aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java235
1 files changed, 228 insertions, 7 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7d3a6d4ab..6a9aee0ca 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -9,8 +9,12 @@ import java.math.BigInteger;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Set;
+import java.util.Vector;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
@@ -18,7 +22,11 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
@@ -98,8 +106,13 @@ public class ConfigurationBuilder {
ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
/** an XPATH-Expression */
- private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
+ private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
+
+ /** an XPATH-Expression */
+ public static final String AUTH_VERIFY_INFOBOXES_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
+
/** an XPATH-Expression */
private static final String PROXY_AUTH_XPATH =
ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
@@ -121,6 +134,8 @@ public class ConfigurationBuilder {
/** an XPATH-Expression */
private static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
/** an XPATH-Expression */
+ private static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
+ /** an XPATH-Expression */
private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
/** an XPATH-Expression */
private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
@@ -183,6 +198,15 @@ public class ConfigurationBuilder {
/** an XPATH-Expression */
private static final String TRUSTED_CA_CERTIFICATES_XPATH =
ROOT + CONF + "TrustedCACertificates";
+
+ /** an XPATH-Expression */
+ private static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile";
+ /** an XPATH-Expression */
+ private static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ private static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox";
+
+
/**
@@ -386,16 +410,27 @@ public class ConfigurationBuilder {
/**
* Build an array of the OnlineApplication Parameters containing information
* about the authentication component
+ *
+ * @param defaultVerifyInfoboxParameters Default parameters for verifying additional
+ * infoboxes. Maybe <code>null</code>.
+ * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+ * the identity link signer certificate. Needed for
+ * checking if this ID is not used for validating other
+ * infoboxes.
+ *
* @return An OAProxyParameter array containing beans
* with all relevant information for the authentication component of the online
* application
*/
- public OAAuthParameter[] buildOnlineApplicationAuthParameters() throws ConfigurationException {
+ public OAAuthParameter[] buildOnlineApplicationAuthParameters(
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID)
+ throws ConfigurationException
+ {
String bkuSelectionTemplateURL =
- XPathUtils.getAttributeValue(configElem_,AUTH_BKUSELECT_TEMPLATE_XPATH,null);
+ XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
String templateURL =
- XPathUtils.getAttributeValue(configElem_,AUTH_TEMPLATE_XPATH,null);
+ XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
List OA_set = new ArrayList();
NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
@@ -460,7 +495,10 @@ public class ConfigurationBuilder {
oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames));
} catch (Exception ex) {
Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms.");
- }
+ }
+ Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
+ oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
+ verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));
}
OA_set.add(oap);
}
@@ -834,6 +872,190 @@ public class ConfigurationBuilder {
identityLinkDomainIdentifier.append(identificationNumber);
return identityLinkDomainIdentifier.toString();
}
+
+ /**
+ * Builds the parameters for verifying additional infoboxes (additional to the
+ * IdentityLink infobox).
+ *
+ * @param verifyInfoboxesElem The <code>VerifyInfoboxes</code> element from the
+ * config file. This maybe the global element or the
+ * elment from an Online application.
+ * @param defaultVerifyInfoboxParameters Default parameters to be used, if no
+ * <code>VerifyInfoboxes</code> element is present.
+ * This only applies to parameters
+ * of an specific online application and is set to
+ * <code>null</code> when building the global parameters.
+ * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+ * the identity link signer certificate. Needed for
+ * checking if this ID is not used for validating other
+ * infoboxes.
+ *
+ * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters}
+ * object needed for verifying additional infoboxes.
+ *
+ * @throws ConfigurationException If the trust profile for validating the identity link
+ * signer certificate is used for validating another infobox.
+ */
+ public VerifyInfoboxParameters buildVerifyInfoboxParameters(
+ Node verifyInfoboxesElem,
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters,
+ String moaSpIdentityLinkTrustProfileID)
+ throws ConfigurationException
+ {
+
+ if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) {
+ return null;
+ }
+ Vector identifiers = new Vector();
+ List defaultIdentifiers = null;
+ Map defaultInfoboxParameters = null;
+ if (defaultVerifyInfoboxParameters != null) {
+ defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers();
+ defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
+ }
+ Hashtable infoboxParameters = new Hashtable();
+ if (verifyInfoboxesElem != null) {
+ // get the DefaultTrustProfileID
+ String defaultTrustProfileID = null;
+ Node defaultTrustProfileNode =
+ XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH);
+ if (defaultTrustProfileNode != null) {
+ Node trustProfileIDNode =
+ XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH);
+ defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue();
+ if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+ throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+ }
+ }
+ // get the Infoboxes
+ NodeList infoboxes =
+ XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH);
+ for (int i=0; i<infoboxes.getLength(); i++) {
+ Element infoBoxElem = (Element)infoboxes.item(i);
+ // get the identifier of the infobox
+ String identifier = infoBoxElem.getAttribute("Identifier");
+ identifiers.add(identifier);
+ VerifyInfoboxParameter verifyInfoboxParameter = new VerifyInfoboxParameter(identifier);
+ verifyInfoboxParameter.setFriendlyName(identifier);
+ // get the attributes
+ // (1) required: override global value in any case
+ verifyInfoboxParameter.setRequired(BoolUtils.valueOf(
+ infoBoxElem.getAttribute("required")));
+ // (2) provideStammzahl: override global value in any case
+ verifyInfoboxParameter.setProvideStammzahl(BoolUtils.valueOf(
+ infoBoxElem.getAttribute("provideStammzahl")));
+ // (3) proviedIdentityLink: override global value in any case
+ verifyInfoboxParameter.setProvideIdentityLink(BoolUtils.valueOf(
+ infoBoxElem.getAttribute("provideIdentityLink")));
+ // set default trustprofileID
+ if (defaultTrustProfileID != null) {
+ verifyInfoboxParameter.setTrustProfileID(defaultTrustProfileID);
+ }
+ // get the parameter elements
+ boolean localValidatorClass = false;
+ boolean localFriendlyName = false;
+ List params = DOMUtils.getChildElements(infoBoxElem);
+ Iterator it = params.iterator();
+ while (it.hasNext()) {
+ Element paramElem = (Element)it.next();
+ String paramName = paramElem.getLocalName();
+ if (paramName.equals("FriendlyName")) {
+ verifyInfoboxParameter.setFriendlyName(paramElem.getFirstChild().getNodeValue());
+ localFriendlyName = true;
+ } else if (paramName.equals("TrustProfileID")) {
+ String trustProfileID = paramElem.getFirstChild().getNodeValue();
+ if (trustProfileID != null) {
+ if (trustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+ throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+ }
+ verifyInfoboxParameter.setTrustProfileID(trustProfileID);
+ }
+ } else if (paramName.equals("ValidatorClass")) {
+ String validatorClassName = paramElem.getFirstChild().getNodeValue();
+ if (validatorClassName != null) {
+ verifyInfoboxParameter.setValidatorClassName(validatorClassName);
+ localValidatorClass = true;
+ }
+ } else if (paramName.equals("SchemaLocations")) {
+ List schemaElems = DOMUtils.getChildElements(paramElem);
+ List schemaLocations = new Vector(schemaElems.size());
+ Iterator schemaIterator = schemaElems.iterator();
+ while (schemaIterator.hasNext()) {
+ Element schemaElem = (Element)schemaIterator.next();
+ String namespace = schemaElem.getAttribute("namespace");
+ String schemaLocation = schemaElem.getAttribute("schemaLocation");
+ // avoid adding the same schema twice
+ Iterator schemaLocationIterator = schemaLocations.iterator();
+ boolean add = true;
+ while (schemaLocationIterator.hasNext()) {
+ String existingNamespace = ((Schema)schemaLocationIterator.next()).getNamespace();
+ if (namespace.equals(existingNamespace)) {
+ Logger.warn("Multiple schemas specified for namespace \"" + namespace +
+ "\"; only using the first one.");
+ add = false;
+ break;
+ }
+ }
+ if (add) {
+ schemaLocations.add(new SchemaImpl(namespace, schemaLocation));
+ }
+ }
+ verifyInfoboxParameter.setSchemaLocations(schemaLocations);
+ } else if (paramName.equals("ApplicationSpecificParameters")) {
+ verifyInfoboxParameter.setApplicationSpecificParams(paramElem);
+ }
+ }
+ // use default values for those parameters not yet set by local configuration
+ if (defaultInfoboxParameters != null) {
+ Object defaultVerifyIP = defaultInfoboxParameters.get(identifier);
+ if (defaultVerifyIP != null) {
+ VerifyInfoboxParameter defaultVerifyInfoboxParameter =
+ (VerifyInfoboxParameter)defaultVerifyIP;
+ // if no friendly is set, use default
+ if (!localFriendlyName) {
+ verifyInfoboxParameter.setFriendlyName(
+ defaultVerifyInfoboxParameter.getFriendlyName());
+ }
+ // if no TrustProfileID is set, use default, if available
+ if (verifyInfoboxParameter.getTrustProfileID() == null) {
+ verifyInfoboxParameter.setTrustProfileID(
+ defaultVerifyInfoboxParameter.getTrustProfileID());
+ }
+ // if no local validator class is set, use default
+ if (!localValidatorClass) {
+ verifyInfoboxParameter.setValidatorClassName(
+ defaultVerifyInfoboxParameter.getValidatorClassName());
+ }
+ // if no schema locations set, use default
+ if (verifyInfoboxParameter.getSchemaLocations() == null) {
+ verifyInfoboxParameter.setSchemaLocations(
+ defaultVerifyInfoboxParameter.getSchemaLocations());
+ }
+ // if no application specific parameters set, use default
+ if (verifyInfoboxParameter.getApplicationSpecificParams() == null) {
+ verifyInfoboxParameter.setApplicationSpecificParams(
+ defaultVerifyInfoboxParameter.getApplicationSpecificParams());
+ }
+ }
+ }
+ infoboxParameters.put(identifier, verifyInfoboxParameter);
+ }
+ // add the infobox identifiers not present within the local configuration to the
+ // identifier list
+ if (defaultIdentifiers != null) {
+ Iterator identifierIterator = defaultIdentifiers.iterator();
+ while (identifierIterator.hasNext()) {
+ String defaultIdentifier = (String)identifierIterator.next();
+ if (!identifiers.contains(defaultIdentifier)) {
+ identifiers.add(defaultIdentifier);
+ }
+ }
+ }
+ return new VerifyInfoboxParameters(identifiers, infoboxParameters);
+ } else {
+ return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters);
+ }
+ }
/**
* Method warn.
@@ -856,6 +1078,5 @@ public class ConfigurationBuilder {
*/
private static void warn(String messageId, Object[] args, Throwable t) {
Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
- }
-
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 16:02:53 +0000