthenticationSessionCleaner</code> is run in */ - private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min - - /** - * Runs the thread. Cleans the <code>AuthenticationServer</code> session store - * and authentication data store from garbage, then sleeps for given interval, and restarts. - */ - public void run() { - while (true) { - try { - Logger.debug("AuthenticationSessionCleaner run"); - AuthenticationServer.getInstance().cleanup(); - } - catch (Exception e) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e); - } - try { - Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); - } - catch (InterruptedException e) { - } - } - } - - /** - * start the sessionCleaner - */ - public static void start() { - // start the session cleanup thread - Thread sessionCleaner = - new Thread(new AuthenticationSessionCleaner()); - sessionCleaner.setName("SessionCleaner"); - sessionCleaner.setDaemon(true); - sessionCleaner.setPriority(Thread.MIN_PRIORITY); - sessionCleaner.start(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java deleted file mode 100644 index ddba20049..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ /dev/null @@ -1,53 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -/** - * Constants used throughout moa-id-auth component. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public interface MOAIDAuthConstants { - - /** servlet parameter "Target" */ - public static final String PARAM_TARGET = "Target"; - /** servlet parameter "OA" */ - public static final String PARAM_OA = "OA"; - /** servlet parameter "bkuURI" */ - public static final String PARAM_BKU = "bkuURI"; - /** servlet parameter "BKUSelectionTemplate" */ - public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; - /** servlet parameter "returnURI" */ - public static final String PARAM_RETURN = "returnURI"; - /** servlet parameter "Template" */ - public static final String PARAM_TEMPLATE = "Template"; - /** servlet parameter "MOASessionID" */ - public static final String PARAM_SESSIONID = "MOASessionID"; - /** servlet parameter "XMLResponse" */ - public static final String PARAM_XMLRESPONSE = "XMLResponse"; - /** servlet parameter "SAMLArtifact" */ - public static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */ - public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ - public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ - public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; - /** Logging hierarchy used for controlling debug output of XML structures to files */ - public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_EXPIRES = "Expires"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_PRAGMA = "Pragma"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_PRAGMA = "no-cache"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_CACHE_CONTROL = "Cache-control"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0"; - - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java deleted file mode 100644 index f9bec8b76..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ /dev/null @@ -1,118 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import iaik.pki.PKIException; -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.security.GeneralSecurityException; - -import java.io.IOException; - -import javax.net.ssl.SSLSocketFactory; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; -import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; - -/** - * Web application initializer - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDAuthInitializer { - - /** a boolean identifying if the MOAIDAuthInitializer has been startet */ - public static boolean initialized = false; - - - - /** - * Initializes the web application components which need initialization: - * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. - */ - public static void initialize() - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - if (initialized) - return; - initialized=true; - Logger.setHierarchy("moa.id.auth"); - // Restricts TLS cipher suites - System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader(); - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } - catch (ClassNotFoundException e) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); - } - - // Initializes SSLSocketFactory store - SSLUtils.initialize(); - - // Loads the configuration - AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); - ConnectionParameter moaSPConnParam = authConf.getMoaSpConnectionParameter(); - - // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK - if (moaSPConnParam == null) { - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - ConfigurationProvider config = ConfigurationProvider.getInstance(); - new IaikConfigurator().configure(config); - } - catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { - throw new ConfigurationException("config.10", new Object[] { ex.toString() }, ex); - } - } - - // Initializes IAIKX509TrustManager logging - String log4jConfigURL = System.getProperty("log4j.configuration"); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - - // Initializes the Axis secure socket factory for use in calling the MOA-SP web service - if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, moaSPConnParam); - AxisSecureSocketFactory.initialize(ssf); - } - - // sets the authentication session and authentication data time outs - String param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); - if (param != null) { - long sessionTimeOut = 0; - try { sessionTimeOut = new Long(param).longValue(); } - catch (NumberFormatException ex) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY})); - } - if (sessionTimeOut > 0) - AuthenticationServer.getInstance().setSecondsSessionTimeOut(sessionTimeOut); - } - param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); - if (param != null) { - long authDataTimeOut = 0; - try { authDataTimeOut = new Long(param).longValue(); } - catch (NumberFormatException ex) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY})); - } - if (authDataTimeOut > 0) - AuthenticationServer.getInstance().setSecondsAuthDataTimeOut(authDataTimeOut); - } - - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java deleted file mode 100644 index 3ce2798ea..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ /dev/null @@ -1,21 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown when the <code>AuthenticationServer</code> API is - * called with wrong parameters provided. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class WrongParametersException extends MOAIDException { - - /** - * Constructor - */ - public WrongParametersException(String call, String parameter) { - super("auth.05", new Object[] {call, parameter}); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java deleted file mode 100644 index 4babf948c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ /dev/null @@ -1,56 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the authentication block <code><saml:Assertion></code> - * to be included in a <code><CreateXMLSignatureResponse></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationBlockAssertionBuilder implements Constants { - /** private static String nl contains the NewLine representation in Java*/ - private static String nl = "\n"; - /** private static String AUTH_BLOCK contains an XML-Auth-Block-Template */ - private static String AUTH_BLOCK = - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{0}'' IssueInstant=''{1}''>" + nl + - " <saml:AttributeStatement>" + nl + - " <saml:Subject>" + nl + - " <saml:NameIdentifier>{2}</saml:NameIdentifier>" + nl + - " </saml:Subject>" + nl + - " <saml:Attribute AttributeName=''Geschäftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{3}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{4}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " </saml:AttributeStatement>" + nl + - "</saml:Assertion>"; - - /** - * Constructor for AuthenticationBlockAssertionBuilder. - */ - public AuthenticationBlockAssertionBuilder() { - super(); - } - /** - * Builds the authentication block <code><saml:Assertion></code>. - * - * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code> - * @param issueInstant current timestamp - * @param authURL URL of MOA-ID authentication component - * @param target "Geschäftsbereich" - * @param oaURL public URL of online application requested - * @return String representation of authentication block - * <code><saml:Assertion></code> built - */ - public String build(String issuer, String issueInstant, String authURL, String target, String oaURL) { - String assertion = MessageFormat.format( - AUTH_BLOCK, new Object[] { issuer, issueInstant, authURL, target, oaURL }); - return assertion; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java deleted file mode 100644 index fd7cb1a9d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ /dev/null @@ -1,114 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationDataAssertionBuilder implements Constants { - /** private static String NL contains the NewLine representation in Java*/ - private static final String NL = "\n"; - /** - * XML template for the <code><saml:Assertion></code> to be built - */ - private static final String AUTH_DATA = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + - " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + - " <saml:AttributeStatement>" + NL + - " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''http://reference.e-government.gv.at/names/vpk/20020221#''>{3}</saml:NameIdentifier>" + NL + - " <saml:SubjectConfirmation>" + NL + - " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{4}{5}</saml:SubjectConfirmationData>" + NL + - " </saml:SubjectConfirmation>" + NL + - " </saml:Subject>" + NL + - " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - "{8}" + - " </saml:AttributeStatement>" + NL + - "</saml:Assertion>"; - /** - * XML template for the <code><saml:Attribute></code> named <code>"isPublicAuthority"</code>, - * to be inserted into the <code><saml:Assertion></code> - */ - private static final String PUBLIC_AUTHORITY_ATT = - " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL + - " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL; - - /** - * Constructor for AuthenticationDataAssertionBuilder. - */ - public AuthenticationDataAssertionBuilder() { - super(); - } - - /** - * Builds the authentication data <code><saml:Assertion></code>. - * - * @param authData the <code>AuthenticationData</code> to build the - * <code><saml:Assertion></code> from - * @param xmlPersonData <code>lt;pr:Person></code> element as a String - * @param xmlAuthBlock authentication block to be included in a - * <code>lt;saml:SubjectConfirmationData></code> element; may include - * the <code>"ZMR-Zahl"</code> or not; may be empty - * @param xmlIdentityLink the IdentityLink - * @return the <code><saml:Assertion></code> - * @throws BuildException if an error occurs during the build process - */ - public String build( - AuthenticationData authData, - String xmlPersonData, - String xmlAuthBlock, - String xmlIdentityLink) throws BuildException { - - String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; - String publicAuthorityAttribute = ""; - if (authData.isPublicAuthority()) { - String publicAuthorityIdentification = authData.getPublicAuthorityCode(); - if (publicAuthorityIdentification == null) - publicAuthorityIdentification = "True"; - publicAuthorityAttribute = MessageFormat.format( - PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); - } - - String assertion = MessageFormat.format(AUTH_DATA, new Object[] { - authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstant(), - authData.getVPK(), - removeXMLDeclaration(xmlAuthBlock), - removeXMLDeclaration(xmlIdentityLink), - removeXMLDeclaration(xmlPersonData), - isQualifiedCertificate, - publicAuthorityAttribute}); - return assertion; - } - - /** - * Removes the XML declaration from an XML expression. - * @param xmlString XML expression as String - * @return XML expression, XML declaration removed - */ - private String removeXMLDeclaration(String xmlString) { - if (xmlString.startsWith("<?xml")) { - int firstElement = xmlString.indexOf("<", 1); - return xmlString.substring(firstElement); - } - else return xmlString; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java deleted file mode 100644 index e5bbaa585..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java +++ /dev/null @@ -1,30 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Base class for HTML/XML builders providing commonly useful functions. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class Builder { - - /** - * Replaces a special tag in an XML or HTML template by a value. - * @param htmlTemplate template - * @param tag special tag - * @param value value replacing the tag - * @return XML or HTML code, the tag replaced - * @throws BuildException when template does not contain the tag - */ - protected String replaceTag(String template, String tag, String value) throws BuildException { - int index = template.indexOf(tag); - if (index < 0) - throw new BuildException( - "builder.01", - new Object[] {"<" + tag.substring(1, tag.length() - 1) + ">"}); - return template.substring(0, index) + value + template.substring(index + tag.length()); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index 5ceb1d1c0..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,51 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.IOException; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * Builder for the <code><VerifyXMLSignatureRequest></code> structure - * used for presenting certificate information in the secure viewer of the security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder { - - /** special tag in the VerifyXMLRequest template to be substituted for a <code><dsig:Signature></code> */ - private static final String SIGNATURE_TAG = "<dsig:Signature/>"; - - /** - * Constructor - */ - public CertInfoVerifyXMLSignatureRequestBuilder() { - super(); - } - /** - * Builds the <code><VerifyXMLSignatureRequest></code> structure. - * @return the XML structure - * @throws BuildException - */ - public String build() throws BuildException { - String resCertInfoRequest = "resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml"; - String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; - String certInfoRequest; - try { - certInfoRequest = FileUtils.readResource(resCertInfoRequest, "UTF-8"); - } - catch (IOException ex) { - throw new BuildException("auth.04", new Object[] {resCertInfoRequest, ex.toString()}); - } - try { - String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); - certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature); - return certInfoRequest; - } - catch (IOException ex) { - throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()}); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java deleted file mode 100644 index f8c287cb6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,60 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <code><CreateXMLSignatureRequest></code> structure - * used for requesting a signature under the authentication block from the - * security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class CreateXMLSignatureRequestBuilder implements Constants { - /** private static String nl contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** - * XML template for the <code><moa:CreateXMLSignatureRequest></code> to be built - */ - private static final String CREATE_XML_SIGNATURE_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + - "<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl + - " <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl + - //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair - //" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl + - " <sl11:DataObjectInfo Structure=''detached''>" + nl + - " <sl10:DataObject Reference=''''/>" + nl + - "{1}" + - " </sl11:DataObjectInfo>" + nl + - " <sl11:SignatureInfo>" + nl + - " <sl11:SignatureEnvironment>" + nl + - " <sl10:XMLContent>{0}</sl10:XMLContent>" + nl + - " </sl11:SignatureEnvironment>" + nl + - " <sl11:SignatureLocation Index=''2''>/saml:Assertion</sl11:SignatureLocation>" + nl + - " </sl11:SignatureInfo>" + nl + - "</sl11:CreateXMLSignatureRequest>"; - - /** - * Constructor for CreateXMLSignatureRequestBuilder. - */ - public CreateXMLSignatureRequestBuilder() { - super(); - } - - /** - * Builds the <code><CreateXMLSignatureRequest></code>. - * - * @param authBlock String representation of XML authentication block - * @return String representation of <code><CreateXMLSignatureRequest></code> - */ - public String build(String authBlock, String[] dsigTransformInfos) { - String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) - dsigTransformInfosString += dsigTransformInfos[i]; - String request = MessageFormat.format( - CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString }); - return request; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java deleted file mode 100644 index 30cc1df5a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Builds a DataURL parameter meant for the security layer implementation - * to respond to. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class DataURLBuilder { - - /** - * Constructor for DataURLBuilder. - */ - public DataURLBuilder() { - super(); - } - - /** - * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>, - * including the <code>MOASessionID</code> as a parameter. - * - * @param authBaseURL base URL (context path) of the MOA ID Authentication component, - * including a trailing <code>'/'</code> - * @param authServletName request part of the data URL - * @param sessionID sessionID to be included in the dataURL - * @return String - */ - public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - - String individualDataURLPrefix = null; - String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } - - dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); - return dataURL; - } - - /** - * Method addParameter. - * @param urlString represents the url - * @param paramname is the parameter to be added - * @param value is the value of that parameter - * @return String - */ - private String addParameter(String urlString, String paramname, String value) { - String url = urlString; - if (paramname != null) { - if (url.indexOf("?") < 0) - url += "?"; - else - url += "&"; - url += paramname + "=" + value; - } - return url; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java deleted file mode 100644 index 8391fdd62..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ /dev/null @@ -1,137 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.IOException; -import java.io.StringReader; -import java.io.StringWriter; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Builder for HTML form requesting the security layer implementation - * to get the identity link from smartcard by a <code><InfoboxReadRequest></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetIdentityLinkFormBuilder extends Builder { - /** private static String NL contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** special tag in the HTML template to be substituted for the BKU URL */ - private static final String BKU_TAG = "<BKU>"; - /** special tag in the HTML template to be substituted for the XML request */ - private static final String XMLREQUEST_TAG = "<XMLRequest>"; - /** special tag in the HTML template to be substituted for the data URL */ - private static final String DATAURL_TAG = "<DataURL>"; - /** special tag in the HTML template to be substituted for certificate info XML request */ - private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>"; - /** special tag in the HTML template to be substituted for the certificate info data URL */ - private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>"; - - /** default BKU URL */ - private static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; - /** default HTML template */ - private static final String DEFAULT_HTML_TEMPLATE = - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + - "<html>" + nl + - "<head>" + nl + - "<title>Auslesen der Personenbindung</title>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"GetIdentityLinkForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + DATAURL_TAG + "\"/>" + nl + - " <input type=\"submit\" value=\"Auslesen der Personenbindung\"/>" + nl + - "</form>" + nl + - "<form name=\"CertificateInfoForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl + - " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + - "</form>" + nl + - "</body>" + nl + - "</html>"; - - /** - * Constructor for GetIdentityLinkFormBuilder. - */ - public GetIdentityLinkFormBuilder() { - super(); - } - /** - * Builds the HTML form, including XML Request and data URL as parameters. - * - * @param htmlTemplate template to be used for the HTML form; - * may be <code>null</code>, in this case a default layout will be produced - * @param xmlRequest XML Request to be sent as a parameter in the form - * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; - * may be <code>null</code>, in this case the default URL will be used - * @param dataURL DataURL to be sent as a parameter in the form - */ - public String build( - String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL) - throws BuildException { - - String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); - htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest)); - htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL); - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); - htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest)); - htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL); - return htmlForm; - } - /** - * Encodes a string for inclusion as a parameter in the form. - * Double quotes are substituted by <code>"&quot;"</code>. - * @param s the string to be encoded - * @return the string encoded - * @throws BuildException on any exception encountered - */ - public static String encodeParameter(String s) throws BuildException { - StringReader in = new StringReader(s); - StringWriter out = new StringWriter(); - try { - for (int ch = in.read(); ch >= 0; ch = in.read()) { - if (ch == '"') - out.write("""); - else if (ch == '<') - out.write("<"); - else if (ch == '>') - out.write(">"); - else if (ch == 'ä') - out.write("ä"); - else if (ch == 'ö') - out.write("ö"); - else if (ch == 'ü') - out.write("ü"); - else if (ch == 'Ä') - out.write("Ä"); - else if (ch == 'Ö') - out.write("Ö"); - else if (ch == 'Ü') - out.write("Ü"); - else if (ch == 'ß') - out.write("ß"); - else - out.write(ch); - } - } - catch (IOException ex) { - throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); - } - return out.toString(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java deleted file mode 100644 index d3e100671..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ /dev/null @@ -1,39 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <code><InfoboxReadRequest></code> structure - * used for requesting the identity link from the security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class InfoboxReadRequestBuilder implements Constants { - - /** - * XML template for the <code><sl10:InfoboxReadRequest></code> to be built - */ - String INFOBOX_READ_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<sl10:InfoboxReadRequest xmlns:sl10=\"" + SL10_NS_URI + "\">" + - "<sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier>" + - "<sl10:BinaryFileParameters ContentIsXMLEntity=\"true\"/>" + - "</sl10:InfoboxReadRequest>"; - - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilder() { - } - /** - * Builds an <code><InfoboxReadRequest></code>. - * - * @return <code><InfoboxReadRequest></code> as String - */ - public String build() { - String request = INFOBOX_READ_REQUEST; - return request; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java deleted file mode 100644 index 85ec1cb7f..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ /dev/null @@ -1,58 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Builder for the <code>lt;pr:Person></code> element to be inserted - * in the authentication data <code>lt;saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PersonDataBuilder { - - /** - * Constructor for PersonDataBuilder. - */ - public PersonDataBuilder() { - super(); - } - /** - * Builds the <code><pr:Person></code> element.<br/> - * Utilizes the parsed <code><prPerson></code> from the identity link - * and the information regarding inclusion of <code>"ZMR-Zahl"</code> in the - * <code><pr:Person></code> data. - * - * @param identityLink <code>IdentityLink</code> containing the - * attribute <code>prPerson</code> - * @param provideZMRZahl true if <code>"ZMR-Zahl"</code> is to be included; - * false otherwise - * @return the <code><pr:Person></code> element as a String - * @throws BuildException on any error - */ - public String build(IdentityLink identityLink, boolean provideZMRZahl) - throws BuildException { - - try { - Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); - if (! provideZMRZahl) { - Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification"); - prPerson.removeChild(prIdentification); - } - String xmlString = DOMUtils.serializeNode(prPerson); - return xmlString; - } - catch (Exception ex) { - throw new BuildException( - "builder.00", - new Object[] {"PersonData", ex.toString()}, - ex); - } - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java deleted file mode 100644 index 27e19e830..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ /dev/null @@ -1,60 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayOutputStream; -import java.security.MessageDigest; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Builder for the SAML artifact, as defined in the - * Browser/Artifact profile of SAML. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLArtifactBuilder { - - /** - * Constructor for SAMLArtifactBuilder. - */ - public SAMLArtifactBuilder() { - super(); - } - - /** - * Builds the SAML artifact, encoded BASE64. - * <ul> - * <li><code>TypeCode</code>: <code>0x0001</code>.</li> - * <li><code>SourceID</code>: SHA-1 hash of the authURL</li> - * <li><code>AssertionHandle</code>: SHA-1 hash of the <code>MOASessionID</code></li> - * </ul> - * @param authURL URL auf the MOA-ID Auth component to be used for construction - * of <code>SourceID</code> - * @param sessionID <code>MOASessionID</code> to be used for construction - * of <code>AssertionHandle</code> - * @return the 42-byte SAML artifact, encoded BASE64 - */ - public String build(String authURL, String sessionID) throws BuildException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] sourceID = md.digest(authURL.getBytes()); - byte[] assertionHandle = md.digest(sessionID.getBytes()); - ByteArrayOutputStream out = new ByteArrayOutputStream(42); - out.write(0); - out.write(1); - out.write(sourceID, 0, 20); - out.write(assertionHandle, 0, 20); - byte[] samlArtifact = out.toByteArray(); - String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - return samlArtifactBase64; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java deleted file mode 100644 index a4fb5579e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ /dev/null @@ -1,100 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * Builder for the <code>lt;samlp:Response></code> used for passing - * result and status information from the <code>GetAuthenticationData</code> - * web service. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseBuilder implements Constants { - /** XML - Template for samlp:Response */ - private static final String RESPONSE = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Response xmlns:samlp=\"" + SAMLP_NS_URI + "\" xmlns:saml=\"" + SAML_NS_URI + "\"" + - " ResponseID=\"{0}\" InResponseTo=\"{1}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{2}\">" + - " <samlp:Status>" + - " <samlp:StatusCode Value=\"{3}\">" + - " {4}" + - " </samlp:StatusCode>" + - " <samlp:StatusMessage>{5}</samlp:StatusMessage>" + - " </samlp:Status>" + - " {6}" + - "</samlp:Response>"; - /** XML - Template for samlp:StatusCode */ - private static final String SUB_STATUS_CODE = - "<samlp:StatusCode Value=\"{0}\"></samlp:StatusCode>"; - - /** - * Constructor for SAMLResponseBuilder. - */ - public SAMLResponseBuilder() { - super(); - } - /** - * Builds the SAML response. - * @param responseID response ID - * @param inResponseTo request ID of <code>lt;samlp:Request></code> responded to - * @param issueInstant current timestamp - * @param statusCode status code - * @param subStatusCode sub-status code refining the status code; may be <code>null</code> - * @param statusMessage status message - * @param samlAssertion SAML assertion representing authentication data - * @return SAML response as a DOM element - */ - public Element build( - String responseID, - String inResponseTo, - String issueInstant, - String statusCode, - String subStatusCode, - String statusMessage, - String samlAssertion) - throws BuildException { - - try { - String xmlSubStatusCode = - subStatusCode == null ? - "" : - MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode}); - String xmlResponse = MessageFormat.format(RESPONSE, new Object[] { - responseID, - inResponseTo, - issueInstant, - statusCode, - xmlSubStatusCode, - statusMessage, - removeXMLDeclaration(samlAssertion) }); - Element domResponse = DOMUtils.parseDocument(xmlResponse, true, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - return domResponse; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "samlp:Response", ex.toString() }, - ex); - } - } - /** - * Removes the XML declaration from an XML expression. - * @param xmlString XML expression as String - * @return XML expression, XML declaration removed - */ - private String removeXMLDeclaration(String xmlString) { - if (xmlString.startsWith("<?xml")) { - int firstElement = xmlString.indexOf("<", 1); - return xmlString.substring(firstElement); - } - else return xmlString; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java deleted file mode 100644 index 363cd65a3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java +++ /dev/null @@ -1,63 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Builder for the BKU selection form requesting the user to choose - * a BKU from a list. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SelectBKUFormBuilder extends Builder { - /** private static String NL contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** special tag in the HTML template to be substituted for the form action which is - * a URL of MOA-ID Auth */ - private static final String ACTION_TAG = "<StartAuth>"; - /** special tag in the HTML template to be substituted for the <code><select;gt;</code> tag - * containing the BKU selection options */ - private static final String SELECT_TAG = "<BKUSelect>"; - /** - * Template for the default html-code to be returned as security-layer-selection to be built - */ - private static final String DEFAULT_HTML_TEMPLATE = - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + - "<html>" + nl + - "<head>" + nl + - "<title>Auswahl der Bürgerkartenumgebung</title>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"BKUSelectionForm\"" + nl + - " action=\"" + ACTION_TAG + "\"" + nl + - " method=\"post\">" + nl + - SELECT_TAG + nl + - " <input type=\"submit\" value=\"Bürgerkartenumgebung auswählen\"/>" + nl + - "</form>" + nl + - "</body>" + nl + - "</html>"; - - /** - * Constructor - */ - public SelectBKUFormBuilder() { - super(); - } - /** - * Method build. Builds the form - * @param htmlTemplate to be used - * @param startAuthenticationURL the url where the startAuthenticationServlet can be found - * @param bkuSelectTag if a special bku should be used - * @return String - * @throws BuildException on any error - */ - public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag) - throws BuildException { - - String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL); - htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag); - return htmlForm; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java deleted file mode 100644 index c18156a01..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java +++ /dev/null @@ -1,52 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.security.MessageDigest; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Builder for the VPK, as defined in - * <code>"Ableitung f¨r die verfahrensspezifische Personenkennzeichnung"</code> - * version <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class VPKBuilder { - - /** - * Builds the VPK from given parameters. - * @param identificationValue "ZMR-Zahl" - * @param dateOfBirth "Geburtsdatum" - * @param target "Verfahrensname"; will be transformed to lower case - * @return VPK in a BASE64 encoding - * @throws BuildException while building the VPK - */ - public String buildVPK(String identificationValue, String dateOfBirth, String target) - throws BuildException { - - if (identificationValue == null || identificationValue.length() == 0 - || dateOfBirth == null || dateOfBirth.length() == 0 - || target == null || target.length() == 0) - throw new BuildException( - "builder.00", - new Object[] {"VPK", - "Unvollständige Parameterangaben: identificationValue=" + identificationValue + - ",dateOfBirth=" + dateOfBirth + ",target=" + target}); - String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase(); - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes()); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } - catch (Exception ex) { - throw new BuildException( - "builder.00", - new Object[] {"VPK", ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index 863162fd9..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,203 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Builder for the <code><VerifyXMLSignatureRequestBuilder></code> structure - * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilder { - /** The MOA-Prefix */ - private static final String MOA = Constants.MOA_PREFIX + ":"; - /** the request as string */ - private String request; - /** the request as DOM-Element */ - private Element reqElem; - - /** - * Constructor for VerifyXMLSignatureRequestBuilder. - */ - public VerifyXMLSignatureRequestBuilder() {} - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param idl - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build(IdentityLink idl, String trustProfileID) throws ParseException - { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <XMLContent xml:space=\"preserve\"/>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung - +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>" - // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) - +" </ReferenceInfo>" + " </SignatureManifestCheckParams>" - - // Testweise ReturnReferenceInputData = False - - +" <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - - try { - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "XMLContent"; - - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true)); - - String SIGN_MANI_CHECK_PARAMS_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "SignatureManifestCheckParams"; - insertTo = - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH); - insertTo.removeChild( - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo")); - Element[] dsigTransforms = idl.getDsigReferenceTransforms(); - for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) - { - Element refInfo = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "ReferenceInfo"); - insertTo.appendChild(refInfo); - Element verifyTransformsInfoProfile = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "VerifyTransformsInfoProfile"); - refInfo.appendChild(verifyTransformsInfoProfile); - verifyTransformsInfoProfile.appendChild( - insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); - } - } - catch (Throwable t) { - throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)"); - "builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, - t); - } - - return reqElem; - } - - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param idl - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build( - CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, - String trustProfileID) - throws ParseException { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <XMLContent xml:space=\"preserve\"/>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">" - + " <ReferenceInfo>"; - - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - request += " <VerifyTransformsInfoProfileID>" + - verifyTransformsInfoProfileID[i] + - "</VerifyTransformsInfoProfileID>"; - // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) - - } - - request += " </ReferenceInfo>" - + " </SignatureManifestCheckParams>" - // Testweise ReturnReferenceInputData = False - +" <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - - try { - // Build a DOM-Tree of the obove String - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - //Insert the SAML-Assertion-Object - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "XMLContent"; - - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); - - } - catch (Throwable t) { - throw new ParseException( - "builder.00", - new Object[] { "VerifyXMLSignatureRequest" }, - t); - } - - return reqElem; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java deleted file mode 100644 index ba4a9e367..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ /dev/null @@ -1,220 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import java.util.Date; - - -/** - * Session data to be stored between <code>AuthenticationServer</code> API calls. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationSession { - /** - * session ID - */ - private String sessionID; - /** - * "Geschäftsbereich" the online application belongs to - */ - private String target; - /** - * public online application URL requested - */ - private String oaURLRequested; - /** - * public online application URL prefix - */ - private String oaPublicURLPrefix; - /** - * URL of MOA ID authentication component - */ - private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * identity link read from smartcard - */ - private IdentityLink identityLink; - /** - * authentication block to be signed by the user - */ - private String authBlock; - /** - * timestamp logging when authentication session has been created - */ - private Date timestampStart; - /** - * timestamp logging when identity link has been received - */ - private Date timestampIdentityLink; - - /** - * Constructor for AuthenticationSession. - * - * @param id Session ID - */ - public AuthenticationSession(String id) { - sessionID = id; - setTimestampStart(); - } - - /** - * Returns the identityLink. - * @return IdentityLink - */ - public IdentityLink getIdentityLink() { - return identityLink; - } - - /** - * Returns the sessionID. - * @return String - */ - public String getSessionID() { - return sessionID; - } - - /** - * Sets the identityLink. - * @param identityLink The identityLink to set - */ - public void setIdentityLink(IdentityLink identityLink) { - this.identityLink = identityLink; - } - - /** - * Sets the sessionID. - * @param sessionID The sessionID to set - */ - public void setSessionID(String sessionId) { - this.sessionID = sessionId; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getOAURLRequested() { - return oaURLRequested; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getPublicOAURLPrefix() { - return oaPublicURLPrefix; - } - - /** - * Returns the target. - * @return String - */ - public String getTarget() { - return target; - } - - /** - * Sets the oaURLRequested. - * @param oaURLRequested The oaURLRequested to set - */ - public void setOAURLRequested(String url) { - this.oaURLRequested = url; - } - - /** - * Sets the oaPublicURLPrefix - * @param url The oaPublicURLPrefix to set - */ - public void setPublicOAURLPrefix(String url) { - this.oaPublicURLPrefix = url; - } - - /** - * Sets the target. - * @param target The target to set - */ - public void setTarget(String target) { - this.target = target; - } - - /** - * Returns the authURL. - * @return String - */ - public String getAuthURL() { - return authURL; - } - - /** - * Sets the authURL. - * @param authURL The authURL to set - */ - public void setAuthURL(String authURL) { - this.authURL = authURL; - } - - /** - * Returns the authBlock. - * @return String - */ - public String getAuthBlock() { - return authBlock; - } - - /** - * Sets the authBlock. - * @param authBlock The authBlock to set - */ - public void setAuthBlock(String authBlock) { - this.authBlock = authBlock; - } - - /** - * Returns the timestampIdentityLink. - * @return Date - */ - public Date getTimestampIdentityLink() { - return timestampIdentityLink; - } - - /** - * Returns the timestampStart. - * @return Date - */ - public Date getTimestampStart() { - return timestampStart; - } - - /** - * Sets the current date as timestampIdentityLink. - */ - public void setTimestampIdentityLink() { - timestampIdentityLink = new Date(); - } - - /** - * Sets the current date as timestampStart. - */ - public void setTimestampStart() { - timestampStart = new Date(); - } - - /** - * @return template URL - */ - public String getTemplateURL() { - return templateURL; - } - - /** - * @param string the template URL - */ - public void setTemplateURL(String string) { - templateURL = string; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java deleted file mode 100644 index 81945f644..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java +++ /dev/null @@ -1,71 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import org.w3c.dom.Element; - -/** - * This bean saves all information of the CreateXMLSignature-Response: - * a {@link SAMLAttribute} array, the SamlAssertion-Element and the - * saml NameIdentifier - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class CreateXMLSignatureResponse { - /** the samlNameIdentifier */ -private String samlNameIdentifier; - /** an array of saml-attributes */ -private SAMLAttribute[] samlAttributes; - /** - * the original saml:Assertion-Element - */ - private Element samlAssertion; -/** - * Returns the samlAssertion. - * @return Element - */ -public Element getSamlAssertion() { - return samlAssertion; -} - -/** - * Returns the samlAttribute. - * @return SAMLAttribute[] - */ -public SAMLAttribute[] getSamlAttributes() { - return samlAttributes; -} - -/** - * Returns the samlNameIdentifier. - * @return String - */ -public String getSamlNameIdentifier() { - return samlNameIdentifier; -} - -/** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ -public void setSamlAssertion(Element samlAssertion) { - this.samlAssertion = samlAssertion; -} - -/** - * Sets the samlAttribute. - * @param samlAttribute The samlAttribute to set - */ -public void setSamlAttributes(SAMLAttribute[] samlAttributes) { - this.samlAttributes = samlAttributes; -} - -/** - * Sets the samlNameIdentifier. - * @param samlNameIdentifier The samlNameIdentifier to set - */ -public void setSamlNameIdentifier(String samlNameIdentifier) { - this.samlNameIdentifier = samlNameIdentifier; -} - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java deleted file mode 100644 index e2ad2625a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ /dev/null @@ -1,189 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import java.security.PublicKey; - -import org.w3c.dom.Element; - - -/** - * Data contained in an identity link issued by BMI, relevant to the MOA ID component. - * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class IdentityLink { - /** - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. - */ - private String identificationValue; - /** - * first name - */ - private String givenName; - /** - * family name - */ - private String familyName; - /** - * date of birth - */ - private String dateOfBirth; - /** - * the original saml:Assertion-Element - */ - private Element samlAssertion; - /** - * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person - */ - private Element prPerson; - /** - * we need for each dsig:Reference Element all - * transformation elements - */ - private Element[] dsigReferenceTransforms; - - - /** - * we need all public keys stored in - * the identity link - */ - private PublicKey[] publicKey; - - /** - * Constructor for IdentityLink - */ - public IdentityLink() { - } - - /** - * Returns the dateOfBirth. - * @return Calendar - */ - public String getDateOfBirth() { - return dateOfBirth; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Returns the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. - * @return String - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Returns the samlAssertion. - * @return Element - */ - public Element getSamlAssertion() { - return samlAssertion; - } - - /** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(Element samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Returns the dsigReferenceTransforms. - * @return Element[] - */ - public Element[] getDsigReferenceTransforms() { - return dsigReferenceTransforms; - } - - /** - * Sets the dsigReferenceTransforms. - * @param dsigReferenceTransforms The dsigReferenceTransforms to set - */ - public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { - this.dsigReferenceTransforms = dsigReferenceTransforms; - } - - /** - * Returns the publicKey. - * @return PublicKey[] - */ - public PublicKey[] getPublicKey() { - return publicKey; - } - - /** - * Sets the publicKey. - * @param publicKey The publicKey to set - */ - public void setPublicKey(PublicKey[] publicKey) { - this.publicKey = publicKey; - } - - /** - * Returns the prPerson. - * @return Element - */ - public Element getPrPerson() { - return prPerson; - } - - /** - * Sets the prPerson. - * @param prPerson The prPerson to set - */ - public void setPrPerson(Element prPerson) { - this.prPerson = prPerson; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java deleted file mode 100644 index c787b2a81..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java +++ /dev/null @@ -1,78 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -/** - * This bean saves all data of a single SAMLAttribute: - * the name, value and namespace - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class SAMLAttribute { -/** the name to be stored */ -private String name; -/** the namespace to be stored */ -private String namespace; -/** the value to be stored */ -private String value; - - /** - * Constructor for SAMLAttribute. - */ - public SAMLAttribute(String name, String namespace, String value) { - - this.name = name; - this.namespace = namespace; - this.value = value; - - } - -/** - * Returns the name. - * @return String - */ -public String getName() { - return name; -} - -/** - * Returns the namespace. - * @return String - */ -public String getNamespace() { - return namespace; -} - -/** - * Returns the value. - * @return String - */ -public String getValue() { - return value; -} - -/** - * Sets the name. - * @param name The name to set - */ -public void setName(String name) { - this.name = name; -} - -/** - * Sets the namespace. - * @param namespace The namespace to set - */ -public void setNamespace(String namespace) { - this.namespace = namespace; -} - -/** - * Sets the value. - * @param value The value to set - */ -public void setValue(String value) { - this.value = value; -} - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java deleted file mode 100644 index 8233d1478..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ /dev/null @@ -1,177 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import iaik.x509.X509Certificate; - -/** - * This bean saves all information of the MOA-SP-Answer - * after the verification of any signature - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class VerifyXMLSignatureResponse { - /** The xmlDsigSubjectName to be stored */ - private String xmlDsigSubjectName; - /** The signatureCheckCode to be stored */ - private int signatureCheckCode; - /** The xmlDSIGManifestCheckCode to be stored */ - private int xmlDSIGManifestCheckCode; - /** The xmlDSIGManigest to be stored */ - private boolean xmlDSIGManigest; - /** The certificateCheckCode to be stored */ - private int certificateCheckCode; - /** The publicAuthority to be stored */ - private boolean publicAuthority; - /** The publicAuthorityCode to be stored */ - private String publicAuthorityCode; - /** The qualifiedCertificate to be stored */ - private boolean qualifiedCertificate; - /** The x509certificate to be stored */ - private X509Certificate x509certificate; - - /** - * Returns the certificateCheckCode. - * @return int - */ - public int getCertificateCheckCode() { - return certificateCheckCode; - } - - /** - * Returns the signatureCheckCode. - * @return int - */ - public int getSignatureCheckCode() { - return signatureCheckCode; - } - - /** - * Returns the xmlDSIGManifestCheckCode. - * @return int - */ - public int getXmlDSIGManifestCheckCode() { - return xmlDSIGManifestCheckCode; - } - - /** - * Returns the xmlDsigSubjectName. - * @return String - */ - public String getXmlDsigSubjectName() { - return xmlDsigSubjectName; - } - - /** - * Sets the certificateCheckCode. - * @param certificateCheckCode The certificateCheckCode to set - */ - public void setCertificateCheckCode(int certificateCheckCode) { - this.certificateCheckCode = certificateCheckCode; - } - - /** - * Sets the signatureCheckCode. - * @param signatureCheckCode The signatureCheckCode to set - */ - public void setSignatureCheckCode(int signatureCheckCode) { - this.signatureCheckCode = signatureCheckCode; - } - - /** - * Sets the xmlDSIGManifestCheckCode. - * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set - */ - public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { - this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode; - } - - /** - * Sets the xmlDsigSubjectName. - * @param xmlDsigSubjectName The xmlDsigSubjectName to set - */ - public void setXmlDsigSubjectName(String xmlDsigSubjectName) { - this.xmlDsigSubjectName = xmlDsigSubjectName; - } - - /** - * Returns the publicAuthorityCode. - * @return int - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityCode The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityCode) { - this.publicAuthorityCode = publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the x509certificate. - * @return X509Certificate - */ - public X509Certificate getX509certificate() { - return x509certificate; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the x509certificate. - * @param x509certificate The x509certificate to set - */ - public void setX509certificate(X509Certificate x509certificate) { - this.x509certificate = x509certificate; - } - - /** - * Returns the xmlDSIGManigest. - * @return boolean - */ - public boolean isXmlDSIGManigest() { - return xmlDSIGManigest; - } - - /** - * Sets the xmlDSIGManigest. - * @param xmlDSIGManigest The xmlDSIGManigest to set - */ - public void setXmlDSIGManigest(boolean xmlDSIGManigest) { - this.xmlDSIGManigest = xmlDSIGManigest; - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java deleted file mode 100644 index 8faa69260..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ /dev/null @@ -1,91 +0,0 @@ -package at.gv.egovernment.moa.id.auth.invoke; - -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.api.SignatureVerificationService; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; - -/** - * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br> - * Either invokes the web service, or calls the corresponding API, depending on configuration data. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class SignatureVerificationInvoker { - /** This QName Object identifies the SignatureVerification endpoint of the web service */ - private static final QName SERVICE_QNAME = new QName("SignatureVerification"); - - /** - * Method verifyXMLSignature. - * @param request to be sent - * @return Element with the answer - * @throws ServiceException if an error occurs - */ - public Element verifyXMLSignature(Element request) throws ServiceException { - return doCall(SERVICE_QNAME, request); - } - - /** - * Method doCall. - * @param serviceName the name of the service - * @param request the request to be sent - * @return Element the answer - * @throws ServiceException if an error occurs - */ - protected Element doCall(QName serviceName, Element request) throws ServiceException { - ConnectionParameter authConnParam = null; - try { - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - String endPoint; - AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance(); - authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - - //If the ConnectionParameter do NOT exist, we try to get the api to work.... - if (authConnParam != null) { - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(serviceName, params); - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - else { - SignatureVerificationService svs = SignatureVerificationService.getInstance(); - VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); - VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); - - Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); - Logger.setHierarchy("moa.id.auth"); - return result.getDocumentElement(); - } - } - catch (Exception ex) { - if (authConnParam != null) - throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); - else - throw new ServiceException("service.03", new Object[] { ex.toString()}, ex); - } - } -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java deleted file mode 100644 index 1079a48de..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ /dev/null @@ -1,140 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an <code><InfoboxReadResponse></code> returned from - * the security layer - * - * @author Stefan Knirsch - * @version $Id$ - */ - -public class CreateXMLSignatureResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */ - private static final String SL11 = Constants.SL11_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL11 + "CreateXMLSignatureResponse/"; - /** Xpath expression to the SAML:Assertion element */ - private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion"; - /** Xpath expression to the SAML:NameIdentifier element */ - private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier"; - /** Xpath expression to the AttributeStatement element */ - private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; - /** Xpath expression to the AttributeValue element */ - private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue"; - - /** This is the root element of the XML-Document provided by the Security Layer Card */ - private Element sigResponse; - - /** - * Constructor for CreateXMLSignatureResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws AuthenticationException if any authentication error occurs - * @throws ParseException if an element cannot be parsed - */ - public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException { - ErrorResponseParser erp = new ErrorResponseParser(xmlResponse); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - sigResponse = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for CreateXMLSignatureResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws AuthenticationException if any Authentication error occurs - * @throws ParseException if an element cannot be parsed - */ - public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException { - - ErrorResponseParser erp = new ErrorResponseParser(is); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - sigResponse = DOMUtils.parseXmlValidating(is); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for CreateXMLSignatureResponseParser. - * The incoming Element will be used for further operations - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - */ - public CreateXMLSignatureResponseParser(Element xmlResponse) { - sigResponse = xmlResponse; - - } - - /** - * Parses the identity link from <code><InfoboxReadResponse></code> - * @return Identity link - * @throws ParseException - */ - - public CreateXMLSignatureResponse parseResponse() throws ParseException { - CreateXMLSignatureResponse cResp; - try { - - cResp = new CreateXMLSignatureResponse(); - cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse, SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null)); - cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse, SAML_ASSERTION_XPATH)); - NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse, SAML_ATTRIBUTE_XPATH); - Element samlAttr; - List samlAttributes = new ArrayList(); - while ((samlAttr = (Element) attrIter.nextNode()) != null) { - String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", ""); - String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", ""); - String attrValue = XPathUtils.getElementValue(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH, ""); - samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); - } - SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; - samlAttributes.toArray(result); - cResp.setSamlAttributes(result); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - return cResp; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java deleted file mode 100644 index c28cfac76..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java +++ /dev/null @@ -1,350 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import iaik.security.ecc.ecdsa.ECDSAParameter; -import iaik.security.ecc.ecdsa.ECPublicKey; -import iaik.security.ecc.math.ecgroup.ECGroupFactory; -import iaik.security.ecc.math.ecgroup.ECPoint; -import iaik.security.ecc.math.ecgroup.EllipticCurve; -import iaik.security.ecc.math.ecgroup.ProjectiveCoordinate; -import iaik.security.ecc.math.field.Field; -import iaik.security.ecc.math.field.FieldElement; -import iaik.security.ecc.math.field.FieldFactory; -import iaik.security.ecc.math.field.Value; -import iaik.security.ecc.parameter.ECCParameterFactory; -import iaik.security.ecc.spec.ECCParameterSpec; -import java.math.BigInteger; -import java.security.PublicKey; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Vector; -import java.net.URL; -import org.w3c.dom.Attr; -import org.w3c.dom.Element; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.util.Constants; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class ECDSAKeyValueConverter -{ - /** Namespaces */ - public static final String NAMESPACE_XSI = "http://www.w3.org/2001/XMLSchema-instance"; - - /** - * Method element2ECDSAPublicKey. - * @param keyValueElem a DomElement containing an ECDSA Public Key - * @return PublicKey a java.security.publicKey - object - * @throws Exception on any error - */ - - public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception - { - String ecdsaNS = Constants.ECDSA_NS_URI; - // Domain parameters - Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1); - if (domainParams == null) throw new Exception("Domain parameters must not be implicit."); - Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1); - ECCParameterSpec eccParameterSpec; - if (namedCurve != null) - { - URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN")); - ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance(); - eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4)); - } - else - { - Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1); - Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1); - Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1); - Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1); - - // Field parameters - String fieldParamsTypeStr = fieldParams.getAttributeNS(NAMESPACE_XSI, "type"); - String ecdsaNSPrefix = getECDSANSPrefix(fieldParams); - BigInteger p = null; - int fieldParamsType = 0; - final int FIELD_TYPE_PRIME = 1; - final int FIELD_TYPE_TNB = 2; - final int FIELD_TYPE_PNB = 3; - int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1; - if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType")) - { - fieldParamsType = FIELD_TYPE_PRIME; - String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1); - p = new BigInteger(pStr, 10); - } - else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType")) - { - fieldParamsType = FIELD_TYPE_TNB; - String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); - m = Integer.parseInt(mStr); - String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1); - k = Integer.parseInt(kStr); - } - else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType")) - { - fieldParamsType = FIELD_TYPE_PNB; - String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); - m = Integer.parseInt(mStr); - String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1); - k1 = Integer.parseInt(k1Str); - String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1); - k2 = Integer.parseInt(k2Str); - String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1); - k3 = Integer.parseInt(k3Str); - } - else throw new Exception("Unknown field parameters."); - - // Curve parameters - Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1); - String aStr = aElem.getAttributeNS(null, "Value"); - Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1); - String bStr = bElem.getAttributeNS(null, "Value"); - String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1); - BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null; - - // Base point parameters - Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1); - Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1); - String basePointXStr = basePointXElem.getAttributeNS(null, "Value"); - Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1); - String basePointYStr = basePointYElem.getAttributeNS(null, "Value"); - String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1); - BigInteger order = new BigInteger(orderStr, 10); - String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1); - BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null; - - if (fieldParamsType == FIELD_TYPE_PRIME) - { - BigInteger a = new BigInteger(aStr, 10); - BigInteger b = new BigInteger(bStr, 10); - BigInteger basePointX = new BigInteger(basePointXStr, 10); - BigInteger basePointY = new BigInteger(basePointYStr, 10); - eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX, - basePointY, null); - } - else - { - int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)]; - if (fieldParamsType == FIELD_TYPE_TNB) - { - irreducible[m/32] = 1 << m % 32; - irreducible[k/32] += 1 << k % 32; - irreducible[0] += 1; - } - else - { - irreducible[m/32] = 1 << m % 32; - irreducible[k3/32] += 1 << k3 % 32; - irreducible[k2/32] += 1 << k2 % 32; - irreducible[k1/32] += 1 << k1 % 32; - irreducible[0] += 1; - } - eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr), - octetString2IntArray(bStr), octetString2IntArray(basePointXStr), - octetString2IntArray(basePointYStr), null); - } - } - - // Public key - Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1); - Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1); - String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value"); - Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1); - String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value"); - - ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, false); - ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance(); - EllipticCurve eCurve = ecGroupFactory.getCurveWithProjective(eccParameterSpec.getA(), - eccParameterSpec.getB(), eccParameterSpec.getR()); - Field field = eCurve.getField(); - - // Detect type of public key field elements - String elementType = publicKeyXElem.getAttributeNS(NAMESPACE_XSI, "type"); - String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1); - int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2; - int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName)) - ? FIELD_TYPE_PRIME - : FIELD_TYPE_CHAR_TWO; - - FieldElement publicKeyPointX, publicKeyPointY; - if (fieldElemType == FIELD_TYPE_PRIME) - { - Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10)); - publicKeyPointX = field.newElement(xValue); - Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10)); - publicKeyPointY = field.newElement(yValue); - } - else - { - publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr)); - publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr)); - } - ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX, - publicKeyPointY, field.getONEelement()); - ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate); - ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint); - - return publicKey; - } - - /** - * Method getECDSANSPrefix. - * @param element to get the prefix - * @return String the prefix - */ - private static String getECDSANSPrefix(Element element) - { - // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than - // one NS prefix can be bound to the ECDSA namespace - - HashMap inScopeNSAttrs = getInScopeNSAttrs(element); - Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator(); - while (inScopeNSAttrsIt.hasNext()) - { - Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next()); - if (Constants.ECDSA_NS_URI.equals(currentAttr.getValue())) - { - return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6); - } - } - return null; - } - - /** - * Method octetString2IntArray. - * Converts an octet string representation into an int array as needed for the IAIK ECC library - * @param octetString rightmost byte is least significant byte - * @return int[] rightmost byte is LEAST significant byte - */ - private static int[] octetString2IntArray(String octetString) - { - int byteCount = octetString.length()/2; - int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)]; - for (int i = 0; i < byteCount; i++) - { - int oSStartPos = octetString.length() - (i + 1) * 2; - int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16); - intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8); - } - return intArray; - } - - /** - * Converts an octet string representation into a byte array as needed for the IAIK ECC library - * @param octetString rightmost byte is least significant byte - * @return byte[] rightmost byte is MOST significant byte - */ - private static byte[] octetString2ByteArray(String octetString) - { - int byteCount = octetString.length()/2; - byte[] byteArray = new byte[byteCount]; - for (int i = 0; i < byteCount; i++) - { - int oSStartPos = octetString.length() - (i + 1) * 2; - byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring( - oSStartPos, oSStartPos + 2), 16); - } - return byteArray; - } - - /** - * Method evenStringLength. - * @param hexString - * @return String - */ - - private static String evenStringLength(String hexString) - { - return (hexString.length() % 2 != 0) ? "0" + hexString : hexString; - } - - /** - * Method getChildElement. - * @param parent - * @param namespace - * @param localName - * @param instance - * @return Element - */ - - private static Element getChildElement(Element parent, String namespace, String localName, - int instance) - { - NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName); - if (namedElements.getLength() < instance) return null; - return (Element)namedElements.item(instance - 1); - } - - /** - * Method getChildElementText. - * @param parent Element - * @param namespace String - * @param localName String - * @param instance int - * @return String - */ - - private static String getChildElementText(Element parent, String namespace, String localName, - int instance) - { - Element child = getChildElement(parent, namespace, localName, instance); - if (child == null) return null; - NodeList childNodes = child.getChildNodes(); - int nodeCount = 0; - while (nodeCount < childNodes.getLength()) - { - Node currentNode = childNodes.item(nodeCount); - if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue(); - nodeCount++; - } - return null; - } - - /** - * Method getInScopeNSAttrs. - * @param element element - * @return HashMap - */ - public static HashMap getInScopeNSAttrs(Element element) - { - // Get all ancestors of element - Vector ancestors = new Vector(); - ancestors.add(element); - Node currentAncestor = element; - while ((currentAncestor = currentAncestor.getParentNode()) != null && - currentAncestor.getNodeType() == Node.ELEMENT_NODE) - { - ancestors.add(currentAncestor); - } - - // Scan all ancestors for NS attributes - HashMap inScopeNSAttrs = new HashMap(); - for (int i = ancestors.size() - 1; i >= 0; i--) - { - Element currentAncestorElem = (Element)ancestors.get(i); - NamedNodeMap attrs = currentAncestorElem.getAttributes(); - for (int j = 0; j < attrs.getLength(); j++) - { - Attr currentAttr = (Attr)attrs.item(j); - String currentAttrName = currentAttr.getNodeName(); - if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:")) - { - inScopeNSAttrs.put(currentAttrName, currentAttr); - } - } - } - - // Check if default NS attribute is in list; if value is empty remove it from list - Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns"); - if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns"); - - return inScopeNSAttrs; - } -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java deleted file mode 100644 index 4fbc58977..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ /dev/null @@ -1,89 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an <code><InfoboxReadResponse></code>. - * - * @author Stefan Knirsch - * @version $Id$ - */ - -public class ErrorResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL10 + "ErrorResponse/"; - /** Xpath expression to the ErrorCode element */ - private static final String ERROR_CODE_XPATH = - ROOT + SL10 + "ErrorCode"; - /** Xpath expression to the Info element */ - private static final String ERROR_INFO_XPATH = - ROOT + SL10 + "Info"; - - - /** This is the root element of the XML-Document provided by the Security Layer Card */ - private Element errorElement; - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws ParseException on any error - */ - public ErrorResponseParser(String xmlResponse) throws ParseException { - try { - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - errorElement = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws ParseException on any error - */ - public ErrorResponseParser(InputStream xmlResponse) throws ParseException { - try { - errorElement = DOMUtils.parseXmlValidating(xmlResponse); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - - /** - * Method getErrorCode. returns the error code - * @return String - */ - public String getErrorCode() { - - return XPathUtils.getElementValue(errorElement,ERROR_CODE_XPATH,null); - } - - /** - * Method getErrorInfo: returns the information about the error - * @return String - */ - public String getErrorInfo() { - - return XPathUtils.getElementValue(errorElement,ERROR_INFO_XPATH,null); - } - - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java deleted file mode 100644 index f9ef54884..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ /dev/null @@ -1,266 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.security.interfaces.RSAPublicKey; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.PublicKey; -import java.util.ArrayList; -import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an identity link <code><saml:Assertion></code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class IdentityLinkAssertionParser { - - // - // XPath namespace prefix shortcuts - // - - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = Constants.PD_PREFIX + ":"; - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath prefix for reaching ECDS Namespaces */ - private static final String ECDSA = Constants.ECDSA_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SAML + "Assertion/"; - /** Xpath expression to the SAMLSubjectConfirmationData element */ - private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Subject/" - + SAML - + "SubjectConfirmation/" - + SAML - + "SubjectConfirmationData"; - /** Xpath expression to the PersonData element */ - private static final String PERSON_XPATH = - SAML_SUBJECT_CONFIRMATION_DATA_XPATH - + "/" - + PDATA - + "Person"; - /** Xpath expression to the PersonData GivenName element */ - private static final String PERSON_GIVEN_NAME_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Name/" - + PDATA - + "GivenName"; - /** Xpath expression to the PersonData FamilyName element */ - private static final String PERSON_FAMILY_NAME_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Name/" - + PDATA - + "FamilyName"; - /** Xpath expression to the PersonData DateOfBirth element */ - private static final String PERSON_DATE_OF_BIRTH_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "DateOfBirth"; - /** Xpath expression to the Identification element */ - private static final String PERSON_IDENT_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Identification"; - - /** Xpath expression to the Identification Value element */ - private static final String PERSON_IDENT_VALUE_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Identification/" - + PDATA - + "Value"; - /** Xpath expression to the RSAKeyValue element */ - private static final String RSA_KEY_VALUE_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Attribute/" - + SAML - + "AttributeValue/" - + DSIG - + "RSAKeyValue"; - /** Xpath expression to the RSA Modulus element */ - private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus"; - /** Xpath expression to the RSA Exponent element */ - private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent"; - /** Xpath expression to the DSIG X509Certificate element */ - private static final String DSIG_CERTIFICATES_XPATH = - ROOT - + DSIG - + "Signature/" - + DSIG - + "KeyInfo/" - + DSIG - + "X509Data/" - + DSIG - + "X509Certificate"; - /** Xpath expression to the DSIG Transforms element */ - private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH = - ROOT - + DSIG - + "Signature/" - + DSIG - + "SignedInfo/" - + DSIG - + "Reference/" - + DSIG - + "Transforms"; - - /**This is the root element of the XML-Document provided by the Security Layer Card*/ - private Element assertionElem; - - /** - * Constructor for <code>IdentityLinkAssertionParser</code>. - * A DOM-representation of the incoming String will be created - * @param xmlAssertion <code><saml:Assertion></code> as String - * @throws ParseException on any parsing error - */ - public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException { - try { - InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8")); - assertionElem = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for <code>IdentityLinkAssertionParser</code>. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlAssertion <code><saml:Assertion></code> as InputStream - * @throws ParseException on any parsing error - */ - public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception { - try { - assertionElem = DOMUtils.parseXmlValidating(xmlAssertion); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - - /** - * Parses the identity link from the <code><saml:Assertion></code> - * @return Identity link - * @throws ParseException on any parsing error - */ - - public IdentityLink parseIdentityLink() throws ParseException { - IdentityLink identityLink; - try { - identityLink = new IdentityLink(); - //ÄNDERN: NUR der Identification-Teil - identityLink.setSamlAssertion(assertionElem); - identityLink.setPrPerson((Element) - XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH)); - identityLink.setIdentificationValue( - XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); - identityLink.setGivenName( - XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); - identityLink.setFamilyName( - XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "")); - identityLink.setDateOfBirth( - XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); - NodeIterator dsigRefTransforms = - XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH); - List transElems = new ArrayList(); - Element transformsElem; - while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) { - transElems.add(transformsElem); - } - Element[] result = new Element[transElems.size()]; - transElems.toArray(result); - identityLink.setDsigReferenceTransforms(result); - - identityLink.setPublicKey(getPublicKeys()); - - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - - return identityLink; - } - - /** - * Parses an array of Public Keys from the <code><InfoboxReadResponse></code> - * @return RSAPublicKey[] - * @throws IOException can occur when decoding the base64 values of the modulus and exponent - */ - public PublicKey[] getPublicKeys() throws IOException{ - - - List pubKeys = new ArrayList(); - //Try to get RSA-Keys - NodeIterator rsaIter = - XPathUtils.selectNodeIterator(assertionElem, RSA_KEY_VALUE_XPATH); - Element rsaElem; - while ((rsaElem = (Element) rsaIter.nextNode()) != null) { - String modulus = - XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, ""); - String exponent = - XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, ""); - - RSAPublicKey resPub = - new iaik.security.rsa.RSAPublicKey( - new BigInteger(1, Base64Utils.decode(modulus, true)), - new BigInteger(1, Base64Utils.decode(exponent, true))); - pubKeys.add(resPub);} - - PublicKey[] result = new PublicKey[pubKeys.size()]; - - pubKeys.toArray(result); - return result; - - } - /** - * Parses a string array of decoded base64 certificates from - * the <code><InfoboxReadResponse></code> found in the dsig-signature - * @return String[] with raw-certificates from the dsig-signature keyinfo - * @throws Exception - */ - public String[] getCertificates() throws Exception { - List certs = new ArrayList(); - NodeIterator rsaIter = - XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH); - Element certElem; - while ((certElem = (Element) rsaIter.nextNode()) != null) { - String content = DOMUtils.getText(certElem); - certs.add(new String(Base64Utils.decode(content, true))); - } - String[] result = new String[certs.size()]; - certs.toArray(result); - return result; - - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java deleted file mode 100644 index c1146218e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ /dev/null @@ -1,110 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an <code><InfoboxReadResponse></code>. - * - * @author Stefan Knirsch - * @version $Id$ - */ - -public class InfoboxReadResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL10 + "InfoboxReadResponse/"; - /** Xpath expression to the SAML:Assertion element */ - private static final String SAML_ASSERTION_XPATH = ROOT + SL10 + "BinaryFileData/" + SL10 + "XMLContent/" + SAML + "Assertion"; - - /** This is the root element of the XML-Document provided by the Security Layer Card*/ - private Element infoBoxElem; - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws ParseException on any parsing error - */ - public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException { - - ErrorResponseParser erp = new ErrorResponseParser(xmlResponse); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - infoBoxElem = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws ParseException on any parsing error - */ - public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException { - - ErrorResponseParser erp = new ErrorResponseParser(is); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - infoBoxElem = DOMUtils.parseXmlValidating(is); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Parses the embedded <code><saml:Assertion></code> element from <code><InfoboxReadResponse></code> - * @return <code><saml:Assertion></code> as String - * @throws ParseException on any parsing error - */ - public String parseSAMLAssertion() throws ParseException { - try { - Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem, SAML_ASSERTION_XPATH); - return DOMUtils.serializeNode(samlAssertion); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Parses the identity link from the <code><saml:Assertion></code> - * @return Identity link - * @throws ParseException on any parsing error - */ - - public IdentityLink parseIdentityLink() throws ParseException { - String samlAssertionString = parseSAMLAssertion(); - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString); - return ilParser.parseIdentityLink(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java deleted file mode 100644 index 7c4c01abe..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java +++ /dev/null @@ -1,58 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.IOException; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Parser for a SAML artifact. - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLArtifactParser { - /** byte array containing the SamlArtifact bytes */ - private byte[] samlArtifactBytes; - - /** - * Constructor - * @param samlArtifact as String - * @throws ParseException on any parsing error - */ - public SAMLArtifactParser(String samlArtifact) throws ParseException { - try { - samlArtifactBytes = Base64Utils.decode(samlArtifact, false); - } - catch (IOException ex) { - throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); - } - } - /** - * Parses the type code. - * @return type code - * @throws ParseException when SAML artifact is invalid - */ - public byte[] parseTypeCode() throws ParseException { - try { - byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]}; - return typeCode; - } - catch (Throwable ex) { - throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); - } - } - /** - * Parses the assertion handle. - * @return assertion handle - * @throws ParseException when SAML artifact is invalid - */ - public String parseAssertionHandle() throws ParseException { - try { - return new String(samlArtifactBytes, 22, 20); - } - catch (Throwable ex) { - throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java deleted file mode 100644 index c74dc64e8..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ /dev/null @@ -1,159 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import iaik.utils.Base64InputStream; -import iaik.x509.X509Certificate; -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses a <code><VerifyXMLSignatureResponse></code> returned by - * MOA-SPSS. - * This class implements the Singleton pattern - * - * @author Stefan Knirsch - * @version $Id$ - */ - - -public class VerifyXMLSignatureResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching MOA Namespaces */ - private static final String MOA = Constants.MOA_PREFIX + ":"; - /** Xpath prefix for reaching DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */ - private static final String SL11 = Constants.SL11_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; - - /** Xpath expression to the X509SubjectName element */ - private static final String DSIG_SUBJECT_NAME_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - DSIG + "X509SubjectName"; - /** Xpath expression to the X509Certificate element */ - private static final String DSIG_X509_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - DSIG + "X509Certificate"; - /** Xpath expression to the PublicAuthority element */ - private static final String PUBLIC_AUTHORITY_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - MOA + "PublicAuthority"; - /** Xpath expression to the PublicAuthorityCode element */ - private static final String PUBLIC_AUTHORITY_CODE_XPATH = - PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; - /** Xpath expression to the QualifiedCertificate element */ - private static final String QUALIFIED_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - SL11 + "QualifiedCertificate"; - - /** Xpath expression to the SignatureCheckCode element */ - private static final String SIGNATURE_CHECK_CODE_XPATH = - ROOT + MOA + "SignatureCheck/" + MOA + "Code"; - /** Xpath expression to the XMLDSIGManifestCheckCode element */ - private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = - ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; - /** Xpath expression to the CertificateCheckCode element */ - private static final String CERTIFICATE_CHECK_CODE_XPATH = - ROOT + MOA + "CertificateCheck/" + MOA + "Code"; - - - /** This is the root element of the XML-Document provided by the Security Layer Card*/ - private Element verifyXMLSignatureResponse; - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws ParseException on any parsing error - */ - public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{ - try { - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - - verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws Exception on any parsing error - */ - public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception - { - try { - verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * The incoming Element will be used for further operations - * @param xmlResponse <code><InfoboxReadResponse></code> as Element - */ - public VerifyXMLSignatureResponseParser(Element xmlResponse) - { - verifyXMLSignatureResponse =xmlResponse; - - } - - /** - * Parse identity link from <code><InfoboxReadResponse></code> - * @return Identity link - * @throws ParseException on any parsing error - */ - - public VerifyXMLSignatureResponse parseData() throws ParseException { - VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); - - try { - - respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); - Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); - respData.setQualifiedCertificate(e!=null); - - Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( - verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); - - respData.setX509certificate(new X509Certificate(in)); - - Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH); - respData.setPublicAuthority(publicAuthority != null); - respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); - respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); - - String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); - if (xmlDsigCheckCode!=null) - { - respData.setXmlDSIGManigest(true); - respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); - } - else - respData.setXmlDSIGManigest(false); - respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - return respData; - } - - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java deleted file mode 100644 index 6ff52bc4a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ /dev/null @@ -1,156 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.URLDecoder; - -/** - * Base class for MOA-ID Auth Servlets, providing standard error handling - * and constant names. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { - - - /** - * Handles an error. <br> - * <ul> - * <li>Logs the error</li> - * <li>Places error message and exception thrown into the request - * as request attributes (to be used by <code>"/errorpage.jsp"</code>)</li> - * <li>Sets HTTP status 500 (internal server error)</li> - * </ul> - * - * @param errorMessage error message - * @param exceptionThrown exception thrown - * @param req servlet request - * @param resp servlet response - */ - protected void handleError( - String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { - - - if(null != errorMessage) { - Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage ); - } - - if (null != exceptionThrown) { - if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); - Logger.error(errorMessage, exceptionThrown); - req.setAttribute("ExceptionThrown", exceptionThrown); - } - - //forward this to errorpage.jsp wher the HTML error page is generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); - try { - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - - } - /** - * Handles a <code>WrongParametersException</code>. - * @param req servlet request - * @param resp servlet response - */ - protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { - Logger.error(ex.toString()); - req.setAttribute("WrongParameters", ex.getMessage()); - - // forward this to errorpage.jsp where the HTML error page is generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); - try { - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - } - - /** - * Logs all servlet parameters for debugging purposes. - */ - protected void logParameters(HttpServletRequest req) { - for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements(); ) { - String parname = (String)enum.nextElement(); - Logger.debug("Parameter " + parname + req.getParameter(parname)); - } - } - /** - * Parses the request input stream for parameters, - * assuming parameters are encoded UTF-8. - * @param req servlet request - * @return mapping parameter name -> value - */ - protected Map getParameters(HttpServletRequest req) throws IOException { - Map parameters = new HashMap(); - InputStream in = req.getInputStream(); - String paramName; - String paramValueURLEncoded; - do { - paramName = new String(readBytesUpTo(in, '=')); - if (paramName.length() > 0) { - paramValueURLEncoded = readBytesUpTo(in, '&'); - String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); - parameters.put(paramName, paramValue); - } - } - while (paramName.length() > 0); - in.close(); - - return parameters; - } - /** - * Reads bytes up to a delimiter, consuming the delimiter. - * @param in input stream - * @param delimiter delimiter character - * @return String constructed from the read bytes - * @throws IOException - */ - protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - boolean done = false; - int b; - while (! done && (b = in.read()) >= 0) { - if (b == delimiter) - done = true; - else - bout.write(b); - } - return bout.toString(); - } - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - super.init(servletConfig); - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java deleted file mode 100644 index 1dc1897b2..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ /dev/null @@ -1,80 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.text.DateFormat; -import java.util.Date; -import java.util.Locale; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for updating the MOA-ID Auth configuration from configuration file - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConfigurationServlet extends HttpServlet { - /** Constant for the DTD-Doc type */ - private static final String DOC_TYPE = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; - - /** - * Handle a HTTP GET request, used to indicated that the MOA - * configuration needs to be updated (reloaded). - * - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - - MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("<head><title>MOA configuration update</title></head>"); - out.println("<body bgcolor=\"#FFFFFF\">"); - try { - MOAIDAuthInitializer.initialized=false; - MOAIDAuthInitializer.initialize(); - String message = msg.getMessage("config.00", new Object[] - { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); - - Logger.info(message); - //TODO low-priority: change to ErrorPage - out.println("<p><b>"); - out.println(message); - out.println("</b></p>"); - } catch (Throwable t) { - String errorMessage = msg.getMessage("config.04", null); - Logger.error(errorMessage, t); - out.println("<p><b>"); - out.println(errorMessage); - out.println("</b></p>"); - } - out.println("</body>"); - - out.flush(); - out.close(); - } - - /** - * Do the same as <code>doGet</code>. - * - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - public void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - doGet(request, response); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java deleted file mode 100644 index c41b514c8..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ /dev/null @@ -1,135 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.util.Calendar; - -import org.apache.axis.AxisFault; -import org.w3c.dom.Element; - -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Web service for picking up authentication data created in the MOA-ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData - */ -public class GetAuthenticationDataService implements Constants { - - /** - * Constructor for GetAuthenticationDataService. - */ - public GetAuthenticationDataService() { - super(); - } - - /** - * Takes a <code>lt;samlp:Request></code> containing a - * <code>SAML artifact</code> and returns the corresponding - * authentication data <code>lt;saml:Assertion></code> - * (obtained from the <code>AuthenticationServer</code>), - * enclosed in a <code>lt;samlp:Response></code>. - * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode></code>s, - * possibly containing enclosed sub-<code>lt;samlp:StatusCode></code>s. - * The status codes are defined in the SAML specification. - * - * @param requests request elements of type <code>lt;samlp:Request></code>; - * only 1 request element is allowed - * @return response element of type <code>lt;samlp:Response></code>, - * packed into an <code>Element[]</code> - * @throws AxisFault thrown when an error occurs in assembling the - * <code>lt;samlp:Response></code> - */ - public Element[] Request(Element[] requests) - throws AxisFault { - - Element request = requests[0]; - Element[] responses = new Element[1]; - String requestID = ""; - String statusCode = ""; - String subStatusCode = null; - String statusMessageCode = null; - String statusMessage = null; - String samlAssertion = ""; - if (requests.length > 1) { - // more than 1 request given as parameter - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1201"; - } - else { - try { - DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); - NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); - if (samlArtifactList.getLength() == 0) { - // no SAML artifact given in request - statusCode = "samlp:Requester"; - statusMessageCode = "1202"; - } - else if (samlArtifactList.getLength() > 1) { - // too many SAML artifacts given in request - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1203"; - } - else { - Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = samlArtifactElem.getAttribute("RequestID"); - String samlArtifact = DOMUtils.getText(samlArtifactElem); - try { - AuthenticationData authData = AuthenticationServer.getInstance(). - getAuthenticationData(samlArtifact); - // success - samlAssertion = authData.getSamlAssertion(); - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } - } - } - catch (Throwable t) { - // invalid request format - statusCode = "samlp:Requester"; - statusMessageCode = "1204"; - } - } - try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); - if (statusMessage == null) - statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); - responses[0] = new SAMLResponseBuilder().build( - responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); - } - catch (MOAIDException e) { - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - catch (Throwable t) { - MOAIDException e = new MOAIDException("1299", null, t); - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - return responses; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java deleted file mode 100644 index 422ddf0a3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ /dev/null @@ -1,96 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for selecting a BKU. - * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete, - * the browser is redirected to the configured "BKU-Auswahl-URL". - * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect, - * the list of available BKU's is fetched from a BKU-Auswahl server, and presented - * to the user in an HTML form. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SelectBKUServlet extends AuthServlet { - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - try { - super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } - } - - /** - * Responds with an HTML form which requests the user to choose a BKU. - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); - String templateURL = req.getParameter(PARAM_TEMPLATE); - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - - try { - String returnValue = AuthenticationServer.getInstance().selectBKU( - authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; - resp.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - } - else { - // bkuSelectionType==HTMLSelect - String htmlForm = returnValue; - resp.setContentType("text/html"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(htmlForm); - out.flush(); - Logger.debug("Finished GET SelectBKU"); - } - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (Throwable ex) { - handleError(null, ex, req, resp); - } - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java deleted file mode 100644 index 6308742bf..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ /dev/null @@ -1,103 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for starting a MOA ID authentication session. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @see AuthenticationServer#startAuthentication - */ -public class StartAuthenticationServlet extends AuthServlet { - - /** - * Responds with an HTML form which upon submit requests the identity link - * from the security layer implementation. - * <br> - * Response: - * <ul> - * <li>Content type: <code>"text/html"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - try { - String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID); - resp.setContentType("text/html"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - Logger.debug("Finished GET StartAuthentication"); - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - } - - - /** - * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - doGet(req, resp); - } - - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - try { - super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java deleted file mode 100644 index eda0c6726..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ /dev/null @@ -1,109 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.net.URLEncoder; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for verifying the signed authentication block - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class VerifyAuthenticationBlockServlet extends AuthServlet { - - - /** - * Constructor for VerifyAuthenticationBlockServlet. - */ - public VerifyAuthenticationBlockServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET VerifyAuthenticationBlock"); - } - - /** - * Verifies the signed authentication block and redirects the browser - * to the online application requested, adding a parameter needed for - * retrieving the authentication data. - * <br> - * Request parameters: - * <ul> - * <li>MOASessionID: ID of associated authentication session</li> - * <li>XMLResponse: <code><CreateXMLSignatureResponse></code></li> - * </ul> - * Response: - * <ul> - * <li>Status: <code>302</code></li> - * <li>Header <code>"Location"</code>: URL of the online application requested, with - * parameters <code>"Target"</code> and <code>"SAMLArtifact"</code> added</li> - * <li>Error status: <code>500</code> - * </ul> - * @see AuthenticationServer#verifyAuthenticationBlock - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyAuthenticationBlock"); - Map parameters = getParameters(req); - String sessionID = req.getParameter(PARAM_SESSIONID); - String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - - // debug XMLSignatureResponse from BKU - if(null != createXMLSignatureResponse) - AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse); - try { - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget()); - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64)); - redirectURL = resp.encodeRedirectURL(redirectURL); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - - } - /** - * Adds a parameter to a URL. - * @param url the URL - * @param paramname parameter name - * @param paramvalue parameter value - * @return the URL with parameter added - */ - private static String addURLParameter(String url, String paramname, String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java deleted file mode 100644 index 55bce7af3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ /dev/null @@ -1,95 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for verifying the identity link - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class VerifyIdentityLinkServlet extends AuthServlet { - - /** - * Constructor for VerifyIdentityLinkServlet. - */ - public VerifyIdentityLinkServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET VerifyIdentityLink"); - } - - /** - * Verifies the identity link and responds with a new - * <code>CreateXMLSignatureRequest</code>. - * <br> - * Request parameters: - * <ul> - * <li>MOASessionID: ID of associated authentication session</li> - * <li>XMLResponse: <code><InfoboxReadResponse></code></li> - * </ul> - * Response: - * <ul> - * <li>Content type: <code>"text/xml"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyIdentityLink"); - Map parameters = getParameters(req); - String sessionID = req.getParameter(PARAM_SESSIONID); - String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE); - // debug output - if(null != infoboxReadResponse) - AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse); - try { - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - resp.setContentType("text/xml"); - // debug output - if(null != createXMLSignatureRequest) - AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest); - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java deleted file mode 100644 index e596e79a4..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ /dev/null @@ -1,106 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * - * This class is used to validate an {@link CreateXMLSignatureResponse} - * returned by the security layer. - * This class implements the Singleton pattern. - * @author Stefan Knirsch - * @version $Id$ - */ -public class CreateXMLSignatureResponseValidator { - - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath expression to the SAML:Assertion element */ - private static final String ROOT = SAML + "Assertion"; - /** Xpath expression to the SAML:NameIdentifier element */ - private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = - SAML + "AttributeStatement/" + SAML + "Subject/" + - SAML + "NameIdentifier"; - /** Xpath expression to the SAML:Attribute element */ - private static final String SAML_ATTRIBUTE_XPATH = - ROOT + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; - /** Xpath expression to the SAML:AttributeValue element */ - private static final String SAML_ATTRIBUTE_VALUE_XPATH = - SAML + "AttributeValue"; - - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static CreateXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton CreateXMLSignatureResponseValidator. - * @return an instance of CreateXMLSignatureResponseValidator - * @throws ValidateException if no instance can be created - */ - public static synchronized CreateXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new CreateXMLSignatureResponseValidator(); - } - return instance; - } - - - /** - * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} - * @param createXMLSignatureResponse - * @param gbTarget - * @param oaURL - * @throws ValidateException - */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, String gbTarget, String oaURL) - throws ValidateException { - - // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - - XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH); - - SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes(); - boolean foundOA = false; - boolean foundGB = false; - for (int i = 0; i < samlattributes.length; i++) - { - if (samlattributes[i].getName().equals("Geschäftsbereich")) - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) - - { - foundGB = true; - if (!gbTarget.equals(samlattributes[i].getValue())) - { - throw new ValidateException("validator.13", null); - } - } - else throw new ValidateException("validator.12", null); - if (samlattributes[i].getName().equals("OA")) - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) - { - foundOA = true; - if (!oaURL.equals(samlattributes[i].getValue())) // CHECKS für die AttributeVALUES fehlen noch - { - throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()}); - } - - } - else throw new ValidateException("validator.15", null); - } - if (!foundOA) throw new ValidateException("validator.14", null); - if (!foundGB) throw new ValidateException("validator.11", null); - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(createXMLSignatureResponse.getSamlAssertion(),DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", null); - - - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java deleted file mode 100644 index 42e3e946f..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ /dev/null @@ -1,156 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * - * This class is used to validate an {@link IdentityLink} - * returned by the security layer - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class IdentityLinkValidator implements Constants { - - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = PD_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = DSIG_PREFIX + ":"; - /** Xpath prefix for reaching ECDSA Namespaces */ - private static final String ECDSA = ECDSA_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SAML + "Assertion/"; - /** Xpath expression to the SAML:SubjectConfirmationData element */ - private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Subject/" - + SAML - + "SubjectConfirmation/" - + SAML - + "SubjectConfirmationData"; -/** Xpath expression to the PersonData:Person element */ - private static final String PERSON_XPATH = - SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; - /** Xpath expression to the SAML:Attribute element */ - private static final String ATTRIBUTE_XPATH = - ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; - /** Xpath expression to the SAML:AttributeName attribute */ - private static final String ATTRIBUTE_NAME_XPATH = - ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; - /** Xpath expression to the SAML:AttributeNamespace attribute */ - private static final String ATTRIBUTE_NAMESPACE_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Attribute/@AttributeNamespace"; - /** Xpath expression to the SAML:AttributeValue element */ - private static final String ATTRIBUTE_VALUE_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Attribute/" - + SAML - + "AttributeValue"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static IdentityLinkValidator instance; - - /** - * Constructor for a singleton IdentityLinkValidator. - * @return a new IdentityLinkValidator instance - * @throws ValidateException if no instance can be created - */ - public static synchronized IdentityLinkValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new IdentityLinkValidator(); - } - return instance; - } - - /** - * Method validate. Validates the {@link IdentityLink} - * @param identityLink The identityLink to validate - * @throws ValidateException on any validation error - */ - public void validate(IdentityLink identityLink) throws ValidateException { - - //Search the SAML:ASSERTION Object (A2.054) - if (identityLink.getSamlAssertion() == null) - throw new ValidateException("validator.00", null); - - // Check how many saml:Assertion/saml:AttributeStatement/ - // saml:Subject/ saml:SubjectConfirmation/ - // saml:SubjectConfirmationData/pr:Person of type - // PhysicalPersonType exist (A2.056) - NodeList nl = - XPathUtils.selectNodeList(identityLink.getSamlAssertion(), PERSON_XPATH); - // If we have just one Person-Element we don't need to check the attributes - int counterPhysicalPersonType = 0; - if (nl.getLength() > 1) - for (int i = 0; i < nl.getLength(); i++) { - String xsiType = - ((Element) nl.item(i)) - .getAttributeNodeNS( - "http://www.w3.org/2001/XMLSchema-instance", - "type") - .getNodeValue(); - // We have to check if xsiType contains "PhysicalPersonType" - // An equal-check will fail because of the Namespace-prefix of the attribute value - if (xsiType.indexOf("PhysicalPersonType") > -1) - counterPhysicalPersonType++; - } - if (counterPhysicalPersonType > 1) - throw new ValidateException("validator.01", null); - - //Check the SAML:ATTRIBUTES - nl = XPathUtils.selectNodeList(identityLink.getSamlAssertion(), ATTRIBUTE_XPATH); - for (int i = 0; i < nl.getLength(); i++) { - String attributeName = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeName", - null); - String attributeNS = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeNamespace", - null); - if (attributeName.equals("CitizenPublicKey")) { - if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#")) { - Element attributeValue = - (Element) XPathUtils.selectSingleNode((Element) nl.item(i),SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); - if (attributeValue == null) - throw new ValidateException("validator.02", null); - } - else - throw new ValidateException("validator.03", null); - } - else - throw new ValidateException("validator.04", null); - } - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(identityLink.getSamlAssertion(),ROOT + DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", null); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java deleted file mode 100644 index a6685fca8..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown while validating an incoming XML structure - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ValidateException extends MOAIDException { - - /** - * Constructor for ValidateException. - * @param messageId - * @param parameters - */ - public ValidateException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ValidateException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ValidateException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java deleted file mode 100644 index 8de475f95..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ /dev/null @@ -1,125 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; - -import iaik.asn1.structures.Name; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; - -/** - * This class is used to validate an {@link VerifyXMLSignatureResponse} - * returned by MOA-SPSS - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureResponseValidator { - - /** Identification string for checking identity link */ - public static final String CHECK_IDENTITY_LINK = "IdentityLink"; - /** Identification string for checking authentication block */ - public static final String CHECK_AUTH_BLOCK = "AuthBlock"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static VerifyXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton VerifyXMLSignatureResponseValidator. - */ - public static synchronized VerifyXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new VerifyXMLSignatureResponseValidator(); - } - return instance; - } - - /** - * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. - * - * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code> - * @param identityLinkSignersSubjectDNNames subject names configured - * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated - * @throws ValidateException on any validation error - */ - public void validate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - String[] identityLinkSignersSubjectDNNames, String whatToCheck) - throws ValidateException { - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); - //TODO enhance error messages (reason why check failed) - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", null); - else - throw new ValidateException("validator.19", null); - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); - //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not - if (identityLinkSignersSubjectDNNames != null) { - String subjectDN = ""; - X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); - try { - subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); - } - catch (RFC2253NameParserException e) { - throw new ValidateException("validator.17", null); - } - boolean found = false; - for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) { - if (identityLinkSignersSubjectDNNames[i].equals(subjectDN)) - found = true; - } - if (!found) - throw new ValidateException( - "validator.18", - new Object[] { subjectDN }); - } - } - - /** - * Method validateCertificate. - * @param vsr is the VerifyXMLSignatureResponse - * @param idl - * @throws ValidateException - */ - public void validateCertificate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - IdentityLink idl) - throws ValidateException { - - X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); - PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); - - RSAPublicKey pubKeyResponse = (RSAPublicKey) x509Response.getPublicKey(); - - boolean found = false; - for (int i = 0; i < pubKeysIdentityLink.length; i++) { - if (idl.getPublicKey()[i] - instanceof java.security.interfaces.RSAPublicKey) { - /* for (int j = 0; - j < idl.getPublicKey()[i].getClass().getInterfaces().length; - j++) { - if (idl.getPublicKey()[i].getClass().getInterfaces()[j].getName() - .equals("java.security.interfaces.RSAPublicKey")) {*/ - RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; - if (rsakey.getModulus().equals(pubKeyResponse.getModulus()) - && rsakey.getPublicExponent().equals( - pubKeyResponse.getPublicExponent())) - found = true; - } - - } - - if (!found) - throw new ValidateException("validator.09", null); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java deleted file mode 100644 index 6d3e05c29..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ /dev/null @@ -1,697 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -import iaik.pki.pathvalidation.ChainingModes; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -import java.io.ByteArrayInputStream; -import java.math.BigInteger; -import java.security.Principal; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.w3c.dom.Attr; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * A class that builds configuration data from a DOM based representation. - * - * @author Patrick Peck - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConfigurationBuilder { - - // - // XPath namespace prefix shortcuts - // - /** an XPATH-Expression */ - private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; - /** an XPATH-Expression */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - - // - // chaining mode constants appearing in the configuration file - // - /** an XPATH-Expression */ - private static final String CM_CHAINING = "chaining"; - /** an XPATH-Expression */ - private static final String CM_PKIX = "pkix"; - /** an XPATH-Expression */ - private static final String DEFAULT_ENCODING = "UTF-8"; - - /** - * Default online application configuration file name - * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>). - */ - public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; - - // - // XPath expressions to select certain parts of the configuration - // - /** an XPATH-Expression */ - private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; - /** an XPATH-Expression */ - private static final String ROOTOA = "/" + CONF + "Configuration/"; - /** an XPATH-Expression */ - private static final String AUTH_BKU_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; - /** an XPATH-Expression */ - private static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; - - /** an XPATH-Expression */ - private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; - /** an XPATH-Expression */ - private static final String PROXY_AUTH_XPATH = - ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; - - /** an XPATH-Expression */ - private static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; - /** an XPATH-Expression */ - private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; - /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; - /** an XPATH-Expression */ - private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; - /** an XPATH-Expression */ - private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_URL_XPATH = - CONF + "ConnectionParameter/@URL"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = - CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = - CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = - CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; - /** an XPATH-Expression */ - private static final String GENERIC_CONFIGURATION_XPATH = - ROOT + CONF + "GenericConfiguration"; - /** an XPATH-Expression */ - private static final String OACONF_LOGIN_TYPE_XPATH = - ROOTOA + CONF + "LoginType"; - /** an XPATH-Expression */ - private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = - ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; - /** an XPATH-Expression */ - private static final String OACONF_USER_ID_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; - /** an XPATH-Expression */ - private static final String OACONF_PASSWORD_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; - /** an XPATH-Expression */ - private static final String OACONF_HEADER_AUTH_HEADER_XPATH = - ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; - /** an XPATH-Expression */ - private static final String CHAINING_MODES_XPATH = - ROOT + CONF + "ChainingModes"; - /** an XPATH-Expression */ - private static final String CHAINING_MODES_DEFAULT_XPATH = - CHAINING_MODES_XPATH + "/@systemDefaultMode"; - /** an XPATH-Expression */ - private static final String TRUST_ANCHOR_XPATH = - ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; - /** an XPATH-Expression */ - private static final String ISSUER_XPATH = DSIG + "X509IssuerName"; - /** an XPATH-Expression */ - private static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; - /** an XPATH-Expression */ - private static final String TRUSTED_CA_CERTIFICATES_XPATH = - ROOT + CONF + "TrustedCACertificates"; - - - /** - * main configuration file directory name used to configure MOA-ID - */ - private String rootConfigFileDir; - - /** The root element of the MOA-ID configuration */ - private Element configElem; - - /** - * Creates a new <code>MOAConfigurationProvider</code>. - * - * @param configElem The root element of the MOA-ID configuration. - */ - public ConfigurationBuilder(Element configElem, String rootConfigDir) { - this.configElem = configElem; - this.rootConfigFileDir = rootConfigDir; - } - - /** - * Returns the root element of the MOA-ID configuration. - * - * @return The root element of the MOA-ID configuration. - */ - public Element getConfigElem() { - return configElem; - } - - /** - * Build a ConnectionParameter object containing all information - * of the moa-sp element in the authentication component - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter buildAuthBKUConnectionParameter() { - - Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH); - if (authBKU==null) return null; - return buildConnectionParameter(authBKU); - } - - /** - * Method buildAuthBKUSelectionType. - * - * Build a string with the configuration value of BKUSelectionAlternative - * - * @return String - */ - public String buildAuthBKUSelectionType() { - - Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH); - if (authBKU==null) return null; - return (authBKU).getAttribute("BKUSelectionAlternative"); - } - - /** - * Build a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - public String[] buildTransformsInfoFileNames() { - - List transformsInfoFileNames = new ArrayList(); - NodeIterator tiIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - Attr tiElem; - - while ((tiElem = (Attr) tiIter.nextNode()) != null) { - - String tiFileName = tiElem.getNodeValue(); - transformsInfoFileNames.add(tiFileName); - } - String[] result = new String[transformsInfoFileNames.size()]; - transformsInfoFileNames.toArray(result); - - return result; - } - - /** - * Build a ConnectionParameter bean containing all information - * of the authentication component moa-sp element - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter buildMoaSpConnectionParameter() { - - Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH); - if (connectionParameter==null) return null; - return buildConnectionParameter(connectionParameter); - } - - /** - * Return a string with a url-reference to the VerifyIdentityLink trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyIdentityLink trust profile ID - */ - public String getMoaSpIdentityLinkTrustProfileID() { - return XPathUtils.getElementValue( - getConfigElem(), - AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, - ""); - } - /** - * Return a string representation of an URL pointing to trusted CA Certificates - * @return String representation of an URL pointing to trusted CA Certificates - */ - public String getTrustedCACertificates() { - return XPathUtils.getElementValue( - getConfigElem(), - TRUSTED_CA_CERTIFICATES_XPATH,null); - } - - /** - * Return a string with a url-reference to the VerifyAuthBlock trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - */ - public String getMoaSpAuthBlockTrustProfileID() { - return XPathUtils.getElementValue( - getConfigElem(), - AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, - ""); - } - /** - * Build a string array with references to all verify transform info - * IDs within the moa-sp part of the authentication component - * @return A string array containing all urls to the - * verify transform info IDs - */ - public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { - - List verifyTransformsInfoIDs = new ArrayList(); - NodeIterator vtIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); - Element vtElem; - - while ((vtElem = (Element) vtIter.nextNode()) != null) { - - String vtInfoIDs = DOMUtils.getText(vtElem); - verifyTransformsInfoIDs.add(vtInfoIDs); - } - String[] result = new String[verifyTransformsInfoIDs.size()]; - verifyTransformsInfoIDs.toArray(result); - - return result; - } - - /** - * Return a string array containing all X509 Subject Names - * of the Identity Link Signers - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - */ - public String[] getIdentityLink_X509SubjectNames() { - - List x509SubjectNameList = new ArrayList(); - NodeIterator x509Iter = - XPathUtils.selectNodeIterator( - getConfigElem(), - AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); - Element x509Elem; - - while ((x509Elem = (Element) x509Iter.nextNode()) != null) { - - String vtInfoIDs = DOMUtils.getText(x509Elem); - x509SubjectNameList.add(vtInfoIDs); - } - String[] result = new String[x509SubjectNameList.size()]; - x509SubjectNameList.toArray(result); - - return result; - } - - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for the authentication component of the online - * application - */ - public OAAuthParameter[] buildOnlineApplicationAuthParameters() { - - List OA_set = new ArrayList(); - NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH); - - for (int i = 0; i < OAIter.getLength(); i++) { - Element oAElem = (Element) OAIter.item(i); - Element authComponent = - (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); - - OAAuthParameter oap = new OAAuthParameter(); - oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); - //Check if there is an Auth-Block to read from configuration - if (authComponent!=null) - { - oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl"))); - oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); - oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); - } - OA_set.add(oap); - } - OAAuthParameter[] result = - new OAAuthParameter[OA_set.size()]; - OA_set.toArray(result); - - return result; - - } - - /** - * Build a bean containing all information about the ProxyComponent - * @return The ConnectionParameter for the Proxy Component - */ - public ConnectionParameter buildAuthComponentConnectionParameter() - { - - Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH); - if (connectionParameter==null) return null; - return buildConnectionParameter(connectionParameter); - - } - /** - * Method buildConnectionParameter: internal Method for creating a - * ConnectionParameter object with all data found in the incoming element - * @param root: this Element contains the ConnectionParameter - * @return ConnectionParameter - */ - protected ConnectionParameter buildConnectionParameter(Element root) - { - ConnectionParameter result = new ConnectionParameter(); - result.setAcceptedServerCertificates( - XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); - - result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( - result.getAcceptedServerCertificates(), rootConfigFileDir)); - - result.setUrl( - XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); - result.setClientKeyStore( - XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); - - result.setClientKeyStore(FileUtils.makeAbsoluteURL( - result.getClientKeyStore(), rootConfigFileDir)); - - result.setClientKeyStorePassword( - XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); - - if ((result.getAcceptedServerCertificates()==null) - && (result.getUrl()=="") - && (result.getClientKeyStore()==null) - && (result.getClientKeyStorePassword()=="")) - return null; - - return result; - } - - /** - * Build an array of OnlineApplication Parameter Beans containing information - * about the proxy component - * @return An OAProxyParameter array containing beans - * with all relevant information for the proxy component of the online - * application - */ - public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ - - List oA_list = new ArrayList(); - NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH); - - for (int i = 0; i < OAIter.getLength(); i++) { - Element oAElem = (Element) OAIter.item(i); - OAProxyParameter oap = new OAProxyParameter(); - - oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); - Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); - if (proxyComponentElem != null) { - oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); - oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir)); - // default session time out: 3600 sec = 1 h - oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); - oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); - oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); - oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); - - ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); - oap.setConnectionParameter(conPara); - - OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); - oap.setOaConfiguration(oaConf); - - oA_list.add(oap); - } - } - OAProxyParameter[] result = - new OAProxyParameter[oA_list.size()]; - oA_list.toArray(result); - - return result; - - } - - /** - * Build the mapping of generic configuration properties. - * - * @return a {@link Map} of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map buildGenericConfiguration() { - - Map genericConfiguration = new HashMap(); - NodeIterator gcIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - GENERIC_CONFIGURATION_XPATH); - Element gcElem; - - while ((gcElem = (Element) gcIter.nextNode()) != null) { - String gcName = gcElem.getAttribute("name"); - String gcValue = gcElem.getAttribute("value"); - - genericConfiguration.put(gcName, gcValue); - } - - return genericConfiguration; - } - /** - * Method buildOAConfiguration. - * - * Build an {@link OAConfiguration} Object from the given configuration DOM element - * - * @param root - * @return OAConfiguration - * @throws ConfigurationException - */ - public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ - - OAConfiguration oaConfiguration = new OAConfiguration(); - - //The LoginType hast to be "stateless" or "stateful" to be valid - oaConfiguration.setLoginType( - XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); - - //Try to build the Parameter Auth Parameters - NodeIterator paramAuthIter = - XPathUtils.selectNodeIterator( - root, - OACONF_PARAM_AUTH_PARAMETER_XPATH); - Element paramAuthElem; - HashMap paramAuthMap = new HashMap(); - while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { - String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); - String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); - if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); - paramAuthMap.put(name, value); - } - oaConfiguration.setParamAuthMapping(paramAuthMap); - // Try to build the BasicAuthParameters - oaConfiguration.setBasicAuthUserIDMapping( - XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); - oaConfiguration.setBasicAuthPasswordMapping( - XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); - - //Try to build the Parameter Auth Parameters - NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); - - Element headerAuthElem; - HashMap headerAuthMap = new HashMap(); - while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { - String name = - XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); - String value = - XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); - // Contains Key (Neue Config-Exception: doppelte werte) - if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); - headerAuthMap.put(name, value); - } - oaConfiguration.setHeaderAuthMapping(headerAuthMap); - - if (paramAuthMap.size() == 0) { - if (oaConfiguration.getBasicAuthUserIDMapping() == null) { - oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); - - return oaConfiguration; - } - - /** - * Reads the configuration file of the online application, and creates a DOM tree from it. - * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given, - * uses default configuration file location. - * - * @param oap configuration data of online application, meant for use by MOA-ID-PROXY - * @return Element DOM tree root element - * @throws ConfigurationException on any exception thrown - */ - private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException - { - try { - String configFileURL = oap.getConfigFileURL(); - if (configFileURL == null) { - // use default config file URL, when config file URL is not given - configFileURL = oap.getConnectionParameter().getUrl(); - if (configFileURL.charAt(configFileURL.length() - 1) != '/') - configFileURL += "/"; - configFileURL += DEFAULT_OA_CONFIG_FILENAME; - } - Logger.info("Loading MOA-OA configuration " + configFileURL); - Element configElem = DOMUtils.parseXmlValidating( - new ByteArrayInputStream(FileUtils.readURL(configFileURL))); - return configElem; - } - catch (Throwable t) { - throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); - } - } - - /** - * Returns the default chaining mode from the configuration. - * - * @return The default chaining mode. - */ - public String getDefaultChainingMode() { - String defaultChaining = - XPathUtils.getAttributeValue( - getConfigElem(), - CHAINING_MODES_DEFAULT_XPATH, - CM_CHAINING); - - return translateChainingMode(defaultChaining); - - } - /** - * Build the chaining modes for all configured trust anchors. - * - * @return The mapping from trust anchors to chaining modes. - */ - public Map buildChainingModes() { - Map chainingModes = new HashMap(); - NodeIterator trustIter = - XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); - Element trustAnchorElem; - - while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { - IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); - String mode = trustAnchorElem.getAttribute("mode"); - - if (issuerAndSerial != null) { - chainingModes.put(issuerAndSerial, translateChainingMode(mode)); - } - } - - return chainingModes; - } - - /** - * Build an <code>IssuerAndSerial</code> from the DOM representation. - * - * @param root The root element (being of type <code>dsig: - * X509IssuerSerialType</code>. - * @return The issuer and serial number contained in the <code>root</code> - * element or <code>null</code> if could not be built for any reason. - */ - private IssuerAndSerial buildIssuerAndSerial(Element root) { - String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); - String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); - - if (issuer != null && serial != null) { - try { - RFC2253NameParser nameParser = new RFC2253NameParser(issuer); - Principal issuerDN = nameParser.parse(); - - return new IssuerAndSerial(issuerDN, new BigInteger(serial)); - } catch (RFC2253NameParserException e) { - warn("config.09", new Object[] { issuer, serial }, e); - return null; - } catch (NumberFormatException e) { - warn("config.09", new Object[] { issuer, serial }, e); - return null; - } - } - return null; - } - - /** - * Translate the chaining mode from the configuration file to one used in the - * IAIK MOA API. - * - * @param chainingMode The chaining mode from the configuration. - * @return The chaining mode as provided by the <code>ChainingModes</code> - * interface. - * @see iaik.pki.pathvalidation.ChainingModes - */ - private String translateChainingMode(String chainingMode) { - if (chainingMode.equals(CM_CHAINING)) { - return ChainingModes.CHAIN_MODE; - } else if (chainingMode.equals(CM_PKIX)) { - return ChainingModes.PKIX_MODE; - } else { - return ChainingModes.CHAIN_MODE; - } - } - - /** - * Method warn. - * @param messageId to identify a country-specific message - * @param parameters for the logger - */ - // - // various utility methods - // - - private static void warn(String messageId, Object[] parameters) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - } - - /** - * Method warn. - * @param messageId to identify a country-specific message - * @param args for the logger - * @param t as throwabl - */ - private static void warn(String messageId, Object[] args, Throwable t) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java deleted file mode 100644 index 2ebec0398..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java +++ /dev/null @@ -1,31 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception signalling an error in the configuration. - * - * @author Patrick Peck - * @version $Id$ - */ -public class ConfigurationException extends MOAIDException { - - /** - * Create a <code>MOAConfigurationException</code>. - */ - public ConfigurationException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Create a <code>MOAConfigurationException</code>. - */ - public ConfigurationException( - String messageId, - Object[] parameters, - Throwable wrapped) { - - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java deleted file mode 100644 index 48e82011d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ /dev/null @@ -1,114 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -import java.math.BigInteger; -import java.security.Principal; -import java.security.cert.X509Certificate; -import java.util.Map; - -import at.gv.egovernment.moa.id.data.IssuerAndSerial; - -/** - * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>, - * providing functions common to both of them. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConfigurationProvider { - - /** - * Constructor - */ - public ConfigurationProvider() { - super(); - } - - /** - * The name of the system property which contains the file name of the - * configuration file. - */ - public static final String CONFIG_PROPERTY_NAME = - "moa.id.configuration"; - - /** - * The name of the generic configuration property giving the certstore directory path. - */ - public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = - "DirectoryCertStoreParameters.RootDir"; - - /** - * The name of the generic configuration property switching the ssl revocation checking on/off - */ - public static final String TRUST_MANAGER_REVOCATION_CHECKING = - "TrustManager.RevocationChecking"; - - - /** - * A <code>Map</code> which contains generic configuration information. Maps a - * configuration name (a <code>String</code>) to a configuration value (also a - * <code>String</code>). - */ - protected Map genericConfiguration; - - /** The default chaining mode. */ - protected String defaultChainingMode; - - /** - * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to - * chaining mode (a <code>String</code>) mapping. - */ - protected Map chainingModes; - - /** - * the URL for the trusted CA Certificates - */ - protected String trustedCACertificates; - - /** - * Returns the mapping of generic configuration properties. - * - * @return The mapping of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map getGenericConfiguration() { - return genericConfiguration; - } - - /** - * Returns the value of a parameter from the generic configuration section. - * - * @return the parameter value; <code>null</code> if no such parameter - */ - public String getGenericConfigurationParameter(String parameter) { - if (! genericConfiguration.containsKey(parameter)) - return null; - return (String)genericConfiguration.get(parameter); - } - - /** - * Return the chaining mode for a given trust anchor. - * - * @param trustAnchor The trust anchor for which the chaining mode should be - * returned. - * @return The chaining mode for the given trust anchor. If the trust anchor - * has not been configured separately, the system default will be returned. - */ - public String getChainingMode(X509Certificate trustAnchor) { - Principal issuer = trustAnchor.getIssuerDN(); - BigInteger serial = trustAnchor.getSerialNumber(); - IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); - - String mode = (String) chainingModes.get(issuerAndSerial); - return mode != null ? mode : defaultChainingMode; - } - - /** - * Returns the trustedCACertificates. - * @return String - */ - public String getTrustedCACertificates() { - - return trustedCACertificates; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java deleted file mode 100644 index 30b09cfe0..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ /dev/null @@ -1,106 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -/** - * This bean class is used to store data for various connectionParameter - * within the MOA-ID configuration - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConnectionParameter { - - /** - * Server URL - */ - private String url; - /** - * File URL for a directory containing PKCS#12 server SSL certificates. - * From these certificates, a X509 trust store will be assembled for use - * by a JSSE <code>TrustManager</code>. - * This field will only be used in case of an HTTPS URL. - */ - private String acceptedServerCertificates; - /** - * File URL of a X509 key store containing the private key to be used - * for an HTTPS connection when the server requires client authentication. - * This field will only be used in case of an HTTPS URL. - */ - private String clientKeyStore; - /** - * Password protecting the client key store. - */ - private String clientKeyStorePassword; - - /** - * Checks whether the URL scheme is <code>"https"</code>. - * @return true in case of an URL starting with <code>"https"</code> - */ - public boolean isHTTPSURL() { - return getUrl().indexOf("https") == 0; - } - - /** - * Returns the url. - * @return String - */ - public String getUrl() { - return url; - } - - /** - * Returns the acceptedServerCertificates. - * @return String - */ - public String getAcceptedServerCertificates() { - return acceptedServerCertificates; - } - - /** - * Sets the acceptedServerCertificates. - * @param acceptedServerCertificates The acceptedServerCertificates to set - */ - public void setAcceptedServerCertificates(String acceptedServerCertificates) { - this.acceptedServerCertificates = acceptedServerCertificates; - } - - /** - * Sets the url. - * @param url The url to set - */ - public void setUrl(String url) { - this.url = url; - } - - /** - * Returns the clientKeyStore. - * @return String - */ - public String getClientKeyStore() { - return clientKeyStore; - } - - /** - * Returns the clientKeyStorePassword. - * @return String - */ - public String getClientKeyStorePassword() { - return clientKeyStorePassword; - } - - /** - * Sets the clientKeyStore. - * @param clientKeyStore The clientKeyStore to set - */ - public void setClientKeyStore(String clientKeyStore) { - this.clientKeyStore = clientKeyStore; - } - - /** - * Sets the clientKeyStorePassword. - * @param clientKeyStorePassword The clientKeyStorePassword to set - */ - public void setClientKeyStorePassword(String clientKeyStorePassword) { - this.clientKeyStorePassword = clientKeyStorePassword; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java deleted file mode 100644 index 2e133130c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ /dev/null @@ -1,375 +0,0 @@ -package at.gv.egovernment.moa.id.config.auth; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.MalformedURLException; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * A class providing access to the Auth Part of the MOA-ID configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.id.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>AuthConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>AuthConfigurationProvider</code> local to that request.</p> - * - * @author Patrick Peck - * @author Stefan Knirsch - * - * @version $Id$ - */ -public class AuthConfigurationProvider extends ConfigurationProvider { - - /** DEFAULT_ENCODING is "UTF-8" */ - private static final String DEFAULT_ENCODING="UTF-8"; - /** - * The name of the generic configuration property giving the authentication session time out. - */ - public static final String AUTH_SESSION_TIMEOUT_PROPERTY = - "AuthenticationSession.TimeOut"; - /** - * The name of the generic configuration property giving the authentication data time out. - */ - public static final String AUTH_DATA_TIMEOUT_PROPERTY = - "AuthenticationData.TimeOut"; - - /** - * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code> - */ - public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = - "HTMLComplete"; - - /** - * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code> - */ - public static final String BKU_SELECTION_TYPE_HTMLSELECT = - "HTMLSelect"; - - /** - * The name of the generic configuration property allowing https connection to - * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) - */ - public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = - "FrontendServlets.EnableHTTPConnection"; - - /** - * The name of the generic configuration property allowing to set a individual - * DATA URL used to communicate with the BKU (SecurityLayer) - */ - public static final String INDIVIDUAL_DATA_URL_PREFIX = - "FrontendServlets.DataURLPrefix"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static AuthConfigurationProvider instance; - - // - // configuration data - // - - /** - * main configuration file directory name used to configure MOA-ID - */ - private String rootConfigFileDir; - - /** - * configuration files containing transformations for rendering in the - * secure viewer of the security layer implementation; - * multiple files can be given for different mime types - */ - private String[] transformsInfoFileNames; - /** - * transformations for rendering in the secure viewer of the security layer implementation, - * read from {@link transformsInfoFileNames}; - * multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - /** - * parameters for connection to MOA SP component - */ - private ConnectionParameter moaSpConnectionParameter; - /** - * trust profile ID to be used for verifying the identity link signature via MOA ID SP - */ - private String moaSpIdentityLinkTrustProfileID; - /** - * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP - */ - private String moaSpAuthBlockTrustProfileID; - /** - * transformations to be used for verifying the AUTH block signature via MOA ID SP - */ - private String[] moaSpAuthBlockVerifyTransformsInfoIDs; - /** - * X509 SubjectNames which will be trusted - */ - private String[] identityLinkX509SubjectNames; - - /** - * configuration parameters for online applications - */ - private OAAuthParameter[] onlineApplicationAuthParameters; - /** - * the Selection Type of the bku Selection Element - */ - private String bKUSelectionType; - /** - * is the bku Selection Element present? - */ - private boolean bKUSelectable; - /** - * the bku Selection Connection Parameters - */ - private ConnectionParameter bKUConnectionParameter; - /** - * Return the single instance of configuration data. - * - * @return AuthConfigurationProvider The current configuration data. - * @throws ConfigurationException - */ - public static synchronized AuthConfigurationProvider getInstance() - throws ConfigurationException { - - if (instance == null) { - reload(); - } - return instance; - } - - /** - * Reload the configuration data and set it if successful. - * - * @return AuthConfigurationProvider The loaded configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized AuthConfigurationProvider reload() - throws ConfigurationException { - String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); - if (fileName == null) { - throw new ConfigurationException("config.01", null); - } - Logger.info("Loading MOA-ID-AUTH configuration " + fileName); - - instance = new AuthConfigurationProvider(fileName); - return instance; - } - - /** - * Constructor for AuthConfigurationProvider. - * @param fileName - * @throws ConfigurationException - */ - public AuthConfigurationProvider(String fileName) - throws ConfigurationException { - - load(fileName); - } - - /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA ID configuration. - * - * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. - */ - private void load(String fileName) throws ConfigurationException { - InputStream stream = null; - Element configElem; - ConfigurationBuilder builder; - - try { - // load the main config file - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseXmlValidating(stream); - } catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - } - } - try { - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - bKUSelectable = (bKUConnectionParameter!=null); - bKUSelectionType = builder.buildAuthBKUSelectionType(); - genericConfiguration = builder.buildGenericConfiguration(); - transformsInfoFileNames = builder.buildTransformsInfoFileNames(); - loadTransformsInfos(); - moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(); - identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); } - - catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - - /** - * Loads the <code>transformsInfos</code> from files. - * @throws Exception on any exception thrown - */ - private void loadTransformsInfos() throws Exception { - - transformsInfos = new String[transformsInfoFileNames.length]; - for (int i = 0; i < transformsInfoFileNames.length; i++) { - String fileURL = transformsInfoFileNames[i]; - - //if fileURL is relative to rootConfigFileDir make it absolute - fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); - String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); - transformsInfos[i] = transformsInfo; - } - } - /** - * Return a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - public String[] getTransformsInfoFileNames() { - return transformsInfoFileNames; - } - - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for theauthentication component of the online - * application - */ - public OAAuthParameter[] getOnlineApplicationParameters() { - return onlineApplicationAuthParameters; - } - - /** - * Provides configuration information regarding the online application behind - * the given URL, relevant to the MOA-ID Auth component. - * - * @param oaURL URL requested for an online application - * @return an <code>OAAuthParameter</code>, or <code>null</code> - * if none is applicable - */ - public OAAuthParameter getOnlineApplicationParameter(String oaURL) { - OAAuthParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAAuthParameter oaParam = oaParams[i]; - if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) - return oaParam; - } - return null; - } - - /** - * Return a string with a url-reference to the VerifyAuthBlock trust - * profile id within the moa-sp part of the authentication component - * - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - */ - public String getMoaSpAuthBlockTrustProfileID() { - return moaSpAuthBlockTrustProfileID; - } - - /** - * Return a string array with references to all verify transform info - * IDs within the moa-sp part of the authentication component - * @return A string array containing all urls to the - * verify transform info IDs - */ - public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { - return moaSpAuthBlockVerifyTransformsInfoIDs; - } - - /** - * Return a ConnectionParameter bean containing all information - * of the authentication component moa-sp element - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter getMoaSpConnectionParameter() { - return moaSpConnectionParameter; - } - - /** - * Return a string with a url-reference to the VerifyIdentityLink trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyIdentityLink trust profile ID - */ - public String getMoaSpIdentityLinkTrustProfileID() { - return moaSpIdentityLinkTrustProfileID; - } - /** - * Returns the transformsInfos. - * @return String[] - */ - public String[] getTransformsInfos() { - return transformsInfos; - } - - /** - * Returns the identityLinkX509SubjectNames. - * @return String[] - */ - public String[] getIdentityLinkX509SubjectNames() { - return identityLinkX509SubjectNames; - } - - /** - * Returns the bKUConnectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getBKUConnectionParameter() { - return bKUConnectionParameter; - } - - /** - * Returns the bKUSelectable. - * @return boolean - */ - public boolean isBKUSelectable() { - return bKUSelectable; - } - - /** - * Returns the bKUSelectionType. - * @return String - */ - public String getBKUSelectionType() { - return bKUSelectionType; - } - -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java deleted file mode 100644 index 9ee1ec606..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ /dev/null @@ -1,93 +0,0 @@ -package at.gv.egovernment.moa.id.config.auth; - -/** - * Configuration parameters belonging to an online application, - * to use with the MOA ID Auth component. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAAuthParameter { - - /** - * public URL prefix of the online application - */ - private String publicURLPrefix; - /** - * determines whether "ZMR-Zahl" is to be included in the authentication data - */ - private boolean provideZMRZahl; - /** - * determines whether AUTH block is to be included in the authentication data - */ - private boolean provideAuthBlock; - /** - * determines whether identity link is to be included in the authentication data - */ - private boolean provideIdentityLink; - - /** - * Returns the provideAuthBlock. - * @return String - */ - public boolean getProvideAuthBlock() { - return provideAuthBlock; - } - - /** - * Returns the provideIdentityLink. - * @return String - */ - public boolean getProvideIdentityLink() { - return provideIdentityLink; - } - - /** - * Returns the provideZMRZahl. - * @return String - */ - public boolean getProvideZMRZahl() { - return provideZMRZahl; - } - - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - /** - * Sets the provideAuthBlock. - * @param provideAuthBlock The provideAuthBlock to set - */ - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } - - /** - * Sets the provideIdentityLink. - * @param provideIdentityLink The provideIdentityLink to set - */ - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } - - /** - * Sets the provideZMRZahl. - * @param provideZMRZahl The provideZMRZahl to set - */ - public void setProvideZMRZahl(boolean provideZMRZahl) { - this.provideZMRZahl = provideZMRZahl; - } - - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java deleted file mode 100644 index c9a13fee5..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java +++ /dev/null @@ -1,145 +0,0 @@ -package at.gv.egovernment.moa.id.config.proxy; - -import java.util.HashMap; -import java.util.Map; - -/** - * Holds configuration data concerning an online application for use by the MOA-ID Proxy component. - * These include the login type (stateful or stateless), the HTTP authentication type, - * and information needed to add authentication parameters or headers for a URL connection - * to the remote online application. - * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code> - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAConfiguration { - - /** Constant for an login method */ - public static final String LOGINTYPE_STATEFUL = "stateful"; - /** Constant for an login method */ - public static final String LOGINTYPE_STATELESS = "stateless"; - - /** Constant for an auth method */ - public static final String BASIC_AUTH = "basic"; - /** Constant for an auth method */ - public static final String HEADER_AUTH = "header"; - /** Constant for an auth method */ - public static final String PARAM_AUTH = "param"; - - /** login type: stateful or stateless */ - String loginType; - /** authentication type: basic, header, or param */ - String authType; - /** - * mapping of parameter names to AuthenticationData field names - * in case of authentication type <code>"header-auth"</code> - */ - Map paramAuthMapping; - /** - * mapping of parameter names to AuthenticationData field names - * in case of authentication type <code>"param-auth"</code> - */ - Map headerAuthMapping; - /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */ - String basicAuthUserIDMapping; - /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */ - String basicAuthPasswordMapping; - - /** - * Returns the basicAuthPasswordMapping. - * @return String - */ - public String getBasicAuthPasswordMapping() { - return basicAuthPasswordMapping; - } - - /** - * Returns the basicAuthUserIDMapping. - * @return String - */ - public String getBasicAuthUserIDMapping() { - return basicAuthUserIDMapping; - } - - /** - * Returns the headerAuthMapping. - * @return HashMap - */ - public Map getHeaderAuthMapping() { - return headerAuthMapping; - } - - /** - * Returns the loginType. - * @return String - */ - public String getLoginType() { - return loginType; - } - - /** - * Returns the paramAuthMapping. - * @return HashMap - */ - public Map getParamAuthMapping() { - return paramAuthMapping; - } - - /** - * Sets the basicAuthPasswordMapping. - * @param basicAuthPasswordMapping The basicAuthPasswordMapping to set - */ - public void setBasicAuthPasswordMapping(String basicAuthPassword) { - this.basicAuthPasswordMapping = basicAuthPassword; - } - - /** - * Sets the basicAuthUserIDMapping. - * @param basicAuthUserIDMapping The basicAuthUserIDMapping to set - */ - public void setBasicAuthUserIDMapping(String basicAuthUserID) { - this.basicAuthUserIDMapping = basicAuthUserID; - } - - /** - * Sets the headerAuthMapping. - * @param headerAuthMapping The headerAuthMapping to set - */ - public void setHeaderAuthMapping(HashMap headerAuth) { - this.headerAuthMapping = headerAuth; - } - - /** - * Sets the loginType. - * @param loginType The loginType to set - */ - public void setLoginType(String loginType) { - this.loginType = loginType; - } - - /** - * Sets the paramAuthMapping. - * @param paramAuthMapping The paramAuthMapping to set - */ - public void setParamAuthMapping(HashMap paramAuth) { - this.paramAuthMapping = paramAuth; - } - - /** - * Returns the authType. - * @return String - */ - public String getAuthType() { - return authType; - } - - /** - * Sets the authType. - * @param authType The authType to set - */ - public void setAuthType(String authLoginType) { - this.authType = authLoginType; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java deleted file mode 100644 index a16dcfa26..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ /dev/null @@ -1,183 +0,0 @@ -package at.gv.egovernment.moa.id.config.proxy; - -import at.gv.egovernment.moa.id.config.ConnectionParameter; - -/** - * Configuration parameters belonging to an online application, - * to use with the MOA ID Proxy component. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAProxyParameter { - - /** - * public URL prefix of the online application - */ - private String publicURLPrefix; - /** - * URL of online application configuration file; - * defaults to relative URL <code>/moaconfig.xml</code> - */ - private String configFileURL; - /** - * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface - * to be used for authenticating the online application; - * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver} - */ - private String loginParameterResolverImpl; - - /** - * Configuration Parameter of LoginParameterResolver - */ - private String loginParameterResolverConfiguration; - - /** - * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface - * to be used for connecting to the online application; - * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder} - */ - private String connectionBuilderImpl; - /** - * session time out to be used in case of a stateless online application - */ - private int sessionTimeOut; - /** - * parameters regarding the connection from the proxy to the online application - */ - private ConnectionParameter connectionParameter; - /** - * parameters for logging into the online application - */ - private OAConfiguration oaConfiguration; - - - /** - * Returns the configFileURL. - * @return String - */ - public String getConfigFileURL() { - return configFileURL; - } - - /** - * Returns the sessionTimeOut. - * @return int - */ - public int getSessionTimeOut() { - return sessionTimeOut; - } - - /** - * Returns the connectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getConnectionParameter() { - return connectionParameter; - } - - /** - * Sets the configFileURL. - * @param configFileURL The configFileURL to set - */ - public void setConfigFileURL(String oaProxyConfigFileURL) { - this.configFileURL = oaProxyConfigFileURL; - } - - /** - * Sets the sessionTimeOut. - * @param sessionTimeOut The sessionTimeOut to set - */ - public void setSessionTimeOut(int oaProxySessionTimeOut) { - this.sessionTimeOut = oaProxySessionTimeOut; - } - - /** - * Sets the connectionParameter. - * @param connectionParameter The connectionParameter to set - */ - public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) { - this.connectionParameter = proxyConnectionParameter; - } - - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String url) { - this.publicURLPrefix = url; - } - - /** - * Returns the connectionBuilderImpl. - * @return String - */ - public String getConnectionBuilderImpl() { - return connectionBuilderImpl; - } - - /** - * Returns the loginParameterResolverImpl. - * @return String - */ - public String getLoginParameterResolverImpl() { - return loginParameterResolverImpl; - } - - /** - * Returns the loginParameterResolverConfiguration. - * @return String - */ - public String getLoginParameterResolverConfiguration() { - return loginParameterResolverConfiguration; - } - - /** - * Sets the connectionBuilderImpl. - * @param connectionBuilderImpl The connectionBuilderImpl to set - */ - public void setConnectionBuilderImpl(String connectionBuilderImp) { - this.connectionBuilderImpl = connectionBuilderImp; - } - - /** - * Sets the loginParameterResolverImpl. - * @param loginParameterResolverImpl The loginParameterResolverImpl to set - */ - public void setLoginParameterResolverImpl(String loginParameterResolverImpl) { - this.loginParameterResolverImpl = loginParameterResolverImpl; - } - - /** - * Sets the loginParameterResolverConfiguration. - * @param loginParameterResolverImpl The loginParameterResolverImpl to set - */ - public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) { - this.loginParameterResolverConfiguration = loginParameterResolverConfiguration; - } - - /** - * Returns the oaConfiguration. - * @return OAConfiguration - */ - public OAConfiguration getOaConfiguration() { - return oaConfiguration; - } - - /** - * Sets the oaConfiguration. - * @param oaConfiguration The oaConfiguration to set - */ - public void setOaConfiguration(OAConfiguration oaConfiguration) { - this.oaConfiguration = oaConfiguration; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java deleted file mode 100644 index 622ae6f82..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ /dev/null @@ -1,193 +0,0 @@ -package at.gv.egovernment.moa.id.config.proxy; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.MalformedURLException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * A class providing access to the Proxy Part of the MOA-ID configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.id.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>ProxyConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>ProxyConfigurationProvider</code> local to that request.</p> - * - * @author Stefan Knirsch - */ -public class ProxyConfigurationProvider extends ConfigurationProvider { - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static ProxyConfigurationProvider instance; - - /** - * main configuration file directory name used to configure MOA-ID - */ - private String rootConfigFileDir; - - // - // configuration data - // - /** - * connection parameters for connection to MOA ID Auth component - */ - private ConnectionParameter authComponentConnectionParameter; - /** - * configuration parameters for online applications - */ - private OAProxyParameter[] onlineApplicationProxyParameter; - - /** - * Return the single instance of configuration data. - * - * @return ProxyConfigurationProvider The current configuration data. - * @throws ConfigurationException - */ - public static synchronized ProxyConfigurationProvider getInstance() - throws ConfigurationException { - - if (instance == null) { - reload(); - } - return instance; - } - - /** - * Reload the configuration data and set it if successful. - * - * @return ProxyConfigurationProvider The loaded configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized ProxyConfigurationProvider reload() - throws ConfigurationException { - String fileName = System.getProperty(CONFIG_PROPERTY_NAME); - if (fileName == null) { - throw new ConfigurationException("config.01", null); - } - Logger.info("Loading MOA-ID-PROXY configuration " + fileName); - - instance = new ProxyConfigurationProvider(fileName); - return instance; - } - - /** - * Constructor for ProxyConfigurationProvider. - */ - public ProxyConfigurationProvider(String fileName) - throws ConfigurationException { - - load(fileName); - } - - /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA configuration. - * - * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. - */ - private void load(String fileName) throws ConfigurationException { - FileInputStream stream = null; - Element configElem; - ConfigurationBuilder builder; - - try { - // load the main config file - stream = new FileInputStream(fileName); - configElem = DOMUtils.parseXmlValidating(stream); - } - catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } - catch (IOException e) { - } - } - try { - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); - - onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); - for(int i = 0; i < onlineApplicationProxyParameter.length; i++) { - onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); - } - - genericConfiguration = builder.buildGenericConfiguration(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - - } - catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - - /** - * Return a bean containing all information about the ProxyComponent - * @return The ConnectionParameter for the Proxy Component - */ - public ConnectionParameter getAuthComponentConnectionParameter() { - return authComponentConnectionParameter; - } - - /** - * Build an array of OnlineApplication Parameter Beans containing all - * information about the proxy component of the online application - * @return An OAProxyParameter array containing beans - * with all relevant information for the proxy component of the online - * application - */ - public OAProxyParameter[] getOnlineApplicationParameters() { - return onlineApplicationProxyParameter; - } - /** - * Provides configuration information regarding the online application behind - * the given URL, relevant to the MOA-ID Proxy component. - * - * @param oaURL URL requested for an online application - * @return an <code>OAProxyParameter</code>, or <code>null</code> - * if none is applicable - */ - public OAProxyParameter getOnlineApplicationParameter(String oaURL) { - OAProxyParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAProxyParameter oaParam = oaParams[i]; - if (oaURL.startsWith(oaParam.getPublicURLPrefix())) - return oaParam; - } - return null; - } - -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java deleted file mode 100644 index aac1dc422..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ /dev/null @@ -1,314 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -import java.util.Date; - -/** - * Encapsulates authentication data contained in a <code><saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ - -public class AuthenticationData { - /** - * major version number of the SAML assertion - */ - private int majorVersion; - /** - * minor version number of the SAML assertion - */ - private int minorVersion; - /** - * identifier for this assertion - */ - private String assertionID; - /** - * URL of the MOA-ID Auth component issueing this assertion - */ - private String issuer; - /** - * time instant of issue of this assertion - */ - private String issueInstant; - /** - * user identification (ZMR-Zahl); <code>null</code>, - * if the authentication module is configured not to return this data - */ - private String identificationValue; - /** - * application specific user identifier (VPK) - */ - private String vpk; - /** - * given name of the user - */ - private String givenName; - /** - * family name of the user - */ - private String familyName; - /** - * date of birth of the user - */ - private String dateOfBirth; - /** - * says whether the certificate is a qualified certificate or not - */ - private boolean qualifiedCertificate; - /** - * says whether the certificate is a public authority or not - */ - private boolean publicAuthority; - /** - * public authority code (Behördenkennzeichen - BKZ) - */ - private String publicAuthorityCode; - /** - * the corresponding <code>lt;saml:Assertion></code> - */ - private String samlAssertion; - /** - * creation timestamp - */ - Date timestamp; - - /** - * Constructor for AuthenticationData. - */ - public AuthenticationData() { - timestamp = new Date(); - } - - /** - * Returns the minorVersion. - * @return int - */ - public int getMinorVersion() { - return minorVersion; - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Returns the publicAuthorityCode. - * @return String - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the vpk. - * @return String - */ - public String getVPK() { - return vpk; - } - - /** - * Sets the minorVersion. - * @param minorVersion The minorVersion to set - */ - public void setMinorVersion(int minorVersion) { - this.minorVersion = minorVersion; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityCode The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityIdentification) { - this.publicAuthorityCode = publicAuthorityIdentification; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the vpk. - * @param vpk The vpk to set - */ - public void setVPK(String vpk) { - this.vpk = vpk; - } - - /** - * Returns the assertionID. - * @return String - */ - public String getAssertionID() { - return assertionID; - } - - /** - * Returns the dateOfBirth. - * @return String - */ - public String getDateOfBirth() { - return dateOfBirth; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Returns the identificationValue. - * @return String - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Returns the issueInstant. - * @return String - */ - public String getIssueInstant() { - return issueInstant; - } - - /** - * Returns the issuer. - * @return String - */ - public String getIssuer() { - return issuer; - } - - /** - * Returns the majorVersion. - * @return int - */ - public int getMajorVersion() { - return majorVersion; - } - - /** - * Sets the assertionID. - * @param assertionID The assertionID to set - */ - public void setAssertionID(String assertionID) { - this.assertionID = assertionID; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String gamilyName) { - this.familyName = gamilyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Sets the issueInstant. - * @param issueInstant The issueInstant to set - */ - public void setIssueInstant(String issueInstant) { - this.issueInstant = issueInstant; - } - - /** - * Sets the issuer. - * @param issuer The issuer to set - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Sets the majorVersion. - * @param majorVersion The majorVersion to set - */ - public void setMajorVersion(int majorVersion) { - this.majorVersion = majorVersion; - } - - /** - * Returns the samlAssertion. - * @return String - */ - public String getSamlAssertion() { - return samlAssertion; - } - - /** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(String samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Returns the timestamp. - * @return Date - */ - public Date getTimestamp() { - return timestamp; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java b/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java deleted file mode 100644 index 5729e54c3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java +++ /dev/null @@ -1,119 +0,0 @@ -package at.gv.egovernment.moa.id.data; -import java.util.HashMap; -import java.util.Iterator; -import java.util.StringTokenizer; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * The Cookie-class provides methods to save and return cookies for - * each single session - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Cookie { - /** A HahsMap containing all our cookies */ - HashMap cookies = new HashMap(); - /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication - * to send them back to the client/browser as soon as possible */ - HashMap cookies401 = new HashMap(); - - /** - * Adds a Cookie from a response with response-code 401 to the cookie-pool - * for sending it back to the browser / client - * @param String: the complete 'Set-Cookie' - String - */ - public void add401(String cookieString) - { - cookies401.put(getKey(cookieString),cookieString); - } - - /** - * Get the HashMap containing all cookies to be sent to the browser / client - * @return HashMap with all cookies - */ - public HashMap get401() - { - return cookies401; - } - - /** - * Clear the 401 cookie-pool - */ - public void clear401() - { - cookies401.clear(); - } - - /** - * Set a cookie that comes from the Online-Application - * and save it in our "normal" cookie-pool - * @param String the complete "Set-Cookie" - String from the Online-Application - */ - public void setCookie(String value) { - cookies.put(getKey(value), getValue(value)); - } - - /** - * Method saveOldCookies. - * @param String the complete "Set-Cookie" - String from the Online-Application - */ - public void saveOldCookies(String value) { - StringTokenizer st = new StringTokenizer(value,";"); - while (st.hasMoreTokens()) - { - // We have to trim because the Tokenizer returns cookies including spaces at the beginning - StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"="); - String cookieKey = st2.nextToken().trim(); - if (st2.hasMoreTokens()) - { - String cookieValue = st2.nextToken().trim(); - if (!cookies.containsKey(cookieKey)) - cookies.put(cookieKey , cookieValue); - } - } - Logger.debug("Found these cookies: " + getCookies()); - } - - /** - * Get a String containing all cookies saved in that session seperated by '; ' - * to be sent back to the Online-Application - * @return String containing all cookies saved in that session seperated by '; ' - */ - public String getCookies() { - String result = ""; - if (cookies.size()==0) - return null; - Iterator i = cookies.keySet().iterator(); - while (i.hasNext()) { - String key = (String) i.next(); - result += key + "=" + (String)cookies.get(key) + "; "; - } - return result.substring(0, result.length() - 2); - } - - /** - * Returns the key of a key-value-pair of a cookie - * getKey("CookieA=1234") returns CookieA - * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie - * @return String the key of a key-value-pair of a cookie - */ - private String getKey(String input) { - return input.substring(0, input.indexOf("=")); - } - - /** - * Returns the value of a key-value-pair of a cookie - * getKey("CookieA=1234") returns 1234 - * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie - * @return String the value of a key-value-pair of a cookie - */ - private String getValue(String input) { - if (input.indexOf(";") == -1) - return input.substring(input.indexOf("=") + 1, input.getBytes().length); - return input.substring(input.indexOf("=") + 1, input.indexOf(";")); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java b/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java deleted file mode 100644 index 98f84c429..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java +++ /dev/null @@ -1,114 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -import java.util.HashMap; - -/** - * The CookieManager is a singleton to manage a Cookie-Object for - * each session - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class CookieManager { - /** the singleton instance of the CookieManager */ - private static CookieManager instance; - /** a HashMap to bind a Cookie-object to every single session*/ - private static HashMap cookies = new HashMap(); - - /** - * Create a singleton of the CookieManager - * @return CookieManager - */ - public static CookieManager getInstance() - { - if(instance==null) instance=new CookieManager(); - return instance; - } - - /** - * Save a cookie to a specified session-id - * @param String id the session id - * @param String cookie_string - the complete 'Set-Cookie' String from the OnlineApplication - */ - public void saveCookie(String id,String cookie_string) - { - getCookieWithID(id).setCookie(cookie_string); - } - - /** - * Method saveOldCookies. - * @param id - * @param cookie_string - */ - public void saveOldCookies(String id,String cookie_string) - { - getCookieWithID(id).saveOldCookies(cookie_string); - } - - /** - * Get a Cookie-Object for a specified session-id - * @param String id the session id - * @return Cookie object containing all saved cookies for this session - */ - public Cookie getCookieWithID(String id) - { - Cookie c = null; - if(cookies.containsKey(id)) - c = (Cookie)cookies.get(id); - else - { - c = new Cookie(); - cookies.put(id,c); - } - return c; - } - - - /** - * Get a String containing all cookies of a specified session-id - * saved in that session seperated by '; ' to be sent back to - * the Online-Application - * @param id the session-id - * @return String containing all cookies saved in that session seperated by '; ' - */ - public String getCookie(String id) - { - Cookie result = (Cookie)cookies.get((String)id); - if (result==null) - return null; - return result.getCookies(); - - } - - /** - * Adds a Cookie for a special session from a response with - * response-code 401 to the cookie-pool for sending it back - * to the browser / client - * @param id the session-id - * @param String: the complete 'Set-Cookie' - String - */ - public void add401(String id,String value) - { - getCookieWithID(id).add401(value); - } - - /** - * Clear the 401 cookie-pool of a session - * @param id the session-id - */ - public void clear401(String id) - { - getCookieWithID(id).clear401(); - } - - /** - * Get the HashMap containing all cookies of a session to be sent to the browser / client - * @param id the session-id - * @return HashMap with all cookies - */ - public HashMap get401(String id) - { - return getCookieWithID(id).get401(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java deleted file mode 100644 index a47dd8b29..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java +++ /dev/null @@ -1,111 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -import java.math.BigInteger; -import java.security.Principal; - -import iaik.asn1.structures.Name; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -/** - * A class containing the issuer and serial number of a certificate, which can - * be used to uniquely identify the certificate. - * - * @author Patrick Peck - * @version $Id$ - */ -public class IssuerAndSerial { - /** store the issuer as String*/ - private String issuerDN; - /** store the serial as BigInteger*/ - private BigInteger serial; - - /** - * Create an <code>IssuerAndSerial</code> object. - * - * The name of the issuer is converted to RFC2253. If it cannot be parsed, the - * DN contained in the <code>issuer</code> is set. - * - * @param issuer The isser of a certificate. - * @param serial The serial number of the certificate. - */ - public IssuerAndSerial(Principal issuer, BigInteger serial) { - RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); - - try { - this.issuerDN = ((Name) parser.parse()).getRFC2253String(); - } catch (RFC2253NameParserException e) { - this.issuerDN = issuer.getName(); - } - this.serial = serial; - } - - /** - * Create an <code>IssuerAndSerial</code> object. - * - * @param issuerDN The issuer distinguished name. Should be an RFC2253 name. - * @param serial The serial number of the certificate. - */ - public IssuerAndSerial(String issuerDN, BigInteger serial) { - this.issuerDN = issuerDN; - this.serial = serial; - } - - /** - * Return the issuer DN in RFC2253 format. - * - * @return The issuer part of this object. - */ - public String getIssuerDN() { - return issuerDN; - } - - /** - * Return the serial number. - * - * @return The serial number of this object. - */ - public BigInteger getSerial() { - return serial; - } - - /** - * Compare this <code>IssuerAndSerial</code> to another object. - * - * @return <code>true</code>, if <code>other</code> is an - * <code>IssuerAndSerial</code> object and the <code>issuer</code> and - * <code>serial</code> fields are both equal. <code>false</code> otherwise. - * @see java.lang.Object#equals(java.lang.Object) - */ - public boolean equals(Object other) { - if (other instanceof IssuerAndSerial) { - IssuerAndSerial ias = (IssuerAndSerial) other; - return getIssuerDN().equals(ias.getIssuerDN()) - && getSerial().equals(ias.getSerial()); - } - return false; - } - - /** - * Return the hash code of this <code>IssuerAndSerial</code>. - * - * @return The hash code of this <code>IssuerAndSerial</code>. - * @see java.lang.Object#hashCode() - */ - public int hashCode() { - return issuerDN.hashCode() ^ serial.hashCode(); - } - - /** - * Return a <code>String</code> representation of this - * <code>IssuerAndSerial</code> object. - * - * @return The <code>String</code> representation. - * @see java.lang.Object#toString() - */ - public String toString() { - return ("(IssuerAndSerial - Issuer<" + getIssuerDN()) - + ("> Serial<" + serial.toString() + ">)"); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java deleted file mode 100644 index ed61827b6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java +++ /dev/null @@ -1,59 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -/** - * Data contained in a <code><samlp:Status></code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLStatus { - - /** main status code */ - private String statusCode; - /** sub status code */ - private String subStatusCode; - /** status message */ - private String statusMessage; - - /** - * @return status code - */ - public String getStatusCode() { - return statusCode; - } - - /** - * @return status message - */ - public String getStatusMessage() { - return statusMessage; - } - - /** - * @return enclosed sub-status code - */ - public String getSubStatusCode() { - return subStatusCode; - } - - /** - * @param string the status code - */ - public void setStatusCode(String string) { - statusCode = string; - } - - /** - * @param string the status message - */ - public void setStatusMessage(String string) { - statusMessage = string; - } - - /** - * @param string the enclosed sub-status code - */ - public void setSubStatusCode(String string) { - subStatusCode = string; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java deleted file mode 100644 index 421286876..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ /dev/null @@ -1,91 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import java.io.File; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; -import iaik.pki.store.certstore.CertStoreConfiguration; -import iaik.pki.store.certstore.CertStoreParameters; -import iaik.pki.store.certstore.CertStoreTypes; -import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; - -/** - * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class CertStoreConfigurationImpl extends ObservableImpl - implements CertStoreConfiguration, DirectoryCertStoreParameters { - /** identifies the rootDirectory */ - private String rootDirectory; - /** Array for storing all CertStoreParameters */ - private CertStoreParameters[] parameters; - - /** - * Create a new <code>CertStoreConfigurationImpl</code>. - * - * @param conf The MOA configuration from which the configuration data is - * @throws ConfigurationException an any config-error - * being read. - */ - public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; - String rootDirParam = conf.getGenericConfigurationParameter(paramName); - if (rootDirParam == null) - throw new ConfigurationException( - "config.08", new Object[] {paramName}); - File f = new File(rootDirParam); - if (f.isDirectory()) - rootDirectory = f.getAbsolutePath(); - else - throw new ConfigurationException( - "config.05", new Object[] {paramName}); - - parameters = new CertStoreParameters[] { this }; - } - - /** - * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() - */ - public CertStoreParameters[] getParameters() { - return parameters; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() - */ - public String getRootDirectory() { - return rootDirectory; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() - */ - public boolean createNew() { - return false; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#getId() - */ - public String getId() { - return "MOA ID Directory CertStore"; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() - */ - public boolean isReadOnly() { - return false; - } - - /** - * @return <code>CertStoreTypes.DIRECTORY</code> - * @see iaik.pki.store.certstore.CertStoreParameters#getType() - */ - public String getType() { - return CertStoreTypes.DIRECTORY; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java deleted file mode 100644 index 3cd02a2b5..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java +++ /dev/null @@ -1,51 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import iaik.logging.LogConfigurationException; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.util.Properties; - -/** - * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class LoggerConfigImpl implements iaik.logging.LoggerConfig { - - /** logging properties **/ - private Properties loggingProperties; - - /** - * Constructor - */ - public LoggerConfigImpl(String propertyFileURL) throws IOException { - InputStream in = new URL(propertyFileURL).openStream(); - loggingProperties = new Properties(); - loggingProperties.load(in); - in.close(); - } - - /** - * @see iaik.logging.LoggerConfig#getFactory() - */ - public String getFactory() { - return "iaik.logging.impl.Log4jFactory"; - } - - /** - * @see iaik.logging.LoggerConfig#getProperties() - */ - public Properties getProperties() throws LogConfigurationException { - return loggingProperties; - } - - /** - * @see iaik.logging.LoggerConfig#getNodeId() - */ - public String getNodeId() { - return "iaik"; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java deleted file mode 100644 index 8d09e2bc9..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ /dev/null @@ -1,65 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import iaik.pki.PKIConfiguration; -import iaik.pki.pathvalidation.ValidationConfiguration; -import iaik.pki.revocation.RevocationConfiguration; -import iaik.pki.store.certstore.CertStoreConfiguration; -import iaik.pki.store.revocation.archive.ArchiveConfiguration; - -/** - * Implementation of interface <code>PKIConfiguration</code> needed to - * initialize an IAIK JSSE <code>TrustManager</code> - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PKIConfigurationImpl implements PKIConfiguration { - /** The configuration for the CertStore */ - private CertStoreConfiguration certStoreConfiguration; - /** The configuration for the RevocationChecks */ - private RevocationConfiguration revocationConfiguration; - /** The configuration for the Validation */ - private ValidationConfiguration validationConfiguration; - - /** - * Constructor - * @param conf the Configuration for the PKIConfig - * @throws ConfigurationException for any config error - */ - public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - certStoreConfiguration = new CertStoreConfigurationImpl(conf); - revocationConfiguration = new RevocationConfigurationImpl(); - validationConfiguration = new ValidationConfigurationImpl(conf); - } - - /** - * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration() - */ - public CertStoreConfiguration getCertStoreConfiguration() { - return certStoreConfiguration; - } - - /** - * @see iaik.pki.PKIConfiguration#getRevocationConfiguration() - */ - public RevocationConfiguration getRevocationConfiguration() { - return revocationConfiguration; - } - - /** - * @see iaik.pki.PKIConfiguration#getArchiveConfiguration() - */ - public ArchiveConfiguration getArchiveConfiguration() { - return null; - } - - /** - * @see iaik.pki.PKIConfiguration#getValidationConfiguration() - */ - public ValidationConfiguration getValidationConfiguration() { - return validationConfiguration; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java deleted file mode 100644 index c583babdc..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import iaik.pki.revocation.RevocationConfiguration; - -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Date; -import java.util.Set; - -import at.gv.egovernment.moa.id.iaik.servertools.observer.*; - -/** - * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration { - - /** - * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.util.Date) - */ - public Set getAlternativeDistributionPoints( - X509Certificate arg0, - Date arg1) { - return Collections.EMPTY_SET; - } - - /** - * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String) - */ - public boolean archiveRevocationInfo(String arg0, String arg1) { - return false; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java deleted file mode 100644 index c500e2e8e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java +++ /dev/null @@ -1,51 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import iaik.pki.pathvalidation.ValidationConfiguration; - -import java.security.cert.X509Certificate; -import java.security.spec.AlgorithmParameterSpec; - -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - -/** - * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class ValidationConfigurationImpl extends ObservableImpl - implements ValidationConfiguration { - /** The ConfigurationProvider for the validation*/ - private ConfigurationProvider conf; - - /** - * Constructor - * @param conf with the configuration - */ - public ValidationConfigurationImpl(ConfigurationProvider conf) { - this.conf = conf; - } - - /** - * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate) - */ - public String getChainingMode(X509Certificate trustAnchor) { - String chainingMode = conf.getChainingMode(trustAnchor); - return chainingMode; - } - - /** - * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate) - */ - public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) { - return null; - } - - /** - * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate) - */ - public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) { - return null; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java deleted file mode 100644 index 4d309c18c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ /dev/null @@ -1,166 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.pki; - -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Set; - -import iaik.pki.PKIProfile; -import iaik.pki.pathvalidation.ValidationProfile; -import iaik.pki.revocation.RevocationProfile; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.pki.store.truststore.TrustStoreProfile; -import iaik.pki.store.truststore.TrustStoreTypes; - -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - -/** - * Implementation of the <code>PKIProfile</code> interface and subinterfaces - * providing information needed for certificate path validation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PKIProfileImpl extends ObservableImpl - implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile { - - /** - * URI to the truststore - */ - private String trustStoreURI; - - /** - * revocation checking; - */ - private boolean revocationChecking; - - - /** - * Create a new <code>PKIProfileImpl</code>. - * - * @param trustStoreURI trust store URI - */ - public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) { - this.trustStoreURI = trustStoreURI; - this.revocationChecking = revocationChecking; - } - - /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - public boolean autoAddCertificates() { - return true; - } - - /** - * @see iaik.pki.PKIProfile#getRevocationProfile() - */ - public RevocationProfile getRevocationProfile() { - return this; - } - - /** - * @see iaik.pki.PKIProfile#getTrustStoreProfile() - */ - public TrustStoreProfile getTrustStoreProfile() { - return this; - } - - /** - * @see iaik.pki.PKIProfile#getValidationProfile() - */ - public ValidationProfile getValidationProfile() { - return this; - } - - /** - * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() - */ - public boolean useAuthorityInfoAccess() { - return true; - } - - /** - * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String) - */ - public long getMaxRevocationAge(String arg0) { - return 0; - } - - /** - * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() - */ - public String getOCSPRequestHashAlgorithm() { - return null; - } - - /** - * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) - */ - public String[] getPreferredServiceOrder(X509Certificate arg0) { - return new String[] {RevocationSourceTypes.CRL}; - } - - /** - * @see iaik.pki.store.truststore.TrustStoreProfile#getType() - */ - public String getType() { - return TrustStoreTypes.DIRECTORY; - } - - /** - * @see iaik.pki.store.truststore.TrustStoreProfile#getURI() - */ - public String getURI() { - return trustStoreURI; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit() - */ - public boolean getInitialAnyPolicyInhibit() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy() - */ - public boolean getInitialExplicitPolicy() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit() - */ - public boolean getInitialPolicyMappingInhibit() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet() - */ - public Set getInitialPolicySet() { - return Collections.EMPTY_SET; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing() - */ - public boolean getNameConstraintsProcessing() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing() - */ - public boolean getPolicyProcessing() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() - */ - public boolean getRevocationChecking() { - return this.revocationChecking; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java deleted file mode 100644 index 9da006d35..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java +++ /dev/null @@ -1,119 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.pki.jsse; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - -import iaik.pki.jsse.IAIKX509TrustManager; - -/** - * <code>TrustManager</code> implementation featuring CRL checking (inherited from - * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDTrustManager extends IAIKX509TrustManager { - - /** an x509Certificate array containing all accepted server certificates*/ - private X509Certificate[] acceptedServerCertificates; - - /** - * Constructor - * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store - * @throws GeneralSecurityException occurs on security errors - * @throws IOException occurs on IO errors - */ - public MOAIDTrustManager(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { - - if (acceptedServerCertificateStoreURL != null) - buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); - else - acceptedServerCertificates = null; - } - - - /** - * Initializes the LoggingContextManager logging context. - * Fixes a bug occuring in the case MOA-SP is called by API. - * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. - * This method must be called before a MOAIDTrustManager is constructed, - * from every thread. - */ - public static void initializeLoggingContext() { - if (LoggingContextManager.getInstance().getLoggingContext() == null) - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext(Thread.currentThread().getName())); - } - - - /** - * Builds an Array of accepted server certificates from an URL, - * and stores it in <code>acceptedServerCertificates</code>. - * @param acceptedServerCertificateStoreURL file URL pointing to the directory - * containing accepted server X509 certificates - * @throws GeneralSecurityException on security errors - * @throws IOException on any IO errors - */ - private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { - - List certList = new ArrayList(); - URL storeURL = new URL(acceptedServerCertificateStoreURL); - File storeDir = new File(storeURL.getFile()); - // list certificate files in directory - File[] certFiles = storeDir.listFiles(); - for (int i = 0; i < certFiles.length; i++) { - // for each: create an X509Certificate and store it in list - File certFile = certFiles[i]; - FileInputStream fis = new FileInputStream(certFile.getPath()); - CertificateFactory certFact = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); - fis.close(); - certList.add(cert); - } - // store acceptedServerCertificates - acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]); - } - - /** - * Does additional server-end-SSL-certificate checking. - * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[]) - */ - public boolean isServerTrusted(X509Certificate[] certChain) { - boolean trusted = super.isServerTrusted(certChain); - if (! trusted || acceptedServerCertificates == null) - return trusted; - else { - // check server-end-SSL-certificate with acceptedServerCertificates - X509Certificate serverCert = certChain[0]; - for (int i = 0; i < acceptedServerCertificates.length; i++) { - X509Certificate acceptedServerCert = acceptedServerCertificates[i]; - if (serverCert.equals(acceptedServerCert)) - return true; - } - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null)); - return false; - } - } - /** - * In rare cases, this method is being called although it should not be. - * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[]) - */ - public boolean isClientTrusted(java.security.cert.X509Certificate arg0[]) - { - return true; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java deleted file mode 100644 index 6f6949ad6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java +++ /dev/null @@ -1,46 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.servertools.observer; - -import iaik.servertools.observer.NotificationData; -import iaik.servertools.observer.Observable; -import iaik.servertools.observer.Observer; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - - -/** - * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class ObservableImpl implements Observable { - /** a List for all observers */ - private List observers = new ArrayList(); - - /** - * @see iaik.servertools.observer.Observable#addObserver(iaik.servertools.observer.Observable) - */ - public void addObserver(Observer observer) { - observers.add(observer); - } - - /** - * @see iaik.servertools.observer.Observable#removeObserver(iaik.servertools.observer.Observable) - */ - public boolean removeObserver(Observer observer) { - return observers.remove(observer); - } - - /** - * @see iaik.servertools.observer.Observable#notify(iaik.servertools.observer.NotificationData) - */ - public void notify(NotificationData data) { - Iterator iter = observers.iterator(); - for (iter = observers.iterator(); iter.hasNext();) { - Observer observer = (Observer) iter.next(); - observer.notify(data); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java deleted file mode 100644 index 8039b67a6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java +++ /dev/null @@ -1,54 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -/** - * Builder for {@link java.net.URLConnection} objects used to forward requests - * to the remote online application. - * - * @author Paul Ivancsics - * @version $Id$ - */ - -public interface ConnectionBuilder { - - /** - * Builds an HttpURLConnection to a {@link java.net.URL} which is derived - * from an {@link HttpServletRequest} URL, by substitution of a - * public URL prefix for the real URL prefix.<br> - * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but - * it has not yet been connected to by {@link java.net.URLConnection#connect}.<br> - * The field settings of the HttpURLConnection are: - * <ul> - * <li><code>allowUserInteraction = false</code></li> - * <li><code>doInput = true</code></li> - * <li><code>doOutput = true</code></li> - * <li><code>requestMethod = request.getMethod()</code></li> - * <li><code>useCaches = false</code></li> - * </ul> - * - * @param request the incoming request which shall be forwarded - * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix - * @param realURLPrefix the URL prefix to substitute the public URL prefix - * @param sslSocketFactory factory to be used for creating an SSL socket in case - * of a URL for scheme <code>"https:"</code>; - * <br>if <code>null</code>, the default SSL socket factory would be used - * @param parameters parameters to be forwarded - * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to - * the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code> - * @throws IOException if an I/O exception occurs during opening the connection - * @see java.net.URL#openConnection() - * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory() - */ - public HttpURLConnection buildConnection( - HttpServletRequest request, - String publicURLPrefix, - String realURLPrefix, - SSLSocketFactory sslSocketFactory, - Map parameters) throws IOException; -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java deleted file mode 100644 index ff7787839..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java +++ /dev/null @@ -1,68 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; - -/** - * Factory delivering a {@link ConnectionBuilder} implementation for - * an online application, initialized from configuration data. - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConnectionBuilderFactory { - - /** default connection builder to be used for online application - * where no special implementation of the <code>ConnectionBuilder</code> - * interface is configured - */ - private static ConnectionBuilder defaultConnectionBuilder; - /** mapping from online application public URL prefix to an implementation - * of the <code>ConnectionBuilder</code> interface to be used; - * if no mapping is given for an online application, the - * <code>DefaultConnectionBuilder</code> will be used */ - private static Map connectionBuilderMap; - - /** - * Initializes the <code>ConnectionBuilder</code> map from the configuration data. - * @throws ConfigurationException when the configuration cannot be read, - * or when a class name configured cannot be instantiated - */ - public static void initialize() throws ConfigurationException { - defaultConnectionBuilder = new DefaultConnectionBuilder(); - connectionBuilderMap = new HashMap(); - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; - String publicURLPrefix = oaParam.getPublicURLPrefix(); - String className = oaParam.getConnectionBuilderImpl(); - if (className != null) { - try { - ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance(); - connectionBuilderMap.put(publicURLPrefix, cb); - } - catch (Throwable ex) { - throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); - } - } - } - } - - /** - * Gets the <code>ConnectionBuilder</code> implementation to be used for the given - * online application. - * @param publicURLPrefix public URL prefix of the online application - * @return <code>ConnectionBuilder</code> implementation - */ - public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) { - ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix); - if (cb == null) - return defaultConnectionBuilder; - else - return cb; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java deleted file mode 100644 index 2ac8fe28e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ /dev/null @@ -1,120 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URL; -import java.util.Iterator; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; - -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * Defaultimplementierung von <code>ConnectionBuilder</code>. - * @author Paul Ivancsics - * @version $Id$ - */ -public class DefaultConnectionBuilder implements ConnectionBuilder { - - /** a boolean to disable the HostnameVerification (default = false)*/ - private static boolean disableHostnameVerification = false; - - /** - * Constructor for DefaultConnectionBuilder. - * @throws ConfigurationException on any config error - */ - public DefaultConnectionBuilder() throws ConfigurationException { - disableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); - //TODO undocumented feature - if (disableHostnameVerification) - Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification); - } - - /** - * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection - */ - public HttpURLConnection buildConnection( - HttpServletRequest req, - String publicURLPrefix, - String realURLPrefix, - SSLSocketFactory sslSocketFactory, - Map parameters) - throws IOException { - - String requestedURL = req.getRequestURL().toString(); - // check whether requested URL starts with publicURLPrefix - if (! requestedURL.startsWith(publicURLPrefix)) - throw new IOException(MOAIDMessageProvider.getInstance().getMessage( - "proxy.01", new Object[] {requestedURL, publicURLPrefix})); - // in case of GET request, append query string to requested URL; - // otherwise, HttpURLConnection would perform a POST request - if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { - requestedURL = appendQueryString(requestedURL, parameters); - } - // build real URL in online application - String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); - URL url = new URL(realURLString); - Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); - - HttpURLConnection conn = (HttpURLConnection)url.openConnection(); - conn.setRequestMethod(req.getMethod()); - conn.setDoInput(true); - conn.setDoOutput(true); - //conn.setUseCaches(false); - conn.setAllowUserInteraction(true); - conn.setInstanceFollowRedirects(false); - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { - HttpsURLConnection httpsConn = (HttpsURLConnection) conn; - httpsConn.setSSLSocketFactory(sslSocketFactory); - if (disableHostnameVerification) - httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } - return conn; - } - /** - * @param requestedURL - * @param parameters - * @return - */ - private String appendQueryString(String requestedURL, Map parameters) { - String newURL = requestedURL; - for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) { - String paramName = (String)iter.next(); - String paramValue = (String)parameters.get(paramName); - String paramString = paramName + "=" + paramValue; - if (newURL.indexOf("?") < 0) - newURL = newURL + "?" + paramString; - else - newURL = newURL + "&" + paramString; - } - return newURL; - } - - /** - * @author Stefan Knirsch - * @version $Id$ - * A private class to change the standard HostName verifier to disable the - * Hostname Verification Check - */ - private class HostnameNonVerifier implements HostnameVerifier { - - /** - * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) - */ - public boolean verify(String arg0, String arg1) { - return true; - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java deleted file mode 100644 index 033a74934..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ /dev/null @@ -1,125 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Implementation of interface <code>LoginParameterResolver</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class DefaultLoginParameterResolver implements LoginParameterResolver { - - /** - * Constructor - */ - public DefaultLoginParameterResolver() { - } - - /** - * Configuration mehtod (not used) - */ - public void configure(String configuration) throws LoginParameterResolverException { - } - - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String) - */ - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) { - - Map result = new HashMap(); - - if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) { - String useridPredicate = oaConf.getBasicAuthUserIDMapping(); - String userid = resolveValue(useridPredicate, authData, clientIPAddress); - String passwordPredicate = oaConf.getBasicAuthPasswordMapping(); - String password = resolveValue(passwordPredicate, authData, clientIPAddress); - - try { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - result.put("Authorization", "Basic " + credentials); - } - catch (IOException ignore) { - } - } - else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) { - for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) { - String key = (String) iter.next(); - String predicate = (String) oaConf.getHeaderAuthMapping().get(key); - String resolvedValue = resolveValue(predicate, authData, clientIPAddress); - result.put(key, resolvedValue); - } - } - - return result; - } - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String) - */ - public Map getAuthenticationParameters( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) { - - Map result = new HashMap(); - - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { - for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) { - String key = (String) iter.next(); - String predicate = (String) oaConf.getParamAuthMapping().get(key); - String resolvedValue = resolveValue(predicate, authData, clientIPAddress); - result.put(key, resolvedValue); - } - } - - return result; - } - - /** - * Resolves a login header or parameter value. - * @param predicate header or parameter predicate name from online application configuration - * @param authData authentication data for current login - * @param clientIPAddress client IP address - * @return header or parameter value resolved; <code>null</code> if unknown name is given - */ - private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { - if (predicate.equals(MOAGivenName)) - return authData.getGivenName(); - else if (predicate.equals(MOAFamilyName)) - return authData.getFamilyName(); - else if (predicate.equals(MOADateOfBirth)) - return authData.getDateOfBirth(); - else if (predicate.equals(MOAVPK)) - return authData.getVPK(); - else if (predicate.equals(MOAPublicAuthority)) - if (authData.isPublicAuthority()) - return "true"; - else - return "false"; - else if (predicate.equals(MOABKZ)) - return authData.getPublicAuthorityCode(); - else if (predicate.equals(MOAQualifiedCertificate)) - if (authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - else if (predicate.equals(MOAZMRZahl)) - return authData.getIdentificationValue(); - else if (predicate.equals(MOAIPAddress)) - return clientIPAddress; - else return null; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java deleted file mode 100644 index 434a4f674..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ /dev/null @@ -1,75 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.util.Map; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; - -/** - * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection} - * to the remote online application. - * Utilizes {@link OAConfiguration} and {@link AuthenticationData}. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public interface LoginParameterResolver { - - /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>, - * naming predicates used by the <code>LoginParameterResolver</code>. */ - public static final String MOAGivenName = "MOAGivenName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAFamilyName = "MOAFamilyName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOADateOfBirth = "MOADateOfBirth"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAVPK = "MOAVPK"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAPublicAuthority = "MOAPublicAuthority"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOABKZ = "MOABKZ"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAQualifiedCertificate = - "MOAQualifiedCertificate"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAZMRZahl = "MOAZMRZahl"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAIPAddress = "MOAIPAddress"; - - /** - * Returns authentication headers to be added to a URLConnection. - * - * @param oaConf configuration data - * @param authData authentication data - * @param clientIPAddress client IP address - * @return A map, the keys being header names and values being corresponding header values. - * <br>In case of authentication type <code>"basic-auth"</code>, header fields - * <code>username</code> and <code>password</code>. - * <br>In case of authentication type <code>"header-auth"</code>, header fields - * derived from parameter mapping and authentication data provided. - * <br>Otherwise, an empty map. - */ - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException; - - /** - * Returns request parameters to be added to a URLConnection. - * - * @param oaConf configuration data - * @param authData authentication data - * @param clientIPAddress client IP address - * @return A map, the keys being parameter names and values being corresponding parameter values. - * <br>In case of authentication type <code>"param-auth"</code>, parameters - * derived from parameter mapping and authentication data provided. - * <br>Otherwise, an empty map. - */ - public Map getAuthenticationParameters( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException; - - public void configure(String configuration) throws LoginParameterResolverException; - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java deleted file mode 100644 index 3aa2368bf..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java +++ /dev/null @@ -1,37 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown while proxying a request to the online application - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class LoginParameterResolverException extends MOAIDException { - - /** - * Constructor for LoginParameterResolverException. - * @param messageId - * @param parameters - */ - public LoginParameterResolverException( - String messageId, - Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for LoginParameterResolverException. - * @param messageId - * @param parameters - * @param wrapped - */ - public LoginParameterResolverException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java deleted file mode 100644 index 0db7f66fe..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.lang.reflect.Method; -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; - -/** - * Factory delivering a {@link LoginParameterResolver} implementation for - * an online application, initialized from configuration data. - * @author Paul Ivancsics - * @version $Id$ - */ -public class LoginParameterResolverFactory { - - /** default login parameter resolver to be used for online application - * where no special implementation of the <code>LoginParameterResolver</code> - * interface is configured - */ - private static LoginParameterResolver defaultLoginParameterResolver; - /** mapping from online application public URL prefix to an implementation - * of the <code>LoginParameterResolver</code> interface to be used; - * if no mapping is given for an online application, the - * <code>DefaultLoginParameterResolver</code> will be used */ - private static Map loginParameterResolverMap; - - /** - * Initializes the <code>LoginParameterResolver</code> map from the configuration data. - * @throws ConfigurationException when the configuration cannot be read, - * or when a class name configured cannot be instantiated - */ - public static void initialize() throws ConfigurationException { - defaultLoginParameterResolver = new DefaultLoginParameterResolver(); - loginParameterResolverMap = new HashMap(); - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; - String publicURLPrefix = oaParam.getPublicURLPrefix(); - String className = oaParam.getLoginParameterResolverImpl(); - String configuration = oaParam.getLoginParameterResolverConfiguration(); - - if (className != null) { - try { - Class lprClass = Class.forName(className); - LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); - - Class[] argumentTypes = { String.class }; - Method confMethod = lprClass.getMethod( "configure", argumentTypes ); - - Object[] arguments = { new String(configuration) }; - confMethod.invoke( lpr, arguments ); - - lpr.configure(configuration); - loginParameterResolverMap.put(publicURLPrefix, lpr); - } - catch (LoginParameterResolverException lpex) { - throw new ConfigurationException("config.11", new Object[] {className}, lpex); - } - catch (Throwable ex) { - throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); - } - } - } - } - - /** - * Gets the <code>LoginParameterResolver</code> implementation to be used for the given - * online application. - * @param publicURLPrefix public URL prefix of the online application - * @return <code>LoginParameterResolver</code> implementation - */ - public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) { - LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix); - if (lpr == null) - return defaultLoginParameterResolver; - else - return lpr; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java deleted file mode 100644 index da5d36678..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ /dev/null @@ -1,91 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import iaik.pki.PKIException; -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.io.IOException; -import java.security.GeneralSecurityException; - -import javax.net.ssl.SSLSocketFactory; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Web application initializer - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDProxyInitializer { - - /** - * Initializes the web application components which need initialization: - * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. - */ - public static void initialize() - throws ConfigurationException, IOException, GeneralSecurityException, PKIException { - - Logger.setHierarchy("moa.id.proxy"); - - // Restricts TLS cipher suites - System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); - - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader(); - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } - catch (ClassNotFoundException e) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); - } - - // Initializes the SSLSocketFactory store - SSLUtils.initialize(); - - // Initializes IAIKX509TrustManager logging - String log4jConfigURL = System.getProperty("log4j.configuration"); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - - // Loads the configuration - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload(); - - // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service, - // using configuration data - ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); - if (connParamAuth.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - AxisSecureSocketFactory.initialize(ssf); - } - - // Initializes the Axis secure socket factories for use in calling the online applications, - // using configuration data - OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAProxyParameter oaParam = oaParams[i]; - ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - if (oaConnParam.isHTTPSURL()) - SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - - // Initializes the ConnectionBuilderFactory from configuration data - ConnectionBuilderFactory.initialize(); - - // Initializes the LoginParameterResolverFactory from configuration data - LoginParameterResolverFactory.initialize(); - - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class b/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class Binary files differdeleted file mode 100644 index 49200265a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class +++ /dev/null diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java deleted file mode 100644 index 3f7a6872c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java +++ /dev/null @@ -1,481 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.File; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import java.io.IOException; -import java.util.*; -//import org.apache.xerces.parsers.AbstractDOMParser; -import org.apache.xerces.parsers.DOMParser; -import org.w3c.dom.*; - -/** - * XMLLoginParameterResolver an implementation of implementation of interface - * <code>LoginParameterResolver</code> - * This implementation used to map identities stored in an XML file to parameters - * which are given to OAs. - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class XMLLoginParameterResolver implements LoginParameterResolver { - - //file which is parsed and interpreted for paremeter resolving. - private String identityFile; - - /** - * inner class used to store mapped parameters - */ - class LPRParams { - - /** - * getter method for parameter Enabled. - * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver - */ - public boolean getEnabled() { - return enabled.booleanValue(); - } - - /** - * getter method for parameter UN (username) - * @return Parameter UN or <code>null</code> not set. - */ - public String getUN() { - return UN; - } - - /** - * getter method for parameter PW (password) - * @return Parameter PW or <code>null</code> not set. - */ - public String getPW() { - return PW; - } - - /** - * getter method for parameter Param1 - * @return Parameter Param1 or <code>null</code> not set. - */ - public String getParam1() { - return Param1; - } - - /** - * getter method for parameter Param2 - * @return Parameter Param2 or <code>null</code> not set. - */ - public String getParam2() { - return Param2; - } - - /** - * getter method for parameter Param3 - * @return Parameter Param3 or <code>null</code> not set. - */ - public String getParam3() { - return Param3; - } - - /** - * Returns a string representation of LPRParams - * - * @return a <code>String</code> representation of this object. - * @see XMLLoginParameterResolver.LPRParams - */ - public String toString() { - return "Enabled: " - + enabled.toString() - + "UN: '" - + UN - + "' PW: '" - + PW - + "' Param1: '" - + Param1 - + "' Param2: '" - + Param2 - + "' Param3: '" - + Param3 - + "'\n"; - } - - //private member variables used - private Boolean enabled = null; - private String UN = null; - private String PW = null; - private String Param1 = null; - private String Param2 = null; - private String Param3 = null; - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - * @param Param1 parameter1 used in HeaderAuthentication and ParameterAuthentication - * @param Param2 parameter2 used in HeaderAuthentication and ParameterAuthentication - * @param Param3 parameter3 used in HeaderAuthentication and ParameterAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { - this.enabled = new Boolean(enabled); - this.UN = UN; - this.PW = PW; - this.Param1 = Param1; - this.Param1 = Param2; - this.Param1 = Param3; - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW) { - this(enabled, UN, PW, null, null, null); - } - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object. - **/ - public XMLLoginParameterResolver() { - bPKMap = new HashMap(); - namedMap = new HashMap(); - } - - /** - * configuration method - * @param configuration enabled enable user mapping to parameter set for the parameter set. - */ - public void configure(String configuration) throws LoginParameterResolverException { - File idFile; - this.identityFile = configuration; - - try { - if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { - Logger.error("XMLLoginParameterResolver could not read '" - + identityFile - + "' " ); - return; - } - Document doc = readXMLFile(identityFile); - buildInfo(doc); - } catch (Throwable ex) { - throw new LoginParameterResolverException("config.11", new Object[] {identityFile}, ex); - } - isConfigured = true; - } - - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException { - Map result = new HashMap(); - - if (!isConfigured) { - throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + - identityFile + "' is not configured!", null); - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; - - //try bPK and named search - userFound = bPKIdentitySearch(bPK, params); - - if(false == userFound) - namedIdentitySearch(famName, givenName, dateOfBirth, params); - - if(false == userFound) - return result; - - //HTTP 401 - Basic Authentication - if (oaConf.getAuthType().equals("basic")) { - userid = params.getUN(); - password = params.getPW(); - - try { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); - result.put("Authorization", "Basic " + credentials); - } catch (IOException ignore) { - } - return result; - } - if (oaConf.getAuthType().equals("header")) { - String key; - String resolvedValue; - result.put("Param1", params.getParam1()); - result.put("Param2", params.getParam2()); - result.put("Param3", params.getParam3()); - return result; - /* for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); - iter.hasNext(); - result.put(key, resolvedValue)) { - key = (String) iter.next(); - String predicate = (String) oaConf.getHeaderAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - */ - } - return result; - } - - public Map getAuthenticationParameters( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) { - - Map result = new HashMap(); - - if (!isConfigured) { - Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); - return result; - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; - - //try bPK and named search - userFound = bPKIdentitySearch(bPK, params); - - if (false == userFound) - namedIdentitySearch(famName, givenName, dateOfBirth, params); - - if (false == userFound) - return result; - - if (oaConf.getAuthType().equals("param")) { - result.put("Param1", params.getParam1()); - result.put("Param2", params.getParam2()); - result.put("Param3", params.getParam3()); - return result; - /* - String key; - String resolvedValue; - for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); - iter.hasNext(); - result.put(key, resolvedValue)) { - key = (String) iter.next(); - String predicate = (String) oaConf.getParamAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - */ - - } - return result; - } - - private static String resolveValue( - String predicate, - AuthenticationData authData, - String clientIPAddress) { - if (predicate.equals("MOAGivenName")) - return authData.getGivenName(); - if (predicate.equals("MOAFamilyName")) - return authData.getFamilyName(); - if (predicate.equals("MOADateOfBirth")) - return authData.getDateOfBirth(); - if (predicate.equals("MOAVPK")) - return authData.getVPK(); - if (predicate.equals("MOAPublicAuthority")) - if (authData.isPublicAuthority()) - return "true"; - else - return "false"; - if (predicate.equals("MOABKZ")) - return authData.getPublicAuthorityCode(); - if (predicate.equals("MOAQualifiedCertificate")) - if (authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - if (predicate.equals("MOAZMRZahl")) - return authData.getIdentificationValue(); - if (predicate.equals("MOAIPAddress")) - return clientIPAddress; - else - return null; - } - - private Document readXMLFile(String fileName) { - Logger.info("XMLLoginParameterResolver: Loading MOA-OA configuration " + fileName); - DOMParser parser = new DOMParser(); - try { - parser.setFeature("http://xml.org/sax/features/validation", true); - parser.setFeature("http://apache.org/xml/features/validation/schema", true); - parser.parse(fileName); - return parser.getDocument(); - } catch (Exception e) { - String msg = e.toString(); - Logger.error("XMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg); - return null; - } - } - - private void buildInfo(Document doc) { - Element root = doc.getDocumentElement(); - NodeList idList = root.getElementsByTagName(XSD_IDELEM); - NodeList paramList = root.getElementsByTagName("Parameters"); - for (int i = 0; i < idList.getLength(); i++) - Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); - - for (int i = 0; i < paramList.getLength(); i++) - Logger.debug( - "XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); - - for (int i = 0; i < idList.getLength(); i++) { - Element tmpElem = (Element) idList.item(i); - NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); - for (int j = 0; j < tmpList.getLength(); j++) - Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); - - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName"); - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug( - "XMLLoginParameterResolver: tmpStr: " - + tmpStr - + " value: " - + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug( - "XMLLoginParameterResolver: attribute UN: " - + tmpElem.getAttribute("UN") - + " attribute PW: " - + tmpElem.getAttribute("PW")); - namedMap.put( - tmpStr, - new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else { - tmpList = tmpElem.getElementsByTagName("bPKIdentity"); - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute("bPK"); - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug( - "XMLLoginParameterResolver: tmpStr: " - + tmpStr - + " value: " - + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug( - "XMLLoginParameterResolver: attribute UN: " - + tmpElem.getAttribute("UN") - + " attribute PW: " - + tmpElem.getAttribute("PW") - + " attribute Param1: " - + tmpElem.getAttribute("Param1")); - bPKMap.put( - tmpStr, - new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else { - Logger.warn( - "XMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found"); - } - } - } - - Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug("bPKMap:" + bPKMap.toString()); - } - - private void buildIdentityInfo(Document doc) { - - } - - - boolean bPKIdentitySearch(String bPK, LPRParams params) { - //search for mapping with bPK of the user - Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); - params = (LPRParams) bPKMap.get(bPK); - if (null == params) { - Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); - return false; - } else if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return true; - } - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); - return false; - } - - boolean namedIdentitySearch( - String famName, - String givenName, - String dateOfBirth, - LPRParams params) { - Logger.info( - "XMLLoginParameterResolver: search for login data for SurName:" - + famName - + " GivenName: " - + givenName); - - params = (LPRParams) namedMap.get(famName + "," + givenName); - if (null == params) { - - Logger.info( - "XMLLoginParameterResolver: params for Surname: " - + famName - + " GivenName: " - + givenName - + " not found!"); - return false; - } - - if (params.getEnabled()) { - Logger.info( - "XMLLoginParameterResolver: SurName:" - + famName - + " GivenName: " - + givenName - + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return true; - } - Logger.info( - "XMLLoginParameterResolver: SurName:" - + famName - + " GivenName: " - + givenName - + "found in list; user is NOT enabled"); - return false; - } - - public static final String XSD_MAPPING = "Mapping"; - - public static final String XSD_DOCELEM = "MOAIdentities"; - public static final String XSD_IDELEM = "Identity"; - public static final String XSD_NAMEDIDELEM = "NamedIdentity"; - public static final String XSD_BPKIDELEM = "bPKIdentity"; - public static final String XSD_PARAMELEM = "Parameters"; - public static final String XML_LPR_CONFIG_PROPERTY_NAME = "moa.id.xmllpr.configuration"; - private Map bPKMap; - private Map namedMap; - private boolean isConfigured = false; -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java deleted file mode 100644 index e0e1fde4a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ /dev/null @@ -1,55 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.builder; - -import java.text.MessageFormat; -import java.util.Calendar; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; - -/** - * Builder for the <code><samlp:Request></code> used for querying - * the authentication data <code><saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLRequestBuilder implements Constants { - /** samlp-Request template */ - private static final String REQUEST = - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"{0}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{1}\">" + - "<samlp:AssertionArtifact>{2}</samlp:AssertionArtifact>" + - "</samlp:Request>"; - - /** - * Constructor for SAMLRequestBuilder. - */ - public SAMLRequestBuilder() { - super(); - } - - /** - * Builds the <code><samlp:Request></code>. - * @param requestID request ID - * @param samlArtifactBase64 SAML artifact, encoded BASE64 - * @return the DOM element - */ - public Element build(String requestID, String samlArtifactBase64) throws BuildException { - try { - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); - String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); - Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - return requestElem; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"samlp:Request", ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java deleted file mode 100644 index 4e9a72111..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ /dev/null @@ -1,143 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.invoke; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; -import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; -import at.gv.egovernment.moa.id.util.Random; - -/** - * Invoker of - * <ul> - * <li>either the GetAuthenticationData web service of MOA-ID Auth</li> - * <li>or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},</li> - * </ul> - * depending of the configuration. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetAuthenticationDataInvoker { - /** Create a new QName object for the webservice endpoint */ - private static final QName SERVICE_QNAME = new QName("GetAuthenticationData"); - - /** invoked object for API call of MOA-ID Auth */ - private static Object apiServer = null; - /** invoked method for API call of MOA-ID Auth */ - private static Method apiMethod = null; - - /** - * Invokes the service passing domain model objects. - * @param samlArtifact SAML artifact - * @return AuthenticationData object - * @throws ServiceException on any exception thrown - */ - /** - * Get authentication data from the MOA-ID Auth component, - * either via API call or via web service call. - * @param samlArtifact SAML artifact to be used as a parameter - * @return AuthenticationData - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { - - ConnectionParameter authConnParam = - ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); - if (authConnParam == null) { - try { - if (apiServer == null) { - Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer"); - Method getInstanceMethod = serverClass.getMethod("getInstance", null); - apiServer = getInstanceMethod.invoke(null, null); - apiMethod = serverClass.getMethod( - "getAuthenticationData", new Class[] {String.class}); - } - AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact}); - return authData; - } - catch (InvocationTargetException ex) { - Throwable targetEx = ex.getTargetException(); - if (targetEx instanceof AuthenticationException) - throw (AuthenticationException) targetEx; - else - throw new ProxyException("proxy.09", new Object[] {targetEx.toString()}); - } - catch (Throwable ex) { - throw new ProxyException("proxy.09", new Object[] {ex.toString()}); - } - } - else { - Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact); - Element samlpResponse = getAuthenticationData(samlpRequest); - SAMLResponseParser srp = new SAMLResponseParser(samlpResponse); - SAMLStatus status = srp.parseStatusCode(); - if (! "samlp:Success".equals(status.getStatusCode())) { - // on error status throw exception - String code = status.getStatusCode(); - if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) - code += "(" + status.getSubStatusCode() + ")"; - throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()}); - } - return srp.parseAuthenticationData(); - } - } - - /** - * Invokes the service passing DOM elements. - * @param request request DOM element - * @return response DOM element - * @throws ServiceException on any exception thrown - */ - public Element getAuthenticationData(Element request) throws ServiceException { - try { - Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME); - Call call = service.createCall(); - SOAPBodyElement body = - new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] {body}; - Vector responses; - SOAPBodyElement response; - - String endPoint; - ConnectionParameter authConnParam = - ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); - - //If the ConnectionParameter do NOT exist, we throw an exception .... - if (authConnParam!=null) { - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(SERVICE_QNAME, params); - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - else - { - throw new ServiceException("service.01", null); - } - } - catch (Exception ex) { - throw new ServiceException("service.00", new Object[] {ex.toString()}, ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java deleted file mode 100644 index ce0743b3d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ /dev/null @@ -1,145 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parser for the <code><saml:Assertion></code> returned by the - * <code>GetAuthenticationData</code> web service. - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationDataAssertionParser implements Constants { - - /** Prefix for SAML-Xpath-expressions */ - private static String SAML = SAML_PREFIX + ":"; - /** Prefix for PersonData-Xpath-expressions */ - private static String PR = PD_PREFIX + ":"; - /** Prefix for Attribute MajorVersion in an Xpath-expression */ - private static String MAJOR_VERSION_XPATH = - "@MajorVersion"; - /** Prefix for Attribute MinorVersion in an Xpath-expression */ - private static String MINOR_VERSION_XPATH = - "@MinorVersion"; - /** Prefix for Attribute AssertionID in an Xpath-expression */ - private static String ASSERTION_ID_XPATH = - "@AssertionID"; - /** Prefix for Attribute Issuer in an Xpath-expression */ - private static String ISSUER_XPATH = - "@Issuer"; - /** Prefix for Attribute IssueInstant in an Xpath-expression */ - private static String ISSUE_INSTANT_XPATH = - "@IssueInstant"; - /** Prefix for Element AttributeStatement in an Xpath-expression */ - private static String ATTRIBUTESTATEMENT_XPATH = - SAML + "AttributeStatement/"; - /** Prefix for Element NameIdentifier in an Xpath-expression */ - private static String VPK_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Subject/" + - SAML + "NameIdentifier"; - /** Prefix for Element Person in an Xpath-expression */ - private static String PERSONDATA_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"PersonData\"]/" + - SAML + "AttributeValue/" + - PR + "Person/"; - /** Prefix for Element Value in an Xpath-expression */ - private static String ZMRZAHL_XPATH = - PERSONDATA_XPATH + - PR + "Identification/" + - PR + "Value"; - /** Prefix for Element GivenName in an Xpath-expression */ - private static String GIVEN_NAME_XPATH = - PERSONDATA_XPATH + - PR + "Name/" + - PR + "GivenName"; - /** Prefix for Element FamilyName in an Xpath-expression */ - private static String FAMILY_NAME_XPATH = - PERSONDATA_XPATH + - PR + "Name/" + - PR + "FamilyName"; - /** Prefix for Element DateOfBirth in an Xpath-expression */ - private static String DATE_OF_BIRTH_XPATH = - PERSONDATA_XPATH + - PR + "DateOfBirth"; - /** Prefix for Element AttributeValue in an Xpath-expression */ - private static String IS_QUALIFIED_CERT_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" + - SAML + "AttributeValue"; - /** Prefix for Element AttributeValue in an Xpath-expression */ - private static String PUBLIC_AUTHORITY_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" + - SAML + "AttributeValue"; - /** Element samlAssertion represents the SAML:Assertion */ - private Element samlAssertion; - - /** - * Constructor - * @param samlAssertion samlpResponse the <code><samlp:Response></code> as a DOM element - */ - public AuthenticationDataAssertionParser(Element samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Parses the <code><saml:Assertion></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any error - */ - public AuthenticationData parseAuthenticationData() - throws ParseException { - - try { - AuthenticationData authData = new AuthenticationData(); - //ÄNDERN: NUR der Identification-Teil - authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); - authData.setMajorVersion(new Integer( - XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); - authData.setMinorVersion(new Integer( - XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue()); - authData.setAssertionID( - XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, "")); - authData.setIssuer( - XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, "")); - authData.setIssueInstant( - XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); - authData.setVPK( - XPathUtils.getElementValue(samlAssertion, VPK_XPATH, "")); - authData.setIdentificationValue( - XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, "")); - authData.setGivenName( - XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, "")); - authData.setFamilyName( - XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, "")); - authData.setDateOfBirth( - XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, "")); - authData.setQualifiedCertificate(BoolUtils.valueOf( - XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, ""))); - String publicAuthority = - XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null); - if (publicAuthority == null) { - authData.setPublicAuthority(false); - authData.setPublicAuthorityCode(""); - } - else { - authData.setPublicAuthority(true); - if (! publicAuthority.equalsIgnoreCase("true")) - authData.setPublicAuthorityCode(publicAuthority); - } - return authData; - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java deleted file mode 100644 index 9f77578fd..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ /dev/null @@ -1,100 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parser for the <code><samlp:Response></code> returned by the - * <code>GetAuthenticationData</code> web service. - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseParser implements Constants { - /** Element containing the samlResponse */ - private Element samlResponse; - /** Xpath prefix for reaching SAMLP Namespaces */ - private static String SAMLP = SAMLP_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching PersonData Namespaces */ - private static String PR = PD_PREFIX + ":"; - /** Xpath expression for reaching the SAMLP:Response element */ - private static final String ROOT = - "/" + SAMLP + "Response/"; - /** Xpath expression for reaching the SAMLP:Status element */ - private static final String STATUS_XPATH = - ROOT + - SAMLP + "Status/"; - /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */ - private static final String STATUSCODE_XPATH = - STATUS_XPATH + - SAMLP + "StatusCode/@Value"; - /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */ - private static final String SUBSTATUSCODE_XPATH = - STATUS_XPATH + - SAMLP + "StatusCode/" + - SAMLP + "StatusCode/@Value"; - /** Xpath expression for reaching the SAMLP:StatusMessage element */ - private static final String STATUSMESSAGE_XPATH = - STATUS_XPATH + - SAMLP + "StatusMessage"; - /** Xpath expression for reaching the SAML:Assertion element */ - private static String ASSERTION_XPATH = - ROOT + - SAML + "Assertion"; - - /** - * Constructor - * @param samlResponse the <code><samlp:Response></code> as a DOM element - */ - public SAMLResponseParser(Element samlResponse) { - this.samlResponse = samlResponse; - } - - /** - * Parses the <code><samlp:StatusCode></code> from the <code><samlp:Response></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any parsing error - */ - public SAMLStatus parseStatusCode() - throws ParseException { - - SAMLStatus status = new SAMLStatus(); - try { - status.setStatusCode( - XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, "")); - status.setSubStatusCode( - XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, "")); - status.setStatusMessage( - XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, "")); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - return status; - } - - /** - * Parses the <code><saml:Assertion></code> from the <code><samlp:Response></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any parsing error - */ - public AuthenticationData parseAuthenticationData() - throws ParseException { - - Element samlAssertion; - try { - samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java deleted file mode 100644 index d6ec4951b..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ /dev/null @@ -1,80 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.text.DateFormat; -import java.util.Date; -import java.util.Locale; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for updating the MOA-ID Auth configuration from configuration file - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConfigurationServlet extends HttpServlet { - /** The standard String for DTD Doc-type */ - private static final String DOC_TYPE = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; - - /** - * Handle a HTTP GET request, used to indicated that the MOA - * configuration needs to be updated (reloaded). - * - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - - MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("<head><title>MOA configuration update</title></head>"); - out.println("<body bgcolor=\"#FFFFFF\">"); - try { - MOAIDProxyInitializer.initialize(); - - String message = msg.getMessage("config.00", new Object[] - { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); - Logger.info(message); - - //TODO low-priority: change to ErrorPage - out.println("<p><b>"); - out.println(message); - out.println("</b></p>"); - } catch (Throwable t) { - String errorMessage = msg.getMessage("config.04", null); - Logger.error(errorMessage, t); - out.println("<p><b>"); - out.println(errorMessage); - out.println("</b></p>"); - } - out.println("</body>"); - - out.flush(); - out.close(); - } - - /** - * Do the same as <code>doGet</code>. - * - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - public void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - doGet(request, response); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java deleted file mode 100644 index 0080c010e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.servlet; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown while proxying a request to the online application - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ProxyException extends MOAIDException { - - /** - * Constructor for ProxyException. - * @param messageId - * @param parameters - */ - public ProxyException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ProxyException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ProxyException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java deleted file mode 100644 index 362849fb1..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ /dev/null @@ -1,537 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.servlet; - -import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.io.PrintWriter; -import java.io.StringWriter; -import java.net.HttpURLConnection; -import java.net.URLEncoder; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.CookieManager; -import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; -import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; -import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; -import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Servlet requested for logging in at an online application, - * and then for proxying requests to the online application. - * @author Paul Ivancsics - * @version $Id$ - */ -public class ProxyServlet extends HttpServlet { - /** Name of the Parameter for the Target */ - private static final String PARAM_TARGET = "Target"; - /** Name of the Parameter for the SAMLArtifact */ - private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; - - /** Name of the Attribute for the PublicURLPrefix */ - private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix"; - /** Name of the Attribute for the RealURLPrefix */ - private static final String ATT_REAL_URLPREFIX = "RealURLPrefix"; - /** Name of the Attribute for the SSLSocketFactory */ - private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory"; - /** Name of the Attribute for the LoginHeaders */ - private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; - /** Name of the Attribute for the LoginParameters */ - private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; - - /** - * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) - */ - protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - - Logger.debug("getRequestURL:" + req.getRequestURL().toString()); - try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) - login(req, resp); - else - tunnelRequest(req, resp); - } - catch (MOAIDException ex) { - handleError(resp, ex.toString(), ex); - } - catch (Throwable ex) { - handleError(resp, ex.toString(), ex); - } - } - - /** - * Login to online application at first call of servlet for a user session.<br/> - * <ul> - * <li>Acquires authentication data from the MOA-ID Auth component.</li> - * <li>Reads configuration data for the online application.</li> - * <li>Resolves login parameters.</li> - * <li>Sets up an SSLSocketFactory in case of a secure connection to the online application.</li> - * <li>For a stateless online application, stores data in the HttpSession.</li> - * <li>Tunnels the request to the online application.</li> - * </ul> - * @param req - * @param resp - * @throws ConfigurationException when wrong configuration is encountered - * @throws ProxyException when wrong configuration is encountered - * @throws BuildException while building the request for MOA-ID Auth - * @throws ServiceException while invoking MOA-ID Auth - * @throws ParseException while parsing the response from MOA-ID Auth - */ - private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { - - String samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); - Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); - // String target = req.getParameter(PARAM_TARGET); parameter given but not processed - - // get authentication data from the MOA-ID Auth component - AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); - - String urlRequested = req.getRequestURL().toString(); - - // read configuration data - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested); - if (oaParam == null) { - throw new ProxyException("proxy.02", new Object[] { urlRequested }); - } - String publicURLPrefix = oaParam.getPublicURLPrefix(); - Logger.debug("OA: " + publicURLPrefix); - OAConfiguration oaConf = oaParam.getOaConfiguration(); - ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - String realURLPrefix = oaConnParam.getUrl(); - - // resolve login parameters to be forwarded to online application - LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); - String clientIPAddress = req.getRemoteAddr(); - Map loginHeaders = null; - Map loginParameters = null; - try { - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); - else - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); - - } catch (LoginParameterResolverException ex) { - throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); - } - - // setup SSLSocketFactory for communication with the online application - SSLSocketFactory ssf = null; - if (oaConnParam.isHTTPSURL()) { - try { - ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - catch (Throwable ex) { - throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex); - } - } - - try { - // for stateless online application, store data in HttpSession - String loginType = oaConf.getLoginType(); - Logger.debug("Login type: " + loginType); - if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { - HttpSession session = req.getSession(); - int sessionTimeOut = oaParam.getSessionTimeOut(); - if (sessionTimeOut == 0) - sessionTimeOut = 60 * 60; // default 1 h - session.setMaxInactiveInterval(sessionTimeOut); - session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix); - session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix); - session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); - session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); - session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); - Logger.debug("moa-id-proxy: HTTPSession angelegt"); - } - - // tunnel request to the online application - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - { - Logger.debug("Got 401, trying again"); - - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - } - catch (ProxyException ex) { - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - catch (Throwable ex) { - throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); - } - } - - /** - * Tunnels a request to the stateless online application using data stored in the HTTP session. - * @param req HTTP request - * @param resp HTTP response - * @throws IOException if an I/O error occurs - */ - private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException { - - Logger.debug("Tunnel request (stateless)"); - HttpSession session = req.getSession(false); - if (session == null) - throw new ProxyException("proxy.07", null); - String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); - String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); - SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); - Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); - Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); - if (publicURLPrefix == null || realURLPrefix == null) - throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()}); - - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - { - Logger.debug("Got 401, trying again"); - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - } - -/** - * Tunnels a request to the online application using given URL mapping and SSLSocketFactory. - * This method returns the ResponseCode of the request to the online application. - * @param req HTTP request - * @param resp HTTP response - * @param loginHeaders header field/values to be inserted for purposes of authentication; - * may be <code>null</code> - * @param loginParameters parameter name/values to be inserted for purposes of authentication; - * may be <code>null</code> - * @param publicURLPrefix prefix of request URL to be substituted for the <code>realURLPrefix</code> - * @param realURLPrefix prefix of online application URL to substitute the <code>publicURLPrefix</code> - * @param ssf SSLSocketFactory to use - * @throws IOException if an I/O error occurs - */ -private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf) - throws IOException { - - // collect headers from request - Map headers = new HashMap(); - for (Enumeration enum = req.getHeaderNames(); enum.hasMoreElements();) { - String headerKey = (String) enum.nextElement(); - //We ignore any Basic-Auth-Headers from the client - if (headerKey.equalsIgnoreCase("Authorization")) - { Logger.debug("Ignoring authorization-header from browser: " +req.getHeader(headerKey) ); - } - else - headers.put(headerKey, req.getHeader(headerKey)); - } - // collect login headers, possibly overwriting headers from request - if (loginHeaders != null) { - for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - headers.put(headerKey, loginHeaders.get(headerKey)); - } - } - // collect parameters from request - Map parameters = new HashMap(); - for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements();) { - String paramName = (String) enum.nextElement(); - parameters.put(paramName, req.getParameter(paramName)); - } - // collect login parameters, possibly overwriting parameters from request - if (loginParameters != null) { - for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) { - String paramName = (String) iter.next(); - parameters.put(paramName, loginParameters.get(paramName)); - } - } - - headers.remove("content-length"); - parameters.remove(PARAM_SAMLARTIFACT); - parameters.remove(PARAM_TARGET); - - ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix); - HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters); - - //Set Cookies... - - String cookieString = CookieManager.getInstance().getCookie(req.getSession().getId()); - if (cookieString!=null) - { - //If we get Cookies from Client, we put them throgh if they dont exist/conflict with the stored Cookies - for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerValue = (String) headers.get(headerKey); - if (headerKey.equalsIgnoreCase("Cookie")) - CookieManager.getInstance().saveOldCookies(req.getSession().getId(), headerValue); - } - cookieString = CookieManager.getInstance().getCookie(req.getSession().getId()); - headers.put("cookie", cookieString); - } - - // set headers as request properties of URLConnection - for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerValue = (String) headers.get(headerKey); - conn.setRequestProperty(headerKey, headerValue); - Logger.debug("Req header " + headerKey + ": " + headers.get(headerKey)); - if (Logger.isDebugEnabled() && isBasicAuthenticationHeader(headerKey, headerValue)) { - String credentials = headerValue.substring(6); - String userIDPassword = new String(Base64Utils.decode(credentials, false)); - Logger.debug(":UserID:Password: :" + userIDPassword + ":"); - } - } - // Write out parameters into output stream of URLConnection. - // On GET request, do not send parameters in any case, - // otherwise HttpURLConnection would send a POST. - if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) { - boolean firstParam = true; - StringWriter sb = new StringWriter(); - for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) { - String paramname = (String) iter.next(); - String value = URLEncoder.encode((String) parameters.get(paramname)); - if (firstParam) - firstParam = false; - else - sb.write("&"); - sb.write(paramname); - sb.write("="); - sb.write(value); - Logger.debug("Req param " + paramname + ": " + value); - } - PrintWriter reqOut = new PrintWriter(conn.getOutputStream()); - reqOut.write(sb.toString()); - reqOut.flush(); - reqOut.close(); - } - // connect - conn.connect(); - - // Read response status and content type. - // If the connection returns a 401 disconnect and return - // otherwise the attempt to read data from that connection - // will result in an error - - if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) - { - Logger.debug("Found 401... searching cookies"); - String headerKey; - - int i = 1; - CookieManager cm = CookieManager.getInstance(); - while ((headerKey = conn.getHeaderFieldKey(i)) != null) { - String headerValue = conn.getHeaderField(i); - if (headerKey.equalsIgnoreCase("set-cookie")) - { cm.saveCookie(req.getSession().getId(), headerValue); - cm.add401(req.getSession().getId(),headerValue); - Logger.debug("Cookie " + headerValue); - Logger.debug("CookieSession " + req.getSession().getId()); - } - i++; - } - - conn.disconnect(); - return conn.getResponseCode(); - } - resp.setStatus(conn.getResponseCode()); - resp.setContentType(conn.getContentType()); - - // Read response headers - // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set. - // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests. - // See JavaDoc of javax.servlet.http.HttpServlet: - // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header. - Map respHeaders = new HashMap(); - boolean chunked = false; - String contentLengthKey = null; - String transferEncodingKey = null; - int i = 1; - String headerKey; - while ((headerKey = conn.getHeaderFieldKey(i)) != null) { - String headerValue = conn.getHeaderField(i); - respHeaders.put(headerKey, headerValue); - if (isTransferEncodingChunkedHeader(headerKey, headerValue)) { - chunked = true; - transferEncodingKey = headerKey; - } - CookieManager cm = CookieManager.getInstance(); - if (headerKey.equalsIgnoreCase("set-cookie")) - { cm.saveCookie(req.getSession().getId(), headerValue); - Logger.debug("Cookie " + headerValue); - Logger.debug("CookieSession " + req.getSession().getId()); - } - if ("content-length".equalsIgnoreCase(headerKey)) - contentLengthKey = headerKey; - Logger.debug("Resp header " + headerKey + ": " + headerValue); - i++; - } - if (chunked && contentLengthKey != null) { - respHeaders.remove(transferEncodingKey); - Logger.debug("Resp header " + transferEncodingKey + " REMOVED"); - } - - //Get a Hash-Map of all 401-set-cookies - HashMap cookies401 = CookieManager.getInstance().get401(req.getSession().getId()); - - for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) { - headerKey = (String) iter.next(); - - if (headerKey.equalsIgnoreCase("Set-Cookie")) - { - String headerValue = (String) respHeaders.get(headerKey); - Logger.debug("Found 'Set-Cookie' in ResponseHeaders: " + headerValue); - if(!cookies401.containsKey(headerValue.substring(0, headerValue.indexOf("=")))) - { - // If we dont already have a Set-Cookie-Value for THAT Cookie we create one... - CookieManager.getInstance().add401(req.getSession().getId(), headerValue); - } - } - } - - //write out all Responseheaders != "set-cookie" - for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) { - headerKey = (String) iter.next(); - if (!headerKey.equalsIgnoreCase("Set-Cookie")) - resp.addHeader(headerKey, (String) respHeaders.get(headerKey)); - } - - //write out all Responseheaders = "set-cookie" - cookies401 = CookieManager.getInstance().get401(req.getSession().getId()); - Iterator cookie_i = cookies401.values().iterator(); - while (cookie_i.hasNext()) { - String element = (String) cookie_i.next(); - resp.addHeader("Set-Cookie", element); - } - //Delete all "Set-Cookie" - Values - CookieManager.getInstance().clear401(req.getSession().getId()); - - // read response stream - Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode()); - // Load content unless the server lets us know that the content is NOT MODIFIED... - if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED) - { - BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream()); - Logger.debug("Got Inputstream"); - BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream()); - Logger.debug("Got Outputstream"); - int ch; - while ((ch = respIn.read()) >= 0) - respOut.write(ch); - respOut.close(); - respIn.close(); - } - else - Logger.debug("Found 304 NOT MODIFIED..."); - conn.disconnect(); - Logger.debug("Request done"); - - - return conn.getResponseCode(); -} -/** - * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..." - * - * @param headerKey header name - * @param headerValue header value - * @return true for a basic authentication header - */ -private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) { - if (!"authorization".equalsIgnoreCase(headerKey)) - return false; - if (headerValue.length() < "basic".length()) - return false; - String authenticationSchema = headerValue.substring(0, "basic".length()); - return "basic".equalsIgnoreCase(authenticationSchema); -} -/** - * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked" - * - * @param headerKey header name - * @param headerValue header value - * @return true for a "Transfer-encoding: chunked" header - */ -private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) { - if (!"transfer-encoding".equalsIgnoreCase(headerKey)) - return false; - return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0; -} - -/** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ -public void init(ServletConfig servletConfig) throws ServletException { - try { - MOAIDProxyInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex); - throw new ServletException(ex); - } -} -/** - * Handles an error in proxying the request. - * <ul> - * <li>Logs the error.</li> - * <li>Outputs an HTML error page.</li> - * </ul> - * @param resp the HttpServletResponse - * @param errorMessage error message to be used - * @param ex the exception to be logged - */ -private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) { - Logger.error(errorMessage, ex); - String htmlCode = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" - + "<html><head><title>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</title></head><body>" - + "<h1>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</h1>" - + "<p>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null) - + "</p>" - + "<p>" - + errorMessage - + "</p>" - + "</body></html>"; - resp.setContentType("text/html"); - try { - OutputStream respOut = resp.getOutputStream(); - respOut.write(htmlCode.getBytes()); - respOut.flush(); - } - catch (IOException ioex) { - Logger.error("", ioex); - } -} - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java deleted file mode 100644 index 8967bdbba..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java +++ /dev/null @@ -1,213 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import java.io.BufferedWriter; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.PrintWriter; -import java.net.Socket; -import java.security.GeneralSecurityException; -import java.util.Hashtable; - -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.components.net.BooleanHolder; -import org.apache.axis.components.net.DefaultSocketFactory; -import org.apache.axis.components.net.SecureSocketFactory; -import org.apache.axis.components.net.TransportClientProperties; -import org.apache.axis.components.net.TransportClientPropertiesFactory; -import org.apache.axis.utils.Messages; -import org.apache.axis.utils.XMLUtils; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * Secure socket factory for Axis webs service clients of the MOA-ID component, - * which are the MOA-SP calls from MOA-ID Auth, - * and the MOA-ID Auth calls from MOA-ID Proxy. - * <br/>Use this initialization code:<br/> - * <code> // ConnectionParameter connParam = ... get from ConfigurationProvider - * AxisSecureSocketFactory.initialize(connParam);</code> - * <br/>See the Apache Axis documentation on how to configure this class - * as the default secure socket factory to be used by Axis. - * <br/> - * This code has been copied from <code>JSSESocketFactory</code>, the - * method <code>initialize()</code> has been added. - * - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AxisSecureSocketFactory - extends DefaultSocketFactory implements SecureSocketFactory { - - /** Field sslFactory */ - private static SSLSocketFactory sslFactory; - - /** - * Constructor for AxisSecureSocketFactory. - * @param attributes ??? - */ - public AxisSecureSocketFactory(Hashtable attributes) { - super(attributes); - } - /** - * Initializes the factory by setting the connection parameters to be used for - * setting the secure socket factory, and by setting the system property - * <code>axis.socketSecureFactory</code>. - * @param connParam <code>ConnectionParameter</code> to derive the - * secure socket factory from - */ - public static void initialize(SSLSocketFactory ssf) - throws IOException, GeneralSecurityException { - - Logger.debug("Initialize AxisSecureSocketFactory"); - sslFactory = ssf; - } - - /** - * creates a secure socket - * - * @param host - * @param port - * @param otherHeaders - * @param useFullURL - * - * @return Socket - * @throws Exception - */ - public Socket create( - String host, - int port, - StringBuffer otherHeaders, - BooleanHolder useFullURL) - throws Exception { - if (port == -1) { - port = 443; - } - - TransportClientProperties tcp = - TransportClientPropertiesFactory.create("https"); - - boolean hostInNonProxyList = - isHostInNonProxyList(host, tcp.getNonProxyHosts()); - - Socket sslSocket = null; - if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) { - // direct SSL connection - sslSocket = sslFactory.createSocket(host, port); - } - else { - - // Default proxy port is 80, even for https - int tunnelPort = - (tcp.getProxyPort().length() != 0) - ? Integer.parseInt(tcp.getProxyPort()) - : 80; - if (tunnelPort < 0) - tunnelPort = 80; - - // Create the regular socket connection to the proxy - Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort); - - // The tunnel handshake method (condensed and made reflexive) - OutputStream tunnelOutputStream = tunnel.getOutputStream(); - PrintWriter out = - new PrintWriter( - new BufferedWriter(new OutputStreamWriter(tunnelOutputStream))); - - // More secure version... engage later? - // PasswordAuthentication pa = - // Authenticator.requestPasswordAuthentication( - // InetAddress.getByName(tunnelHost), - // tunnelPort, "SOCK", "Proxy","HTTP"); - // if(pa == null){ - // printDebug("No Authenticator set."); - // }else{ - // printDebug("Using Authenticator."); - // tunnelUser = pa.getUserName(); - // tunnelPassword = new String(pa.getPassword()); - // } - out.print( - "CONNECT " - + host - + ":" - + port - + " HTTP/1.0\r\n" - + "User-Agent: AxisClient"); - if (tcp.getProxyUser().length() != 0 - && tcp.getProxyPassword().length() != 0) { - - // add basic authentication header for the proxy - String encodedPassword = - XMLUtils.base64encode( - (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes()); - - out.print("\nProxy-Authorization: Basic " + encodedPassword); - } - out.print("\nContent-Length: 0"); - out.print("\nPragma: no-cache"); - out.print("\r\n\r\n"); - out.flush(); - InputStream tunnelInputStream = tunnel.getInputStream(); - - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "isNull00", - "tunnelInputStream", - "" + (tunnelInputStream == null))); - } - String replyStr = ""; - - // Make sure to read all the response from the proxy to prevent SSL negotiation failure - // Response message terminated by two sequential newlines - int newlinesSeen = 0; - boolean headerDone = false; /* Done on first newline */ - - while (newlinesSeen < 2) { - int i = tunnelInputStream.read(); - - if (i < 0) { - throw new IOException("Unexpected EOF from proxy"); - } - if (i == '\n') { - headerDone = true; - ++newlinesSeen; - } - else if (i != '\r') { - newlinesSeen = 0; - if (!headerDone) { - replyStr += String.valueOf((char) i); - } - } - } - if (!replyStr.startsWith("HTTP/1.0 200") - && !replyStr.startsWith("HTTP/1.1 200")) { - throw new IOException( - Messages.getMessage( - "cantTunnel00", - new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr })); - } - - // End of condensed reflective tunnel handshake method - sslSocket = sslFactory.createSocket(tunnel, host, port, true); - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "setupTunnel00", - tcp.getProxyHost(), - "" + tunnelPort)); - } - } - - ((SSLSocket) sslSocket).startHandshake(); - if (log.isDebugEnabled()) { - log.debug(Messages.getMessage("createdSSL00")); - } - return sslSocket; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java deleted file mode 100644 index d31aa6ec1..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java +++ /dev/null @@ -1,58 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import java.util.Locale; - -import at.gv.egovernment.moa.util.Messages; - -/** - * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDMessageProvider { - - /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */ - private static final String[] DEFAULT_MESSAGE_RESOURCES = - { "resources/properties/id_messages" }; - /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */ - private static final Locale[] DEFAULT_MESSAGE_LOCALES = - new Locale[] { new Locale("de", "AT") }; - /** The instance for our singleton */ - private static MOAIDMessageProvider instance; - /** The Messages */ - private Messages messages; - - /** - * Returns the single instance of <code>MOAIDMessageProvider</code>. - * - * @return the single instance of <code>MOAIDMessageProvider</code> - */ - public static MOAIDMessageProvider getInstance() { - if (instance == null) - instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); - return instance; - } - - /** - * Create a <code>MOAIDMessageProvider</code>. - * - * @param resourceNames The names of the resources containing the messages. - * @param locales The corresponding locales. - */ - protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) { - this.messages = new Messages(resourceNames, locales); - } - - /** - * Get the message corresponding to a given message ID. - * - * @param messageId The ID of the message. - * @param parameters The parameters to fill in into the message arguments. - * @return The formatted message. - */ - public String getMessage(String messageId, Object[] parameters) { - return messages.getMessage(messageId, parameters); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/Random.java b/id.server/src/at/gv/egovernment/moa/id/util/Random.java deleted file mode 100644 index da75b4213..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/Random.java +++ /dev/null @@ -1,22 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import java.util.Date; - -/** - * Random number generator used to generate ID's - * @author Paul Ivancsics - * @version $Id$ - */ -public class Random { - - /** random number generator used */ - private static java.util.Random random = new java.util.Random(new Date().getTime()); - /** - * Creates a new random number, to be used as an ID. - * - * @return random long as a String - */ - public static String nextRandom() { - return "" + random.nextLong(); - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java deleted file mode 100644 index e0739d941..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java +++ /dev/null @@ -1,160 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.io.BufferedInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.Security; -import java.util.HashMap; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl; -import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; -import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StreamUtils; - -import com.sun.net.ssl.HttpsURLConnection; -import com.sun.net.ssl.KeyManager; -import com.sun.net.ssl.SSLContext; -import com.sun.net.ssl.TrustManager; - -/** - * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>. - * This <code>TrustManager</code> implementation features CRL checking.<br/> - * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtils { - - /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ - private static Map sslSocketFactories = new HashMap(); - - /** - * Initializes the SSLSocketFactory store. - */ - public static void initialize() { - sslSocketFactories = new HashMap(); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - } - - /** - * Creates an <code>SSLSocketFactory</code> which utilizes an - * <code>IAIKX509TrustManager</code> for the given trust store, - * and the given key store. - * - * @param conf configuration provider providing a generic properties pointing - * to trusted CA store and certificate store root - * @param connParam connection parameter containing the client key store settings - * to be used in case of client authentication; - * if <code>connParam.getClientKeyStore() == null</code>, client authentication - * is assumed to be disabled - * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the socket factory - * @throws ConfigurationException on invalid configuration data - * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> - */ - public static SSLSocketFactory getSSLSocketFactory( - ConfigurationProvider conf, - ConnectionParameter connParam) - throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - - Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); - // retrieve SSLSocketFactory if already created - SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); - if (ssf != null) - return ssf; - // else create new SSLSocketFactory - String trustStoreURL = conf.getTrustedCACertificates(); - if (trustStoreURL == null) - throw new ConfigurationException( - "config.08", new Object[] {"TrustedCACertificates"}); - String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); - TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( - "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - ssf = ctx.getSocketFactory(); - // store SSLSocketFactory - sslSocketFactories.put(connParam.getUrl(), ssf); - return ssf; - } - - /** - * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, - * using configuration data. - * - * @param conf MOA-ID configuration provider - * @param trustStoreURL trust store URL - * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates - * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code> - * @throws ConfigurationException on invalid configuration data - * @throws IOException on data-reading problems - * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> - */ - public static TrustManager[] getTrustManagers( - ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - PKIConfiguration cfg = null; - if (! PKIFactory.getInstance().isAlreadyConfigured()) - cfg = new PKIConfigurationImpl(conf); - String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); - //not using BoolUtils because default value hast to be true! - boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); - //TODO RS verify SSL Revocation handling - PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); - // This call fixes a bug occuring when PKIConfiguration is - // initialized by the MOA-SP initialization code, in case - // MOA-SP is called by API - MOAIDTrustManager.initializeLoggingContext(); - IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); - tm.init(cfg, profile); - return new TrustManager[] {tm}; - } - /** - * Reads a file, given by URL, into a byte array, - * securing the connection by IAIKX509TrustManager. - * @param connParam containing URL and accepted server certificates - * @param conf ConfigurationProvider for reading - * @return file content - * @throws ConfigurationException on invalid configuration data - * @throws PKIException on invalid configuration data - * @throws IOException on data-reading problems - * @throws GeneralSecurityException on security issues - */ - public static byte[] readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - URL url = new URL(connParam.getUrl()); - HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); - conn.setRequestMethod("GET"); - conn.setDoInput(true); - SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam); - conn.setSSLSocketFactory(sslSocketFactory); - conn.connect(); - InputStream in = new BufferedInputStream(conn.getInputStream()); - byte[] content = StreamUtils.readStream(in); - in.close(); - conn.disconnect(); - return content; - } - -} |