diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth')
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java | 154 |
1 files changed, 80 insertions, 74 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 863162fd9..58332984e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -4,12 +4,16 @@ import java.io.ByteArrayInputStream; import java.io.InputStream; import org.w3c.dom.Element; +import org.w3c.dom.Text; import at.gv.egovernment.moa.id.*; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.OutputXML2File; import at.gv.egovernment.moa.util.XPathUtils; /** @@ -30,7 +34,8 @@ public class VerifyXMLSignatureRequestBuilder { /** * Constructor for VerifyXMLSignatureRequestBuilder. */ - public VerifyXMLSignatureRequestBuilder() {} + public VerifyXMLSignatureRequestBuilder() { + } /** * Builds a <code><VerifyXMLSignatureRequest></code> * from an IdentityLink with a known trustProfileID which @@ -40,31 +45,30 @@ public class VerifyXMLSignatureRequestBuilder { * @return Element - The complete request as Dom-Element * @throws ParseException */ - public Element build(IdentityLink idl, String trustProfileID) throws ParseException - { //samlAssertionObject + public Element build(IdentityLink idl, String trustProfileID) + throws ParseException { //samlAssertionObject request = "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + " <VerifySignatureInfo>" + " <VerifySignatureEnvironment>" - + " <XMLContent xml:space=\"preserve\"/>" + + " <Base64Content>" + + " </Base64Content>" + " </VerifySignatureEnvironment>" + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" + " </VerifySignatureInfo>" + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung - +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>" - // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) - +" </ReferenceInfo>" + " </SignatureManifestCheckParams>" - - // Testweise ReturnReferenceInputData = False - - +" <ReturnHashInputData/>" + +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>" + // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) + +" </ReferenceInfo>" + + " </SignatureManifestCheckParams>" + + " <ReturnHashInputData/>" + " <TrustProfileID>" + trustProfileID + "</TrustProfileID>" + "</VerifyXMLSignatureRequest>"; - try { + try { InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); reqElem = DOMUtils.parseXmlValidating(s); @@ -77,23 +81,36 @@ public class VerifyXMLSignatureRequestBuilder { + MOA + "VerifySignatureEnvironment/" + MOA - + "XMLContent"; - - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true)); - - String SIGN_MANI_CHECK_PARAMS_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "SignatureManifestCheckParams"; - insertTo = - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH); + + "Base64Content"; + + Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + + String dtdString = + "<!DOCTYPE saml:Assertion [\n" + + " <!ATTLIST saml:Assertion AssertionID ID #REQUIRED\n" + + ">\n" + + "]>"; + + String serializedAssertion = DOMUtils.serializeNode(idl.getSamlAssertion()); + //insert mini dtd after xml declaration to allow usage of AssertionID + //encode then base64 and put this into Element Base64Content + String dtdAndIL = + serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2) + + dtdString + + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2); + String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8")); + //replace all '\r' characters by no char. + String replaced = ""; + for (int i = 0; i < b64dtdAndIL.length(); i ++) { + if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i); + } + b64dtdAndIL = replaced; + Text b64content = (Text) insertTo.getFirstChild(); + b64content.setData(b64dtdAndIL); + + String SIGN_MANI_CHECK_PARAMS_XPATH = + "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams"; + insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH); insertTo.removeChild( (Element) XPathUtils.selectSingleNode( reqElem, @@ -102,9 +119,7 @@ public class VerifyXMLSignatureRequestBuilder { for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) { Element refInfo = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "ReferenceInfo"); + insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo"); insertTo.appendChild(refInfo); Element verifyTransformsInfoProfile = insertTo.getOwnerDocument().createElementNS( @@ -114,33 +129,31 @@ public class VerifyXMLSignatureRequestBuilder { verifyTransformsInfoProfile.appendChild( insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); } - } - catch (Throwable t) { - throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)"); - "builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, - t); - } + } catch (Throwable t) { + throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)"); + "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } return reqElem; } - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param idl - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ + /** + * Builds a <code><VerifyXMLSignatureRequest></code> + * from the signed AUTH-Block with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ public Element build( CreateXMLSignatureResponse csr, String[] verifyTransformsInfoProfileID, String trustProfileID) throws ParseException { //samlAssertionObject request = - "<?xml version='1.0' encoding='UTF-8' ?>" + "<?xml version='1.0' encoding='UTF-8' ?>" + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + " <VerifySignatureInfo>" + " <VerifySignatureEnvironment>" @@ -148,25 +161,24 @@ public class VerifyXMLSignatureRequestBuilder { + " </VerifySignatureEnvironment>" + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">" + + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">" + " <ReferenceInfo>"; - + for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - request += " <VerifyTransformsInfoProfileID>" + - verifyTransformsInfoProfileID[i] + - "</VerifyTransformsInfoProfileID>"; + request += " <VerifyTransformsInfoProfileID>" + + verifyTransformsInfoProfileID[i] + + "</VerifyTransformsInfoProfileID>"; // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) - + } - request += " </ReferenceInfo>" - + " </SignatureManifestCheckParams>" - // Testweise ReturnReferenceInputData = False - +" <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; + request += " </ReferenceInfo>" + " </SignatureManifestCheckParams>" + // Testweise ReturnReferenceInputData = False + +" <ReturnHashInputData/>" + + " <TrustProfileID>" + + trustProfileID + + "</TrustProfileID>" + + "</VerifyXMLSignatureRequest>"; try { // Build a DOM-Tree of the obove String @@ -184,17 +196,11 @@ public class VerifyXMLSignatureRequestBuilder { + MOA + "XMLContent"; - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); + Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); - } - catch (Throwable t) { - throw new ParseException( - "builder.00", - new Object[] { "VerifyXMLSignatureRequest" }, - t); + } catch (Throwable t) { + throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); } return reqElem; |