aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/auth
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java154
1 files changed, 80 insertions, 74 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 863162fd9..58332984e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -4,12 +4,16 @@ import java.io.ByteArrayInputStream;
import java.io.InputStream;
import org.w3c.dom.Element;
+import org.w3c.dom.Text;
import at.gv.egovernment.moa.id.*;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.OutputXML2File;
import at.gv.egovernment.moa.util.XPathUtils;
/**
@@ -30,7 +34,8 @@ public class VerifyXMLSignatureRequestBuilder {
/**
* Constructor for VerifyXMLSignatureRequestBuilder.
*/
- public VerifyXMLSignatureRequestBuilder() {}
+ public VerifyXMLSignatureRequestBuilder() {
+ }
/**
* Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
* from an IdentityLink with a known trustProfileID which
@@ -40,31 +45,30 @@ public class VerifyXMLSignatureRequestBuilder {
* @return Element - The complete request as Dom-Element
* @throws ParseException
*/
- public Element build(IdentityLink idl, String trustProfileID) throws ParseException
- { //samlAssertionObject
+ public Element build(IdentityLink idl, String trustProfileID)
+ throws ParseException { //samlAssertionObject
request =
"<?xml version='1.0' encoding='UTF-8' ?>"
- + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
+ + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
+ " <VerifySignatureInfo>"
+ " <VerifySignatureEnvironment>"
- + " <XMLContent xml:space=\"preserve\"/>"
+ + " <Base64Content>"
+ + " </Base64Content>"
+ " </VerifySignatureEnvironment>"
+ " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ " </VerifySignatureInfo>"
+ " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung
- +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>"
- // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock)
- +" </ReferenceInfo>" + " </SignatureManifestCheckParams>"
-
- // Testweise ReturnReferenceInputData = False
-
- +" <ReturnHashInputData/>"
+ +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>"
+ // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock)
+ +" </ReferenceInfo>"
+ + " </SignatureManifestCheckParams>"
+ + " <ReturnHashInputData/>"
+ " <TrustProfileID>"
+ trustProfileID
+ "</TrustProfileID>"
+ "</VerifyXMLSignatureRequest>";
- try {
+ try {
InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
reqElem = DOMUtils.parseXmlValidating(s);
@@ -77,23 +81,36 @@ public class VerifyXMLSignatureRequestBuilder {
+ MOA
+ "VerifySignatureEnvironment/"
+ MOA
- + "XMLContent";
-
- Element insertTo =
- (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
- insertTo.appendChild(
- insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true));
-
- String SIGN_MANI_CHECK_PARAMS_XPATH =
- "//"
- + MOA
- + "VerifyXMLSignatureRequest/"
- + MOA
- + "SignatureManifestCheckParams";
- insertTo =
- (Element) XPathUtils.selectSingleNode(
- reqElem,
- SIGN_MANI_CHECK_PARAMS_XPATH);
+ + "Base64Content";
+
+ Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
+
+ String dtdString =
+ "<!DOCTYPE saml:Assertion [\n"
+ + " <!ATTLIST saml:Assertion AssertionID ID #REQUIRED\n"
+ + ">\n"
+ + "]>";
+
+ String serializedAssertion = DOMUtils.serializeNode(idl.getSamlAssertion());
+ //insert mini dtd after xml declaration to allow usage of AssertionID
+ //encode then base64 and put this into Element Base64Content
+ String dtdAndIL =
+ serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2)
+ + dtdString
+ + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2);
+ String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8"));
+ //replace all '\r' characters by no char.
+ String replaced = "";
+ for (int i = 0; i < b64dtdAndIL.length(); i ++) {
+ if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i);
+ }
+ b64dtdAndIL = replaced;
+ Text b64content = (Text) insertTo.getFirstChild();
+ b64content.setData(b64dtdAndIL);
+
+ String SIGN_MANI_CHECK_PARAMS_XPATH =
+ "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams";
+ insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH);
insertTo.removeChild(
(Element) XPathUtils.selectSingleNode(
reqElem,
@@ -102,9 +119,7 @@ public class VerifyXMLSignatureRequestBuilder {
for (int i = 0; i < 1; i++) //dsigTransforms.length; i++)
{
Element refInfo =
- insertTo.getOwnerDocument().createElementNS(
- Constants.MOA_NS_URI,
- "ReferenceInfo");
+ insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo");
insertTo.appendChild(refInfo);
Element verifyTransformsInfoProfile =
insertTo.getOwnerDocument().createElementNS(
@@ -114,33 +129,31 @@ public class VerifyXMLSignatureRequestBuilder {
verifyTransformsInfoProfile.appendChild(
insertTo.getOwnerDocument().importNode(dsigTransforms[i], true));
}
- }
- catch (Throwable t) {
- throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)");
- "builder.00",
- new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" },
- t);
- }
+ } catch (Throwable t) {
+ throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)");
+ "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+ }
return reqElem;
}
- /**
- * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
- * from an IdentityLink with a known trustProfileID which
- * has to exist in MOA-SP
- * @param idl - The IdentityLink
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- * @return Element - The complete request as Dom-Element
- * @throws ParseException
- */
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from the signed AUTH-Block with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param csr - signed AUTH-Block
+ * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ * @return Element - The complete request as Dom-Element
+ * @throws ParseException
+ */
public Element build(
CreateXMLSignatureResponse csr,
String[] verifyTransformsInfoProfileID,
String trustProfileID)
throws ParseException { //samlAssertionObject
request =
- "<?xml version='1.0' encoding='UTF-8' ?>"
+ "<?xml version='1.0' encoding='UTF-8' ?>"
+ "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
+ " <VerifySignatureInfo>"
+ " <VerifySignatureEnvironment>"
@@ -148,25 +161,24 @@ public class VerifyXMLSignatureRequestBuilder {
+ " </VerifySignatureEnvironment>"
+ " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ " </VerifySignatureInfo>"
- + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
+ + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
+ " <ReferenceInfo>";
-
+
for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
- request += " <VerifyTransformsInfoProfileID>" +
- verifyTransformsInfoProfileID[i] +
- "</VerifyTransformsInfoProfileID>";
+ request += " <VerifyTransformsInfoProfileID>"
+ + verifyTransformsInfoProfileID[i]
+ + "</VerifyTransformsInfoProfileID>";
// Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....)
-
+
}
- request += " </ReferenceInfo>"
- + " </SignatureManifestCheckParams>"
- // Testweise ReturnReferenceInputData = False
- +" <ReturnHashInputData/>"
- + " <TrustProfileID>"
- + trustProfileID
- + "</TrustProfileID>"
- + "</VerifyXMLSignatureRequest>";
+ request += " </ReferenceInfo>" + " </SignatureManifestCheckParams>"
+ // Testweise ReturnReferenceInputData = False
+ +" <ReturnHashInputData/>"
+ + " <TrustProfileID>"
+ + trustProfileID
+ + "</TrustProfileID>"
+ + "</VerifyXMLSignatureRequest>";
try {
// Build a DOM-Tree of the obove String
@@ -184,17 +196,11 @@ public class VerifyXMLSignatureRequestBuilder {
+ MOA
+ "XMLContent";
- Element insertTo =
- (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
- insertTo.appendChild(
- insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
+ Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
+ insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
- }
- catch (Throwable t) {
- throw new ParseException(
- "builder.00",
- new Object[] { "VerifyXMLSignatureRequest" },
- t);
+ } catch (Throwable t) {
+ throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
}
return reqElem;