diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/config/auth')
4 files changed, 561 insertions, 19 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index d354ba910..e45d7cba8 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -7,6 +7,7 @@ import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; import org.w3c.dom.Element; +import org.w3c.dom.Node; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -15,6 +16,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.XPathUtils; /** * A class providing access to the Auth Part of the MOA-ID configuration data. @@ -116,6 +118,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * X509 SubjectNames which will be trusted */ private String[] identityLinkX509SubjectNames; + /** + * default parameters for verifying additional infoboxes. + */ + private VerifyInfoboxParameters defaultVerifyInfoboxParameters; /** * configuration parameters for online applications @@ -133,6 +139,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * the bku Selection Connection Parameters */ private ConnectionParameter bKUConnectionParameter; + /** * Return the single instance of configuration data. * @@ -214,24 +221,30 @@ public class AuthConfigurationProvider extends ConfigurationProvider { throw new ConfigurationException("config.03", null, t); } - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - bKUSelectable = (bKUConnectionParameter!=null); - bKUSelectionType = builder.buildAuthBKUSelectionType(); - genericConfiguration = builder.buildGenericConfiguration(); - transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); - moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(); - identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + // build the internal datastructures + builder = new ConfigurationBuilder(configElem, rootConfigFileDir); + bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); + bKUSelectable = (bKUConnectionParameter!=null); + bKUSelectionType = builder.buildAuthBKUSelectionType(); + genericConfiguration = builder.buildGenericConfiguration(); + transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); + transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); + moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); + moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); + moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); + moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); + defaultVerifyInfoboxParameters = null; + Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); + if (defaultVerifyInfoboxParamtersElem != null) { + defaultVerifyInfoboxParameters = + builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); + } + onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); + identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); + defaultChainingMode = builder.getDefaultChainingMode(); + chainingModes = builder.buildChainingModes(); + trustedCACertificates = builder.getTrustedCACertificates(); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); @@ -387,4 +400,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return bKUSelectionType; } + /** + * Returns the defaultVerifyInfoboxParameters. + * + * @return The defaultVerifyInfoboxParameters. + */ + public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() { + return defaultVerifyInfoboxParameters; + } + }
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 4a41f9e75..abdf13dd1 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -64,6 +64,10 @@ public class OAAuthParameter extends OAParameter { * template for web page "Anmeldung mit Bürgerkarte" */ private String templateURL; + /** + * Parameters for verifying infoboxes. + */ + private VerifyInfoboxParameters verifyInfoboxParameters; /** * Returns <code>true</code> if the Security Layer version is version 1.2, @@ -157,7 +161,17 @@ public class OAAuthParameter extends OAParameter { */ public String getTemplateURL() { return templateURL; - } + } + + /** + * Returns the parameters for verifying additional infoboxes. + * + * @return The parameters for verifying additional infoboxes. + * Maybe <code>null</code>. + */ + public VerifyInfoboxParameters getVerifyInfoboxParameters() { + return verifyInfoboxParameters; + } /** * Sets the security layer version. @@ -242,4 +256,13 @@ public class OAAuthParameter extends OAParameter { public void setTemplateURL(String templateURL) { this.templateURL = templateURL; } + + /** + * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. + * + * @param verifyInfoboxParameters The verifyInfoboxParameters to set. + */ + public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { + this.verifyInfoboxParameters = verifyInfoboxParameters; + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java new file mode 100644 index 000000000..9caa9519e --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -0,0 +1,362 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.io.IOException; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class is a container for parameters that maybe needed for verifying an infobox. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameter { + + /** + * The default package name (first part) of a infobox validator class. + */ + public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator."; + + /** + * The identifier of the infobox to be verified. This identifier must exactly the + * identifier of the infobox returned by BKU. + */ + private String identifier_; + + /** + * The friendly name of the infobox. + * This name is used within browser messages, thus it should be the german equivalent of + * the {@link #identifier_ infobox identifier} (e.g. "<code>Stellvertretungen</code>" + * for "<code>Mandates</code>" or "<code>GDAToken</code>" for + * "<code>EHSPToken</code>". + * <br>If not specified within the config file the {@link #identifier_ infobox identifier} + * will be used. + */ + private String friendlyName_; + + /** + * The Id of the TrustProfile to be used for validating certificates. + */ + private String trustProfileID_; + + /** + * The full name of the class to be used for verifying the infobox. + */ + private String validatorClassName_; + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + */ + private List schemaLocations_; + + /** + * Application specific parameters that may be needed for verifying an infobox. + */ + private Element applicationSpecificParams_; + + /** + * Specifies if the infobox is be required to be returned by the BKU. + */ + private boolean required_; + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + */ + private boolean provideStammzahl_; + + /** + * Specifies whether the <code>identity link</code> should be passed to the verifying + * application or not. + */ + private boolean provideIdentityLink_; + + /** + * Initializes this VerifiyInfoboxParamater with the given identifier and a default + * validator class name. + * + * @param identifier The identifier of the infobox to be verified. + */ + public VerifyInfoboxParameter(String identifier) { + identifier_ = identifier; + StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK); + sb.append(identifier.toLowerCase()); + sb.append("."); + sb.append(identifier.substring(0, 1).toUpperCase()); + sb.append(identifier.substring(1)); + sb.append("Validator"); + validatorClassName_ = sb.toString(); + } + + /** + * Returns application specific parameters. + * Each child element of this element contains a verifying application specific parameter. + * + * @see #applicationSpecificParams_ + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @see #applicationSpecificParams_ + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Returns the friendly name. + * + * @see #friendlyName_ + * + * @return The friendly name. + */ + public String getFriendlyName() { + return friendlyName_; + } + + /** + * Sets the friendly name. + * + * @param friendlyName The friendly name to set. + */ + public void setFriendlyName(String friendlyName) { + friendlyName_ = friendlyName; + } + + /** + * Returns the infobox identifier. + * + * @see #identifier_ + * + * @return The infobox identifier. + */ + public String getIdentifier() { + return identifier_; + } + + /** + * Sets the the infobox identifier. + * + * @see #identifier_ + * + * @param identifier The infobox identifier to set. + */ + public void setIdentifier(String identifier) { + identifier_ = identifier; + } + + /** + * Specifies whether the identity link should be passed to the verifying application + * or not. + * + * @return <code>True</code> if the identity link should be passed to the verifying + * application, otherwise <code>false</code>. + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink_; + } + + /** + * Sets the {@link #provideIdentityLink_} parameter. + * + * @param provideIdentityLink <code>True</code> if the identity link should be passed to + * the verifying application, otherwise <code>false</code>. + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + provideIdentityLink_ = provideIdentityLink; + } + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + * + * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the + * verifying application, otherwise <code>false</code>. + */ + public boolean getProvideStammzahl() { + return provideStammzahl_; + } + + /** + * Sets the {@link provideStammzahl_} parameter. + * + * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be + * passed to the verifying application, otherwise <code>false</code>. + */ + public void setProvideStammzahl(boolean provideStammzahl) { + provideStammzahl_ = provideStammzahl; + } + + /** + * Specifies whether the infobox is required or not. + * + * @return <code>True</code> if the infobox is required to be returned by the BKU, + * otherwise <code>false</code>. + */ + public boolean isRequired() { + return required_; + } + + /** + * Sets the {@link required_} parameter. + * + * @param required <code>True</code> if the infobox is required to be returned by the + * BKU, otherwise <code>false</code>. + */ + public void setRequired(boolean required) { + required_ = required; + } + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects + * each of them specifying the location of an XML schema. + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * Sets the schema locations. + * + * @see #schemaLocations_ + * + * @param schemaLocations The schema location list to be set. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Returns the ID of the trust profile to be used for verifying certificates. + * + * @return The ID of the trust profile to be used for verifying certificates. + * Maybe <code>null</code>. + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * Sets the ID of the trust profile to be used for verifying certificates. + * + * @param trustProfileID The ID of the trust profile to be used for verifying certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Returns the name of the class to be used for verifying this infobox. + * + * @return The name of the class to be used for verifying this infobox. + */ + public String getValidatorClassName() { + return validatorClassName_; + } + + /** + * Sets the name of the class to be used for verifying this infobox. + * + * @param validatorClassName The name of the class to be used for verifying this infobox. + */ + public void setValidatorClassName(String validatorClassName) { + validatorClassName_ = validatorClassName; + } + + /** + * Get a string representation of this object. + * This method is for debugging purposes only. + * + * @return A string representation of this object. + */ + public String toString() { + + StringBuffer buffer = new StringBuffer(1024); + + buffer.append(" <Infobox Identifier=\""); + buffer.append(identifier_); + buffer.append("\" required=\""); + buffer.append(required_); + buffer.append("\" provideStammzahl=\""); + buffer.append(provideStammzahl_); + buffer.append("\" provideIdentityLink=\""); + buffer.append(provideIdentityLink_); + buffer.append("\">"); + buffer.append("\n"); + if (friendlyName_ != null) { + buffer.append(" <FriendlyName>"); + buffer.append(friendlyName_); + buffer.append("</FriendlyName>"); + buffer.append("\n"); + } + if (trustProfileID_ != null) { + buffer.append(" <TrustProfileID>"); + buffer.append(trustProfileID_); + buffer.append("</TrustProfileID>"); + buffer.append("\n"); + } + if (validatorClassName_ != null) { + buffer.append(" <ValidatorClass>"); + buffer.append(validatorClassName_); + buffer.append("</ValidatorClass>"); + buffer.append("\n"); + } + if (schemaLocations_ != null) { + buffer.append(" <SchemaLocations>"); + buffer.append("\n"); + Iterator it = schemaLocations_.iterator(); + while (it.hasNext()) { + buffer.append(" <Schema namespace=\""); + Schema schema = (Schema)it.next(); + buffer.append(schema.getNamespace()); + buffer.append("\" schemaLocation=\""); + buffer.append(schema.getSchemaLocation()); + buffer.append("\"/>\n"); + } + buffer.append(" </SchemaLocations>"); + buffer.append("\n"); + } + if (applicationSpecificParams_ != null) { + try { + String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_); + buffer.append(" "); + buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams)); + buffer.append("\n"); + } catch (TransformerException e) { + // do nothing + } catch (IOException e) { + // do nothing + } + } + buffer.append(" </Infobox>"); + + + return buffer.toString() ; + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java new file mode 100644 index 000000000..b9f669196 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * This class contains the parameters for verifying all the infoboxes configured for an + * online application. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameters { + + /** + * A map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + */ + private Map infoboxParameters_; + + /** + * A list of the identifiers of the infoboxes supported by this + * VerifyInfoboxParameters; + */ + private List identifiers_; + + /** + * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate + * in the context of the actual online application. + * The string will be added as value of the <code>PushInfobox</code> parameter in the + * HTML form used for reading the infoboxes from the BKU. + */ + private String pushInfobox_; + + /** + * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_} + * map. + */ + public VerifyInfoboxParameters() { + infoboxParameters_ = new Hashtable(); + pushInfobox_ = ""; + } + + /** + * Initializes this VerifyInfoboxParameters with the given + * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string + * from the keys of the given map. + */ + public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) { + identifiers_ = identifiers; + infoboxParameters_ = infoboxParameters; + // build the pushInfobox string + if ((identifiers != null) && (!identifiers.isEmpty())) { + StringBuffer identifiersSB = new StringBuffer(); + int identifiersNum = identifiers.size(); + int i = 1; + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + identifiersSB.append((String)it.next()); + if (i != identifiersNum) { + identifiersSB.append(","); + } + i++; + } + pushInfobox_ = identifiersSB.toString(); + } else { + pushInfobox_ = ""; + } + } + + /** + * Returns the (comma separated) identifiers of the infoboxes configured for the actual + * online application. + * + * @see #pushInfobox_ + * + * @return The (comma separated) identifiers of the infoboxes configured for the actual + * online application. + */ + public String getPushInfobox() { + return pushInfobox_; + } + + /** + * Sets the {@link #pushInfobox_} string. + * + * @param pushInfobox The pushInfobox string to be set. + */ + public void setPushInfobox(String pushInfobox) { + pushInfobox_ = pushInfobox; + } + + /** + * Returns map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + * + * @return The map of {@link VerifyInfoboxParameter} objects. + */ + public Map getInfoboxParameters() { + return infoboxParameters_; + } + + /** + * Sets the map of {@link VerifyInfoboxParameter} objects. + * + * @see #infoboxParameters_ + * + * @param infoboxParameters The infoboxParameters to set. + */ + public void setInfoboxParameters(Map infoboxParameters) { + infoboxParameters_ = infoboxParameters; + } + + /** + * Returns the identifiers of the supported infoboxes. + * + * @return The identifiers. + */ + public List getIdentifiers() { + return identifiers_; + } + + /** + * Sets the identifiers. + * + * @param identifiers The identifiers to set. + */ + public void setIdentifiers(List identifiers) { + identifiers_ = identifiers; + } + +} |