diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/builder')
14 files changed, 0 insertions, 1333 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java deleted file mode 100644 index b1fe0a6df..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ /dev/null @@ -1,106 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the authentication block <code><saml:Assertion></code> - * to be included in a <code><CreateXMLSignatureResponse></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationBlockAssertionBuilder implements Constants { - /** the NewLine representation in Java*/ - private static String nl = "\n"; - /** template for the Auth-Block */ - private static String AUTH_BLOCK = - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + nl + - " <saml:AttributeStatement>" + nl + - " <saml:Subject>" + nl + - " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + nl + - " </saml:Subject>" + nl + - "{4}" + - " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{5}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{6}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " </saml:AttributeStatement>" + nl + - "</saml:Assertion>"; - - private static String GESCHAEFTS_BEREICH_ATTRIBUTE = - " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{0}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl; - - private static String WBPK_ATTRIBUTE = - " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>" + nl + - " <pr:Identification>" + nl + - " <pr:Value>{0}</pr:Value>" + nl + - " <pr:Type>{1}</pr:Type>" + nl + - " </pr:Identification>" + nl + - " </saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl; - - /** - * Constructor for AuthenticationBlockAssertionBuilder. - */ - public AuthenticationBlockAssertionBuilder() { - super(); - } - - /** - * Builds the authentication block <code><saml:Assertion></code> - * - * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code> - * @param issueInstant current timestamp - * @param authURL URL of MOA-ID authentication component - * @param target "Geschäftsbereich"; maybe <code>null</code> if the application - * is a business application - * @param identityLinkValue the content of the <code><pr:Value></code> - * child element of the <code><pr:Identification></code> - * element derived from the Identitylink; this is the - * value of the <code>wbPK</code>; - * maybe <code>null</code> if the application is a public service - * @param identiyLinkType the content of the <code><pr:Type></code> - * child element of the <code><pr:Identification></code> - * element derived from the Identitylink; this includes the - * URN prefix and the identification number of the business - * application used as input for wbPK computation; - * maybe <code>null</code> if the application is a public service - * @param oaURL public URL of online application requested - * @return String representation of authentication block - * <code><saml:Assertion></code> built - */ - public String buildAuthBlock(String issuer, - String issueInstant, - String authURL, - String target, - String identityLinkValue, - String identityLinkType, - String oaURL, - String GebDat) - { - - String gebeORwbpk = ""; - String wbpkNSDeclaration = ""; - if (target == null) { - // OA is a business application - gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); - wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; - } else { - gebeORwbpk = MessageFormat.format( - GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); - } - - String assertion = MessageFormat.format( - AUTH_BLOCK, new Object[] { wbpkNSDeclaration, issuer, issueInstant, authURL, gebeORwbpk, oaURL, GebDat}); - return assertion; - - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java deleted file mode 100644 index 7e866089d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ /dev/null @@ -1,154 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationDataAssertionBuilder implements Constants { - /** private static String NL contains the NewLine representation in Java*/ - private static final String NL = "\n"; - /** - * XML template for the <code><saml:Assertion></code> to be built - */ - private static final String AUTH_DATA = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + - " xmlns:si=''" + XSI_NS_URI + "''" + - " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + - " <saml:AttributeStatement>" + NL + - " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL + - " <saml:SubjectConfirmation>" + NL + - " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL + - " </saml:SubjectConfirmation>" + NL + - " </saml:Subject>" + NL + - " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{8}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - "{10}" + - "{11}" + - " </saml:AttributeStatement>" + NL + - "</saml:Assertion>"; - /** - * XML template for the <code><saml:Attribute></code> named <code>"isPublicAuthority"</code>, - * to be inserted into the <code><saml:Assertion></code> - */ - private static final String PUBLIC_AUTHORITY_ATT = - " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL + - " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL; - - private static final String SIGNER_CERTIFICATE_ATT = - " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL; - - /** - * Constructor for AuthenticationDataAssertionBuilder. - */ - public AuthenticationDataAssertionBuilder() { - super(); - } - - /** - * Builds the authentication data <code><saml:Assertion></code>. - * - * @param authData the <code>AuthenticationData</code> to build the - * <code><saml:Assertion></code> from - * @param xmlPersonData <code>lt;pr:Person></code> element as a String - * @param xmlAuthBlock authentication block to be included in a - * <code>lt;saml:SubjectConfirmationData></code> element; may include - * the <code>"Stammzahl"</code> or not; may be empty - * @param xmlIdentityLink the IdentityLink - * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe - * an empty string if the signer certificate should not be provided. - * Will be ignored if the <code>businessService</code> parameter is - * set to <code>false</code>. - * @param businessService <code>true</code> if the online application is a - * business service, otherwise <code>false</code> - * @return the <code><saml:Assertion></code> - * @throws BuildException if an error occurs during the build process - */ - public String build( - AuthenticationData authData, - String xmlPersonData, - String xmlAuthBlock, - String xmlIdentityLink, - String bkuURL, - String signerCertificateBase64, - boolean businessService) throws BuildException { - - String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; - String publicAuthorityAttribute = ""; - if (authData.isPublicAuthority()) { - String publicAuthorityIdentification = authData.getPublicAuthorityCode(); - if (publicAuthorityIdentification == null) - publicAuthorityIdentification = "True"; - publicAuthorityAttribute = MessageFormat.format( - PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); - } - - - String signerCertificateAttribute = ""; - if (signerCertificateBase64 != "") { - signerCertificateAttribute = MessageFormat.format( - SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); - } - - String pkType; - String pkValue; - if (businessService) { - pkType = authData.getIdentificationType(); - pkValue = authData.getWBPK(); - - } else { - pkType = URN_PREFIX_BPK; - pkValue = authData.getBPK(); - } - - String assertion = MessageFormat.format(AUTH_DATA, new Object[] { - authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstant(), - pkType, - pkValue, - removeXMLDeclaration(xmlAuthBlock), - removeXMLDeclaration(xmlIdentityLink), - removeXMLDeclaration(xmlPersonData), - isQualifiedCertificate, - bkuURL, - publicAuthorityAttribute, - signerCertificateAttribute}); - return assertion; - } - - /** - * Removes the XML declaration from an XML expression. - * @param xmlString XML expression as String - * @return XML expression, XML declaration removed - */ - private String removeXMLDeclaration(String xmlString) { - if (xmlString.startsWith("<?xml")) { - int firstElement = xmlString.indexOf("<", 1); - return xmlString.substring(firstElement); - } - else return xmlString; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java deleted file mode 100644 index 6cc8c1be8..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.security.MessageDigest; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the bPK, as defined in - * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> - * version <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. - * - * @author Paul Schamberger - * @version $Id$ - */ -public class BPKBuilder { - - /** - * Builds the bPK from the given parameters. - * @param identificationValue Base64 encoded "Stammzahl" - * @param target "Bereich lt. Verordnung des BKA" - * @return bPK in a BASE64 encoding - * @throws BuildException if an error occurs on building the bPK - */ - public String buildBPK(String identificationValue, String target) - throws BuildException { - - if ((identificationValue == null || - identificationValue.length() == 0 || - target == null || - target.length() == 0)) - { - throw new BuildException("builder.00", - new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ",target=" + target}); - } - String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java deleted file mode 100644 index a5d87ef83..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java +++ /dev/null @@ -1,47 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.StringUtils; - -/** - * Base class for HTML/XML builders providing commonly useful functions. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class Builder { - - /** - * Replaces a given number of occurences of a special tag in an XML or HTML template by a value. - * @param htmlTemplate template - * @param tag special tag - * @param value value replacing the tag - * @param maxreplacements: -1 to replace each occurence of tag, or limit replacements by a given positive number - * @return XML or HTML code, the tag replaced - * @throws BuildException when template does not contain the tag - */ - protected String replaceTag(String template, String tag, String value, int maxreplacements) throws BuildException { - String result = template; - int index = result.indexOf(tag); - if (index < 0) { - // Substring not found but should - throw new BuildException( - "builder.01", - new Object[] {"<" + tag.substring(1, tag.length() - 1) + ">"}); - } else { - // replace each occurence - if (maxreplacements == -1) { - return StringUtils.replaceAll(template, tag, value); - } else { - int found = 1; - while (index > -1 && (found <= maxreplacements)) { - result = result.substring(0, index) + value + result.substring(index + tag.length()); - index = result.indexOf(tag); - if (index > -1) found += 1; - } - } - } - return result; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index 03895a38e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,84 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.IOException; -import java.text.MessageFormat; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * Builder for the <code><VerifyXMLSignatureRequest></code> structure - * used for presenting certificate information in the secure viewer of the security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements Constants { - - /** special tag in the VerifyXMLRequest template to be substituted for a <code><dsig:Signature></code> */ - private static final String SIGNATURE_TAG = "<dsig:Signature/>"; - - /** private static String nl contains the NewLine representation in Java*/ - private static final String nl = "\n"; - - /** - * XML template for the CertInfoVerifyXMLSignatureRequest to be built - */ - static final String CERTINFO_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl + - "<{0}:VerifyXMLSignatureRequest {2} xmlns:dsig=\"" + DSIG_NS_URI + "\">" + nl + - " <{0}:SignatureInfo>" + nl + - " <{0}:SignatureEnvironment>" + nl + - " <{1}:XMLContent xml:space=\"preserve\"><dsig:Signature/></{1}:XMLContent>" + nl + - " </{0}:SignatureEnvironment>" + nl + - " <{0}:SignatureLocation>//dsig:Signature</{0}:SignatureLocation>" + nl + - " </{0}:SignatureInfo>" + nl + - "</{0}:VerifyXMLSignatureRequest>"; - - /** - * Constructor - */ - public CertInfoVerifyXMLSignatureRequestBuilder() { - super(); - } - /** - * Builds the <code><VerifyXMLSignatureRequest></code> structure. - * @return the XML structure - * @throws BuildException - */ - public String build(boolean slVersion12) throws BuildException { - - String sl10Prefix; - String sl11Prefix; - String slNsDeclaration; - - if (slVersion12) { - - sl10Prefix = SL12_PREFIX; - sl11Prefix = SL12_PREFIX; - slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\""; - - } else { - - sl10Prefix = SL10_PREFIX; - sl11Prefix = SL11_PREFIX; - slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; - - } - - String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration}); - String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; - - - try { - String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); - certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, 1); - return certInfoRequest; - } - catch (IOException ex) { - throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()}); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java deleted file mode 100644 index 51429251e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,93 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.StringUtils; - -/** - * Builder for the <code><CreateXMLSignatureRequest></code> structure - * used for requesting a signature under the authentication block from the - * security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class CreateXMLSignatureRequestBuilder implements Constants { - /** private static String nl contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** - * XML template for the <code><moa:CreateXMLSignatureRequest></code> to be built - */ - private static final String CREATE_XML_SIGNATURE_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + - "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl + - " <{3}:KeyboxIdentifier>{1}</{3}:KeyboxIdentifier>" + nl + - " <{3}:DataObjectInfo Structure=''detached''>" + nl + - " <{4}:DataObject Reference=''''/>" + nl + - "{2}" + - " </{3}:DataObjectInfo>" + nl + - " <{3}:SignatureInfo>" + nl + - " <{3}:SignatureEnvironment>" + nl + - " <{4}:XMLContent>{0}</{4}:XMLContent>" + nl + - " </{3}:SignatureEnvironment>" + nl + - " <{3}:SignatureLocation Index=''2''>/saml:Assertion</{3}:SignatureLocation>" + nl + - " </{3}:SignatureInfo>" + nl + - "</{3}:CreateXMLSignatureRequest>"; - - - /** - * Constructor for CreateXMLSignatureRequestBuilder. - */ - public CreateXMLSignatureRequestBuilder() { - super(); - } - - /** - * Builds the <code><CreateXMLSignatureRequest></code>. - * - * @param authBlock String representation of XML authentication block - * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeypair) - * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not - * @return String representation of <code><CreateXMLSignatureRequest></code> - */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { - - String sl10Prefix; - String sl11Prefix; - String slNsDeclaration; - - String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) { - dsigTransformInfosString += dsigTransformInfos[i]; - } - - if (slVersion12) { - - // replace the SecurityLayer namespace prefixes and URIs within the transforms - dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, - SL10_PREFIX, SL12_PREFIX, - SL10_NS_URI, SL12_NS_URI); - sl10Prefix = SL12_PREFIX; - sl11Prefix = SL12_PREFIX; - slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; - - } else { - - sl10Prefix = SL10_PREFIX; - sl11Prefix = SL11_PREFIX; - slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; - - } - - String request = MessageFormat.format( - CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, - keyBoxIdentifier, - dsigTransformInfosString, - sl11Prefix, - sl10Prefix, - slNsDeclaration }); - - return request; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java deleted file mode 100644 index 30cc1df5a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Builds a DataURL parameter meant for the security layer implementation - * to respond to. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class DataURLBuilder { - - /** - * Constructor for DataURLBuilder. - */ - public DataURLBuilder() { - super(); - } - - /** - * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>, - * including the <code>MOASessionID</code> as a parameter. - * - * @param authBaseURL base URL (context path) of the MOA ID Authentication component, - * including a trailing <code>'/'</code> - * @param authServletName request part of the data URL - * @param sessionID sessionID to be included in the dataURL - * @return String - */ - public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - - String individualDataURLPrefix = null; - String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } - - dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); - return dataURL; - } - - /** - * Method addParameter. - * @param urlString represents the url - * @param paramname is the parameter to be added - * @param value is the value of that parameter - * @return String - */ - private String addParameter(String urlString, String paramname, String value) { - String url = urlString; - if (paramname != null) { - if (url.indexOf("?") < 0) - url += "?"; - else - url += "&"; - url += paramname + "=" + value; - } - return url; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java deleted file mode 100644 index 9baa71612..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ /dev/null @@ -1,138 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.IOException; -import java.io.StringReader; -import java.io.StringWriter; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Builder for HTML form requesting the security layer implementation - * to get the identity link from smartcard by a <code><InfoboxReadRequest></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetIdentityLinkFormBuilder extends Builder { - /** private static String NL contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** special tag in the HTML template to be substituted for the BKU URL */ - private static final String BKU_TAG = "<BKU>"; - /** special tag in the HTML template to be substituted for the XML request */ - private static final String XMLREQUEST_TAG = "<XMLRequest>"; - /** special tag in the HTML template to be substituted for the data URL */ - private static final String DATAURL_TAG = "<DataURL>"; - /** special tag in the HTML template to be substituted for certificate info XML request */ - private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>"; - /** special tag in the HTML template to be substituted for the certificate info data URL */ - private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>"; - /** private static int all contains the representation to replace all tags*/ - private static final int ALL = -1; - - /** default HTML template */ - private static final String DEFAULT_HTML_TEMPLATE = - "<html>" + nl + - "<head>" + nl + - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + - "<title>Anmeldung mit Bürgerkarte</title>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"GetIdentityLinkForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + DATAURL_TAG + "\"/>" + nl + - " <input type=\"submit\" value=\"Anmeldung mit Bürgerkarte\"/>" + nl + - "</form>" + nl + - "<form name=\"CertificateInfoForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl + -// " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + - " <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + - "</form>" + nl + - "</body>" + nl + - "</html>"; - - /** - * Constructor for GetIdentityLinkFormBuilder. - */ - public GetIdentityLinkFormBuilder() { - super(); - } - /** - * Builds the HTML form, including XML Request and data URL as parameters. - * - * @param htmlTemplate template to be used for the HTML form; - * may be <code>null</code>, in this case a default layout will be produced - * @param xmlRequest XML Request to be sent as a parameter in the form - * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; - * may be <code>null</code>, in this case the default URL will be used - * @param dataURL DataURL to be sent as a parameter in the form - */ - public String build( - String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL) - throws BuildException { - - String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; -// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; - htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, ALL); - htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), ALL); - htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, ALL); -//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); - htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), ALL); - htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, ALL); - return htmlForm; - } - /** - * Encodes a string for inclusion as a parameter in the form. - * Double quotes are substituted by <code>"&quot;"</code>. - * @param s the string to be encoded - * @return the string encoded - * @throws BuildException on any exception encountered - */ - public static String encodeParameter(String s) throws BuildException { - StringReader in = new StringReader(s); - StringWriter out = new StringWriter(); - try { - for (int ch = in.read(); ch >= 0; ch = in.read()) { - if (ch == '"') - out.write("""); - else if (ch == '<') - out.write("<"); - else if (ch == '>') - out.write(">"); - else if (ch == 'ä') - out.write("ä"); - else if (ch == 'ö') - out.write("ö"); - else if (ch == 'ü') - out.write("ü"); - else if (ch == 'Ä') - out.write("Ä"); - else if (ch == 'Ö') - out.write("Ö"); - else if (ch == 'Ü') - out.write("Ü"); - else if (ch == 'ß') - out.write("ß"); - else - out.write(ch); - } - } - catch (IOException ex) { - throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); - } - return out.toString(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java deleted file mode 100644 index c2bafe43b..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ /dev/null @@ -1,86 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <code><InfoboxReadRequest></code> structure - * used for requesting the identity link from the security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class InfoboxReadRequestBuilder implements Constants { - - - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilder() { - } - - - /** - * Builds an <code><InfoboxReadRequest></code>. - * - * @param slVersion12 specifies whether the Security Layer version is - * version 1.2 or not - * @param businessService specifies whether the online application is a - * business service or not - * @param identityLinkDomainIdentifier the identification number of the business - * company; maybe <code>null</code> if the OA - * is a public service; must not be <code>null</code> - * if the OA is a business service - * - * @return <code><InfoboxReadRequest></code> as String - */ - public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) { - - String slPrefix; - String slNsDeclaration; - - if (slVersion12) { - slPrefix = SL12_PREFIX; - slNsDeclaration = SL12_NS_URI; - } else { - slPrefix = SL10_PREFIX; - slNsDeclaration = SL10_NS_URI; - } - - StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxReadRequest xmlns:"); - sb.append(slPrefix); - sb.append("=\""); - sb.append(slNsDeclaration); - sb.append("\">"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxIdentifier>IdentityLink</"); - sb.append(slPrefix); - sb.append(":InfoboxIdentifier>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); - if (businessService) { - sb.append("<"); - sb.append(slPrefix); - sb.append(":BoxSpecificParameters>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":IdentityLinkDomainIdentifier>"); - sb.append(identityLinkDomainIdentifier); - sb.append("</sl:IdentityLinkDomainIdentifier>"); - sb.append("</"); - sb.append(slPrefix); - sb.append(":BoxSpecificParameters>"); - } - sb.append("</"); - sb.append(slPrefix); - sb.append(":InfoboxReadRequest>"); - - return sb.toString(); - - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java deleted file mode 100644 index 819ed79bb..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ /dev/null @@ -1,59 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Builder for the <code>lt;pr:Person></code> element to be inserted - * in the authentication data <code>lt;saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PersonDataBuilder { - - /** - * Constructor for PersonDataBuilder. - */ - public PersonDataBuilder() { - super(); - } - /** - * Builds the <code><pr:Person></code> element.<br/> - * Utilizes the parsed <code><prPerson></code> from the identity link - * and the information regarding inclusion of <code>"Stammzahl"</code> in the - * <code><pr:Person></code> data. - * - * @param identityLink <code>IdentityLink</code> containing the - * attribute <code>prPerson</code> - * @param provideStammzahl true if <code>"Stammzahl"</code> is to be included; - * false otherwise - * @return the <code><pr:Person></code> element as a String - * @throws BuildException on any error - */ - public String build(IdentityLink identityLink, boolean provideStammzahl) - throws BuildException { - - try { - Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); - if (! provideStammzahl) { - Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value"); - //remove IdentificationValue - prIdentification.getFirstChild().setNodeValue(""); - } - String xmlString = DOMUtils.serializeNode(prPerson); - return xmlString; - } - catch (Exception ex) { - throw new BuildException( - "builder.00", - new Object[] {"PersonData", ex.toString()}, - ex); - } - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java deleted file mode 100644 index 27e19e830..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ /dev/null @@ -1,60 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayOutputStream; -import java.security.MessageDigest; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Builder for the SAML artifact, as defined in the - * Browser/Artifact profile of SAML. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLArtifactBuilder { - - /** - * Constructor for SAMLArtifactBuilder. - */ - public SAMLArtifactBuilder() { - super(); - } - - /** - * Builds the SAML artifact, encoded BASE64. - * <ul> - * <li><code>TypeCode</code>: <code>0x0001</code>.</li> - * <li><code>SourceID</code>: SHA-1 hash of the authURL</li> - * <li><code>AssertionHandle</code>: SHA-1 hash of the <code>MOASessionID</code></li> - * </ul> - * @param authURL URL auf the MOA-ID Auth component to be used for construction - * of <code>SourceID</code> - * @param sessionID <code>MOASessionID</code> to be used for construction - * of <code>AssertionHandle</code> - * @return the 42-byte SAML artifact, encoded BASE64 - */ - public String build(String authURL, String sessionID) throws BuildException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] sourceID = md.digest(authURL.getBytes()); - byte[] assertionHandle = md.digest(sessionID.getBytes()); - ByteArrayOutputStream out = new ByteArrayOutputStream(42); - out.write(0); - out.write(1); - out.write(sourceID, 0, 20); - out.write(assertionHandle, 0, 20); - byte[] samlArtifact = out.toByteArray(); - String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - return samlArtifactBase64; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java deleted file mode 100644 index 945aa54fd..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ /dev/null @@ -1,101 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * Builder for the <code>lt;samlp:Response></code> used for passing - * result and status information from the <code>GetAuthenticationData</code> - * web service. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseBuilder implements Constants { - /** XML - Template for samlp:Response */ - private static final String RESPONSE = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Response xmlns:samlp=\"" + SAMLP_NS_URI + "\" xmlns:saml=\"" + SAML_NS_URI + "\"" + - " ResponseID=\"{0}\" InResponseTo=\"{1}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{2}\">" + - " <samlp:Status>" + - " <samlp:StatusCode Value=\"{3}\">" + - " {4}" + - " </samlp:StatusCode>" + - " <samlp:StatusMessage>{5}</samlp:StatusMessage>" + - " </samlp:Status>" + - " {6}" + - "</samlp:Response>"; - /** XML - Template for samlp:StatusCode */ - private static final String SUB_STATUS_CODE = - "<samlp:StatusCode Value=\"{0}\"></samlp:StatusCode>"; - - /** - * Constructor for SAMLResponseBuilder. - */ - public SAMLResponseBuilder() { - super(); - } - /** - * Builds the SAML response. - * @param responseID response ID - * @param inResponseTo request ID of <code>lt;samlp:Request></code> responded to - * @param issueInstant current timestamp - * @param statusCode status code - * @param subStatusCode sub-status code refining the status code; may be <code>null</code> - * @param statusMessage status message - * @param samlAssertion SAML assertion representing authentication data - * @return SAML response as a DOM element - */ - public Element build( - String responseID, - String inResponseTo, - String issueInstant, - String statusCode, - String subStatusCode, - String statusMessage, - String samlAssertion) - throws BuildException { - - try { - String xmlSubStatusCode = - subStatusCode == null ? - "" : - MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode}); - - String xmlResponse = MessageFormat.format(RESPONSE, new Object[] { - responseID, - inResponseTo, - issueInstant, - statusCode, - xmlSubStatusCode, - statusMessage, - removeXMLDeclaration(samlAssertion) }); - Element domResponse = DOMUtils.parseDocument(xmlResponse, true, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - return domResponse; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "samlp:Response", ex.toString() }, - ex); - } - } - /** - * Removes the XML declaration from an XML expression. - * @param xmlString XML expression as String - * @return XML expression, XML declaration removed - */ - private String removeXMLDeclaration(String xmlString) { - if (xmlString.startsWith("<?xml")) { - int firstElement = xmlString.indexOf("<", 1); - return xmlString.substring(firstElement); - } - else return xmlString; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java deleted file mode 100644 index 72ecb53af..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java +++ /dev/null @@ -1,63 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Builder for the BKU selection form requesting the user to choose - * a BKU from a list. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SelectBKUFormBuilder extends Builder { - /** private static String NL contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** special tag in the HTML template to be substituted for the form action which is - * a URL of MOA-ID Auth */ - private static final String ACTION_TAG = "<StartAuth>"; - /** special tag in the HTML template to be substituted for the <code><select;gt;</code> tag - * containing the BKU selection options */ - private static final String SELECT_TAG = "<BKUSelect>"; - /** - * Template for the default html-code to be returned as security-layer-selection to be built - */ - private static final String DEFAULT_HTML_TEMPLATE = - "<html>" + nl + - "<head>" + nl + - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + - "<title>Auswahl der Bürgerkartenumgebung</title>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"BKUSelectionForm\"" + nl + - " action=\"" + ACTION_TAG + "\"" + nl + - " method=\"post\">" + nl + - SELECT_TAG + nl + - " <input type=\"submit\" value=\"Bürgerkartenumgebung auswählen\"/>" + nl + - "</form>" + nl + - "</body>" + nl + - "</html>"; - - /** - * Constructor - */ - public SelectBKUFormBuilder() { - super(); - } - /** - * Method build. Builds the form - * @param htmlTemplate to be used - * @param startAuthenticationURL the url where the startAuthenticationServlet can be found - * @param bkuSelectTag if a special bku should be used - * @return String - * @throws BuildException on any error - */ - public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag) - throws BuildException { - - String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, 1); - htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, 1); - return htmlForm; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index b98b87dee..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,210 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; -import org.w3c.dom.Text; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Builder for the <code><VerifyXMLSignatureRequestBuilder></code> structure - * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilder { - /** The MOA-Prefix */ - private static final String MOA = Constants.MOA_PREFIX + ":"; - /** the request as string */ - private String request; - /** the request as DOM-Element */ - private Element reqElem; - - /** - * Constructor for VerifyXMLSignatureRequestBuilder. - */ - public VerifyXMLSignatureRequestBuilder() { - } - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param idl - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build(IdentityLink idl, String trustProfileID) - throws ParseException { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <Base64Content>" - + " </Base64Content>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung - +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>" - // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) - +" </ReferenceInfo>" - + " </SignatureManifestCheckParams>" - + " <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - - try { - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "Base64Content"; - - Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - - String dtdString = "" - /* TODO MOA-ID-AUTH remove dtdString processing if it is not nec. in further versions - + "<!DOCTYPE saml:Assertion [\n" - + " <!ATTLIST saml:Assertion AssertionID ID #REQUIRED\n" - + ">\n" - + "]>" - */ - ; - - String serializedAssertion = idl.getSerializedSamlAssertion(); - //insert mini dtd after xml declaration to allow usage of AssertionID - //encode then base64 and put this into Element Base64Content - String dtdAndIL = - serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2) - + dtdString - + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2); - String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8")); - //replace all '\r' characters by no char. - String replaced = ""; - for (int i = 0; i < b64dtdAndIL.length(); i ++) { - if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i); - } - b64dtdAndIL = replaced; - Text b64content = (Text) insertTo.getFirstChild(); - b64content.setData(b64dtdAndIL); - - String SIGN_MANI_CHECK_PARAMS_XPATH = - "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams"; - insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH); - insertTo.removeChild( - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo")); - Element[] dsigTransforms = idl.getDsigReferenceTransforms(); - for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) - { - Element refInfo = - insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo"); - insertTo.appendChild(refInfo); - Element verifyTransformsInfoProfile = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "VerifyTransformsInfoProfile"); - refInfo.appendChild(verifyTransformsInfoProfile); - verifyTransformsInfoProfile.appendChild( - insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); - } - } catch (Throwable t) { - throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)"); - "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); - } - - return reqElem; - } - - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from the signed AUTH-Block with a known trustProfileID which - * has to exist in MOA-SP - * @param csr - signed AUTH-Block - * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build( - CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, - String trustProfileID) - throws ParseException { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <XMLContent xml:space=\"preserve\"/>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">" - + " <ReferenceInfo>"; - - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - request += " <VerifyTransformsInfoProfileID>" - + verifyTransformsInfoProfileID[i] - + "</VerifyTransformsInfoProfileID>"; - // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) - - } - - request += " </ReferenceInfo>" + " </SignatureManifestCheckParams>" - // Testweise ReturnReferenceInputData = False - +" <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - - try { - // Build a DOM-Tree of the obove String - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - //Insert the SAML-Assertion-Object - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "XMLContent"; - - Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); - - } catch (Throwable t) { - throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); - } - - return reqElem; - } - -} |