diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java')
| -rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..863162fd9 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -0,0 +1,203 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.*; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Builder for the <code><VerifyXMLSignatureRequestBuilder></code> structure + * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureRequestBuilder { + /** The MOA-Prefix */ + private static final String MOA = Constants.MOA_PREFIX + ":"; + /** the request as string */ + private String request; + /** the request as DOM-Element */ + private Element reqElem; + + /** + * Constructor for VerifyXMLSignatureRequestBuilder. + */ + public VerifyXMLSignatureRequestBuilder() {} + /** + * Builds a <code><VerifyXMLSignatureRequest></code> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param idl - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element build(IdentityLink idl, String trustProfileID) throws ParseException + { //samlAssertionObject + request = + "<?xml version='1.0' encoding='UTF-8' ?>" + + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + + " <VerifySignatureInfo>" + + " <VerifySignatureEnvironment>" + + " <XMLContent xml:space=\"preserve\"/>" + + " </VerifySignatureEnvironment>" + + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" + + " </VerifySignatureInfo>" + + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung + +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>" + // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) + +" </ReferenceInfo>" + " </SignatureManifestCheckParams>" + + // Testweise ReturnReferenceInputData = False + + +" <ReturnHashInputData/>" + + " <TrustProfileID>" + + trustProfileID + + "</TrustProfileID>" + + "</VerifyXMLSignatureRequest>"; + + try { + InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); + reqElem = DOMUtils.parseXmlValidating(s); + + String CONTENT_XPATH = + "//" + + MOA + + "VerifyXMLSignatureRequest/" + + MOA + + "VerifySignatureInfo/" + + MOA + + "VerifySignatureEnvironment/" + + MOA + + "XMLContent"; + + Element insertTo = + (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + insertTo.appendChild( + insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true)); + + String SIGN_MANI_CHECK_PARAMS_XPATH = + "//" + + MOA + + "VerifyXMLSignatureRequest/" + + MOA + + "SignatureManifestCheckParams"; + insertTo = + (Element) XPathUtils.selectSingleNode( + reqElem, + SIGN_MANI_CHECK_PARAMS_XPATH); + insertTo.removeChild( + (Element) XPathUtils.selectSingleNode( + reqElem, + SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo")); + Element[] dsigTransforms = idl.getDsigReferenceTransforms(); + for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) + { + Element refInfo = + insertTo.getOwnerDocument().createElementNS( + Constants.MOA_NS_URI, + "ReferenceInfo"); + insertTo.appendChild(refInfo); + Element verifyTransformsInfoProfile = + insertTo.getOwnerDocument().createElementNS( + Constants.MOA_NS_URI, + "VerifyTransformsInfoProfile"); + refInfo.appendChild(verifyTransformsInfoProfile); + verifyTransformsInfoProfile.appendChild( + insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); + } + } + catch (Throwable t) { + throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)"); + "builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, + t); + } + + return reqElem; + } + + /** + * Builds a <code><VerifyXMLSignatureRequest></code> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param idl - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element build( + CreateXMLSignatureResponse csr, + String[] verifyTransformsInfoProfileID, + String trustProfileID) + throws ParseException { //samlAssertionObject + request = + "<?xml version='1.0' encoding='UTF-8' ?>" + + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + + " <VerifySignatureInfo>" + + " <VerifySignatureEnvironment>" + + " <XMLContent xml:space=\"preserve\"/>" + + " </VerifySignatureEnvironment>" + + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" + + " </VerifySignatureInfo>" + + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">" + + " <ReferenceInfo>"; + + for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { + request += " <VerifyTransformsInfoProfileID>" + + verifyTransformsInfoProfileID[i] + + "</VerifyTransformsInfoProfileID>"; + // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) + + } + + request += " </ReferenceInfo>" + + " </SignatureManifestCheckParams>" + // Testweise ReturnReferenceInputData = False + +" <ReturnHashInputData/>" + + " <TrustProfileID>" + + trustProfileID + + "</TrustProfileID>" + + "</VerifyXMLSignatureRequest>"; + + try { + // Build a DOM-Tree of the obove String + InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); + reqElem = DOMUtils.parseXmlValidating(s); + //Insert the SAML-Assertion-Object + String CONTENT_XPATH = + "//" + + MOA + + "VerifyXMLSignatureRequest/" + + MOA + + "VerifySignatureInfo/" + + MOA + + "VerifySignatureEnvironment/" + + MOA + + "XMLContent"; + + Element insertTo = + (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + insertTo.appendChild( + insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); + + } + catch (Throwable t) { + throw new ParseException( + "builder.00", + new Object[] { "VerifyXMLSignatureRequest" }, + t); + } + + return reqElem; + } + +} |