aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java697
1 files changed, 0 insertions, 697 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
deleted file mode 100644
index 6d3e05c29..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ /dev/null
@@ -1,697 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-import iaik.pki.pathvalidation.ChainingModes;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
-import java.io.ByteArrayInputStream;
-import java.math.BigInteger;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * A class that builds configuration data from a DOM based representation.
- *
- * @author Patrick Peck
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class ConfigurationBuilder {
-
- //
- // XPath namespace prefix shortcuts
- //
- /** an XPATH-Expression */
- private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
- /** an XPATH-Expression */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
-
- //
- // chaining mode constants appearing in the configuration file
- //
- /** an XPATH-Expression */
- private static final String CM_CHAINING = "chaining";
- /** an XPATH-Expression */
- private static final String CM_PKIX = "pkix";
- /** an XPATH-Expression */
- private static final String DEFAULT_ENCODING = "UTF-8";
-
- /**
- * Default online application configuration file name
- * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>).
- */
- public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
-
- //
- // XPath expressions to select certain parts of the configuration
- //
- /** an XPATH-Expression */
- private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
- /** an XPATH-Expression */
- private static final String ROOTOA = "/" + CONF + "Configuration/";
- /** an XPATH-Expression */
- private static final String AUTH_BKU_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
- /** an XPATH-Expression */
- private static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
-
- /** an XPATH-Expression */
- private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
- /** an XPATH-Expression */
- private static final String PROXY_AUTH_XPATH =
- ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
-
- /** an XPATH-Expression */
- private static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
- /** an XPATH-Expression */
- private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
- /** an XPATH-Expression */
- private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
- /** an XPATH-Expression */
- private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
- /** an XPATH-Expression */
- private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETER_URL_XPATH =
- CONF + "ConnectionParameter/@URL";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
- CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
- CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
- CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
- /** an XPATH-Expression */
- private static final String GENERIC_CONFIGURATION_XPATH =
- ROOT + CONF + "GenericConfiguration";
- /** an XPATH-Expression */
- private static final String OACONF_LOGIN_TYPE_XPATH =
- ROOTOA + CONF + "LoginType";
- /** an XPATH-Expression */
- private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
- ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
- /** an XPATH-Expression */
- private static final String OACONF_USER_ID_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
- /** an XPATH-Expression */
- private static final String OACONF_PASSWORD_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
- /** an XPATH-Expression */
- private static final String OACONF_HEADER_AUTH_HEADER_XPATH =
- ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
- /** an XPATH-Expression */
- private static final String CHAINING_MODES_XPATH =
- ROOT + CONF + "ChainingModes";
- /** an XPATH-Expression */
- private static final String CHAINING_MODES_DEFAULT_XPATH =
- CHAINING_MODES_XPATH + "/@systemDefaultMode";
- /** an XPATH-Expression */
- private static final String TRUST_ANCHOR_XPATH =
- ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
- /** an XPATH-Expression */
- private static final String ISSUER_XPATH = DSIG + "X509IssuerName";
- /** an XPATH-Expression */
- private static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
- /** an XPATH-Expression */
- private static final String TRUSTED_CA_CERTIFICATES_XPATH =
- ROOT + CONF + "TrustedCACertificates";
-
-
- /**
- * main configuration file directory name used to configure MOA-ID
- */
- private String rootConfigFileDir;
-
- /** The root element of the MOA-ID configuration */
- private Element configElem;
-
- /**
- * Creates a new <code>MOAConfigurationProvider</code>.
- *
- * @param configElem The root element of the MOA-ID configuration.
- */
- public ConfigurationBuilder(Element configElem, String rootConfigDir) {
- this.configElem = configElem;
- this.rootConfigFileDir = rootConfigDir;
- }
-
- /**
- * Returns the root element of the MOA-ID configuration.
- *
- * @return The root element of the MOA-ID configuration.
- */
- public Element getConfigElem() {
- return configElem;
- }
-
- /**
- * Build a ConnectionParameter object containing all information
- * of the moa-sp element in the authentication component
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter buildAuthBKUConnectionParameter() {
-
- Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
- if (authBKU==null) return null;
- return buildConnectionParameter(authBKU);
- }
-
- /**
- * Method buildAuthBKUSelectionType.
- *
- * Build a string with the configuration value of BKUSelectionAlternative
- *
- * @return String
- */
- public String buildAuthBKUSelectionType() {
-
- Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
- if (authBKU==null) return null;
- return (authBKU).getAttribute("BKUSelectionAlternative");
- }
-
- /**
- * Build a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @return String[] of filenames to the Security Layer Transforms Information
- */
- public String[] buildTransformsInfoFileNames() {
-
- List transformsInfoFileNames = new ArrayList();
- NodeIterator tiIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
- Attr tiElem;
-
- while ((tiElem = (Attr) tiIter.nextNode()) != null) {
-
- String tiFileName = tiElem.getNodeValue();
- transformsInfoFileNames.add(tiFileName);
- }
- String[] result = new String[transformsInfoFileNames.size()];
- transformsInfoFileNames.toArray(result);
-
- return result;
- }
-
- /**
- * Build a ConnectionParameter bean containing all information
- * of the authentication component moa-sp element
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter buildMoaSpConnectionParameter() {
-
- Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH);
- if (connectionParameter==null) return null;
- return buildConnectionParameter(connectionParameter);
- }
-
- /**
- * Return a string with a url-reference to the VerifyIdentityLink trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyIdentityLink trust profile ID
- */
- public String getMoaSpIdentityLinkTrustProfileID() {
- return XPathUtils.getElementValue(
- getConfigElem(),
- AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
- "");
- }
- /**
- * Return a string representation of an URL pointing to trusted CA Certificates
- * @return String representation of an URL pointing to trusted CA Certificates
- */
- public String getTrustedCACertificates() {
- return XPathUtils.getElementValue(
- getConfigElem(),
- TRUSTED_CA_CERTIFICATES_XPATH,null);
- }
-
- /**
- * Return a string with a url-reference to the VerifyAuthBlock trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyAuthBlock trust profile ID
- */
- public String getMoaSpAuthBlockTrustProfileID() {
- return XPathUtils.getElementValue(
- getConfigElem(),
- AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
- "");
- }
- /**
- * Build a string array with references to all verify transform info
- * IDs within the moa-sp part of the authentication component
- * @return A string array containing all urls to the
- * verify transform info IDs
- */
- public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {
-
- List verifyTransformsInfoIDs = new ArrayList();
- NodeIterator vtIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
- Element vtElem;
-
- while ((vtElem = (Element) vtIter.nextNode()) != null) {
-
- String vtInfoIDs = DOMUtils.getText(vtElem);
- verifyTransformsInfoIDs.add(vtInfoIDs);
- }
- String[] result = new String[verifyTransformsInfoIDs.size()];
- verifyTransformsInfoIDs.toArray(result);
-
- return result;
- }
-
- /**
- * Return a string array containing all X509 Subject Names
- * of the Identity Link Signers
- * @return String with a url-reference to the VerifyAuthBlock trust profile ID
- */
- public String[] getIdentityLink_X509SubjectNames() {
-
- List x509SubjectNameList = new ArrayList();
- NodeIterator x509Iter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
- Element x509Elem;
-
- while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
-
- String vtInfoIDs = DOMUtils.getText(x509Elem);
- x509SubjectNameList.add(vtInfoIDs);
- }
- String[] result = new String[x509SubjectNameList.size()];
- x509SubjectNameList.toArray(result);
-
- return result;
- }
-
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the authentication component of the online
- * application
- */
- public OAAuthParameter[] buildOnlineApplicationAuthParameters() {
-
- List OA_set = new ArrayList();
- NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
-
- for (int i = 0; i < OAIter.getLength(); i++) {
- Element oAElem = (Element) OAIter.item(i);
- Element authComponent =
- (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);
-
- OAAuthParameter oap = new OAAuthParameter();
- oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
- //Check if there is an Auth-Block to read from configuration
- if (authComponent!=null)
- {
- oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl")));
- oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
- oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
- }
- OA_set.add(oap);
- }
- OAAuthParameter[] result =
- new OAAuthParameter[OA_set.size()];
- OA_set.toArray(result);
-
- return result;
-
- }
-
- /**
- * Build a bean containing all information about the ProxyComponent
- * @return The ConnectionParameter for the Proxy Component
- */
- public ConnectionParameter buildAuthComponentConnectionParameter()
- {
-
- Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH);
- if (connectionParameter==null) return null;
- return buildConnectionParameter(connectionParameter);
-
- }
- /**
- * Method buildConnectionParameter: internal Method for creating a
- * ConnectionParameter object with all data found in the incoming element
- * @param root: this Element contains the ConnectionParameter
- * @return ConnectionParameter
- */
- protected ConnectionParameter buildConnectionParameter(Element root)
- {
- ConnectionParameter result = new ConnectionParameter();
- result.setAcceptedServerCertificates(
- XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
-
- result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
- result.getAcceptedServerCertificates(), rootConfigFileDir));
-
- result.setUrl(
- XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
- result.setClientKeyStore(
- XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
-
- result.setClientKeyStore(FileUtils.makeAbsoluteURL(
- result.getClientKeyStore(), rootConfigFileDir));
-
- result.setClientKeyStorePassword(
- XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
-
- if ((result.getAcceptedServerCertificates()==null)
- && (result.getUrl()=="")
- && (result.getClientKeyStore()==null)
- && (result.getClientKeyStorePassword()==""))
- return null;
-
- return result;
- }
-
- /**
- * Build an array of OnlineApplication Parameter Beans containing information
- * about the proxy component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the proxy component of the online
- * application
- */
- public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
-
- List oA_list = new ArrayList();
- NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
-
- for (int i = 0; i < OAIter.getLength(); i++) {
- Element oAElem = (Element) OAIter.item(i);
- OAProxyParameter oap = new OAProxyParameter();
-
- oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
- Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
- if (proxyComponentElem != null) {
- oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
- oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir));
- // default session time out: 3600 sec = 1 h
- oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
- oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
- oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
- oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
-
- ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
- oap.setConnectionParameter(conPara);
-
- OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
- oap.setOaConfiguration(oaConf);
-
- oA_list.add(oap);
- }
- }
- OAProxyParameter[] result =
- new OAProxyParameter[oA_list.size()];
- oA_list.toArray(result);
-
- return result;
-
- }
-
- /**
- * Build the mapping of generic configuration properties.
- *
- * @return a {@link Map} of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map buildGenericConfiguration() {
-
- Map genericConfiguration = new HashMap();
- NodeIterator gcIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- GENERIC_CONFIGURATION_XPATH);
- Element gcElem;
-
- while ((gcElem = (Element) gcIter.nextNode()) != null) {
- String gcName = gcElem.getAttribute("name");
- String gcValue = gcElem.getAttribute("value");
-
- genericConfiguration.put(gcName, gcValue);
- }
-
- return genericConfiguration;
- }
- /**
- * Method buildOAConfiguration.
- *
- * Build an {@link OAConfiguration} Object from the given configuration DOM element
- *
- * @param root
- * @return OAConfiguration
- * @throws ConfigurationException
- */
- public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
-
- OAConfiguration oaConfiguration = new OAConfiguration();
-
- //The LoginType hast to be "stateless" or "stateful" to be valid
- oaConfiguration.setLoginType(
- XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator paramAuthIter =
- XPathUtils.selectNodeIterator(
- root,
- OACONF_PARAM_AUTH_PARAMETER_XPATH);
- Element paramAuthElem;
- HashMap paramAuthMap = new HashMap();
- while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
- String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
- String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
- if (paramAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- paramAuthMap.put(name, value);
- }
- oaConfiguration.setParamAuthMapping(paramAuthMap);
- // Try to build the BasicAuthParameters
- oaConfiguration.setBasicAuthUserIDMapping(
- XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
- oaConfiguration.setBasicAuthPasswordMapping(
- XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
-
- Element headerAuthElem;
- HashMap headerAuthMap = new HashMap();
- while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
- String name =
- XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
- String value =
- XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
- // Contains Key (Neue Config-Exception: doppelte werte)
- if (headerAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- headerAuthMap.put(name, value);
- }
- oaConfiguration.setHeaderAuthMapping(headerAuthMap);
-
- if (paramAuthMap.size() == 0) {
- if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
- oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
-
- return oaConfiguration;
- }
-
- /**
- * Reads the configuration file of the online application, and creates a DOM tree from it.
- * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given,
- * uses default configuration file location.
- *
- * @param oap configuration data of online application, meant for use by MOA-ID-PROXY
- * @return Element DOM tree root element
- * @throws ConfigurationException on any exception thrown
- */
- private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
- {
- try {
- String configFileURL = oap.getConfigFileURL();
- if (configFileURL == null) {
- // use default config file URL, when config file URL is not given
- configFileURL = oap.getConnectionParameter().getUrl();
- if (configFileURL.charAt(configFileURL.length() - 1) != '/')
- configFileURL += "/";
- configFileURL += DEFAULT_OA_CONFIG_FILENAME;
- }
- Logger.info("Loading MOA-OA configuration " + configFileURL);
- Element configElem = DOMUtils.parseXmlValidating(
- new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
- return configElem;
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
- }
- }
-
- /**
- * Returns the default chaining mode from the configuration.
- *
- * @return The default chaining mode.
- */
- public String getDefaultChainingMode() {
- String defaultChaining =
- XPathUtils.getAttributeValue(
- getConfigElem(),
- CHAINING_MODES_DEFAULT_XPATH,
- CM_CHAINING);
-
- return translateChainingMode(defaultChaining);
-
- }
- /**
- * Build the chaining modes for all configured trust anchors.
- *
- * @return The mapping from trust anchors to chaining modes.
- */
- public Map buildChainingModes() {
- Map chainingModes = new HashMap();
- NodeIterator trustIter =
- XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
- Element trustAnchorElem;
-
- while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
- IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
- String mode = trustAnchorElem.getAttribute("mode");
-
- if (issuerAndSerial != null) {
- chainingModes.put(issuerAndSerial, translateChainingMode(mode));
- }
- }
-
- return chainingModes;
- }
-
- /**
- * Build an <code>IssuerAndSerial</code> from the DOM representation.
- *
- * @param root The root element (being of type <code>dsig:
- * X509IssuerSerialType</code>.
- * @return The issuer and serial number contained in the <code>root</code>
- * element or <code>null</code> if could not be built for any reason.
- */
- private IssuerAndSerial buildIssuerAndSerial(Element root) {
- String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
- String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);
-
- if (issuer != null && serial != null) {
- try {
- RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
- Principal issuerDN = nameParser.parse();
-
- return new IssuerAndSerial(issuerDN, new BigInteger(serial));
- } catch (RFC2253NameParserException e) {
- warn("config.09", new Object[] { issuer, serial }, e);
- return null;
- } catch (NumberFormatException e) {
- warn("config.09", new Object[] { issuer, serial }, e);
- return null;
- }
- }
- return null;
- }
-
- /**
- * Translate the chaining mode from the configuration file to one used in the
- * IAIK MOA API.
- *
- * @param chainingMode The chaining mode from the configuration.
- * @return The chaining mode as provided by the <code>ChainingModes</code>
- * interface.
- * @see iaik.pki.pathvalidation.ChainingModes
- */
- private String translateChainingMode(String chainingMode) {
- if (chainingMode.equals(CM_CHAINING)) {
- return ChainingModes.CHAIN_MODE;
- } else if (chainingMode.equals(CM_PKIX)) {
- return ChainingModes.PKIX_MODE;
- } else {
- return ChainingModes.CHAIN_MODE;
- }
- }
-
- /**
- * Method warn.
- * @param messageId to identify a country-specific message
- * @param parameters for the logger
- */
- //
- // various utility methods
- //
-
- private static void warn(String messageId, Object[] parameters) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
- }
-
- /**
- * Method warn.
- * @param messageId to identify a country-specific message
- * @param args for the logger
- * @param t as throwabl
- */
- private static void warn(String messageId, Object[] args, Throwable t) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
- }
-
-}