diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java')
| -rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java | 481 |
1 files changed, 481 insertions, 0 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java new file mode 100644 index 000000000..3f7a6872c --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java @@ -0,0 +1,481 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.File; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import java.io.IOException; +import java.util.*; +//import org.apache.xerces.parsers.AbstractDOMParser; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.*; + +/** + * XMLLoginParameterResolver an implementation of implementation of interface + * <code>LoginParameterResolver</code> + * This implementation used to map identities stored in an XML file to parameters + * which are given to OAs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class XMLLoginParameterResolver implements LoginParameterResolver { + + //file which is parsed and interpreted for paremeter resolving. + private String identityFile; + + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or <code>null</code> not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter PW (password) + * @return Parameter PW or <code>null</code> not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for parameter Param1 + * @return Parameter Param1 or <code>null</code> not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for parameter Param2 + * @return Parameter Param2 or <code>null</code> not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for parameter Param3 + * @return Parameter Param3 or <code>null</code> not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a <code>String</code> representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param1 = Param2; + this.Param1 = Param3; + } + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } + } + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object. + **/ + public XMLLoginParameterResolver() { + bPKMap = new HashMap(); + namedMap = new HashMap(); + } + + /** + * configuration method + * @param configuration enabled enable user mapping to parameter set for the parameter set. + */ + public void configure(String configuration) throws LoginParameterResolverException { + File idFile; + this.identityFile = configuration; + + try { + if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { + Logger.error("XMLLoginParameterResolver could not read '" + + identityFile + + "' " ); + return; + } + Document doc = readXMLFile(identityFile); + buildInfo(doc); + } catch (Throwable ex) { + throw new LoginParameterResolverException("config.11", new Object[] {identityFile}, ex); + } + isConfigured = true; + } + + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress) throws LoginParameterResolverException { + Map result = new HashMap(); + + if (!isConfigured) { + throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + + identityFile + "' is not configured!", null); + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; + + //try bPK and named search + userFound = bPKIdentitySearch(bPK, params); + + if(false == userFound) + namedIdentitySearch(famName, givenName, dateOfBirth, params); + + if(false == userFound) + return result; + + //HTTP 401 - Basic Authentication + if (oaConf.getAuthType().equals("basic")) { + userid = params.getUN(); + password = params.getPW(); + + try { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes()); + Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); + result.put("Authorization", "Basic " + credentials); + } catch (IOException ignore) { + } + return result; + } + if (oaConf.getAuthType().equals("header")) { + String key; + String resolvedValue; + result.put("Param1", params.getParam1()); + result.put("Param2", params.getParam2()); + result.put("Param3", params.getParam3()); + return result; + /* for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); + iter.hasNext(); + result.put(key, resolvedValue)) { + key = (String) iter.next(); + String predicate = (String) oaConf.getHeaderAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + */ + } + return result; + } + + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress) { + + Map result = new HashMap(); + + if (!isConfigured) { + Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); + return result; + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; + + //try bPK and named search + userFound = bPKIdentitySearch(bPK, params); + + if (false == userFound) + namedIdentitySearch(famName, givenName, dateOfBirth, params); + + if (false == userFound) + return result; + + if (oaConf.getAuthType().equals("param")) { + result.put("Param1", params.getParam1()); + result.put("Param2", params.getParam2()); + result.put("Param3", params.getParam3()); + return result; + /* + String key; + String resolvedValue; + for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); + iter.hasNext(); + result.put(key, resolvedValue)) { + key = (String) iter.next(); + String predicate = (String) oaConf.getParamAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + */ + + } + return result; + } + + private static String resolveValue( + String predicate, + AuthenticationData authData, + String clientIPAddress) { + if (predicate.equals("MOAGivenName")) + return authData.getGivenName(); + if (predicate.equals("MOAFamilyName")) + return authData.getFamilyName(); + if (predicate.equals("MOADateOfBirth")) + return authData.getDateOfBirth(); + if (predicate.equals("MOAVPK")) + return authData.getVPK(); + if (predicate.equals("MOAPublicAuthority")) + if (authData.isPublicAuthority()) + return "true"; + else + return "false"; + if (predicate.equals("MOABKZ")) + return authData.getPublicAuthorityCode(); + if (predicate.equals("MOAQualifiedCertificate")) + if (authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if (predicate.equals("MOAZMRZahl")) + return authData.getIdentificationValue(); + if (predicate.equals("MOAIPAddress")) + return clientIPAddress; + else + return null; + } + + private Document readXMLFile(String fileName) { + Logger.info("XMLLoginParameterResolver: Loading MOA-OA configuration " + fileName); + DOMParser parser = new DOMParser(); + try { + parser.setFeature("http://xml.org/sax/features/validation", true); + parser.setFeature("http://apache.org/xml/features/validation/schema", true); + parser.parse(fileName); + return parser.getDocument(); + } catch (Exception e) { + String msg = e.toString(); + Logger.error("XMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg); + return null; + } + } + + private void buildInfo(Document doc) { + Element root = doc.getDocumentElement(); + NodeList idList = root.getElementsByTagName(XSD_IDELEM); + NodeList paramList = root.getElementsByTagName("Parameters"); + for (int i = 0; i < idList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); + + for (int i = 0; i < paramList.getLength(); i++) + Logger.debug( + "XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); + + for (int i = 0; i < idList.getLength(); i++) { + Element tmpElem = (Element) idList.item(i); + NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); + for (int j = 0; j < tmpList.getLength(); j++) + Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); + + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName"); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug( + "XMLLoginParameterResolver: tmpStr: " + + tmpStr + + " value: " + + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug( + "XMLLoginParameterResolver: attribute UN: " + + tmpElem.getAttribute("UN") + + " attribute PW: " + + tmpElem.getAttribute("PW")); + namedMap.put( + tmpStr, + new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else { + tmpList = tmpElem.getElementsByTagName("bPKIdentity"); + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute("bPK"); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug( + "XMLLoginParameterResolver: tmpStr: " + + tmpStr + + " value: " + + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug( + "XMLLoginParameterResolver: attribute UN: " + + tmpElem.getAttribute("UN") + + " attribute PW: " + + tmpElem.getAttribute("PW") + + " attribute Param1: " + + tmpElem.getAttribute("Param1")); + bPKMap.put( + tmpStr, + new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else { + Logger.warn( + "XMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found"); + } + } + } + + Logger.debug("namedMap:" + namedMap.toString()); + Logger.debug("bPKMap:" + bPKMap.toString()); + } + + private void buildIdentityInfo(Document doc) { + + } + + + boolean bPKIdentitySearch(String bPK, LPRParams params) { + //search for mapping with bPK of the user + Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); + params = (LPRParams) bPKMap.get(bPK); + if (null == params) { + Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); + return false; + } else if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return true; + } + Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); + return false; + } + + boolean namedIdentitySearch( + String famName, + String givenName, + String dateOfBirth, + LPRParams params) { + Logger.info( + "XMLLoginParameterResolver: search for login data for SurName:" + + famName + + " GivenName: " + + givenName); + + params = (LPRParams) namedMap.get(famName + "," + givenName); + if (null == params) { + + Logger.info( + "XMLLoginParameterResolver: params for Surname: " + + famName + + " GivenName: " + + givenName + + " not found!"); + return false; + } + + if (params.getEnabled()) { + Logger.info( + "XMLLoginParameterResolver: SurName:" + + famName + + " GivenName: " + + givenName + + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return true; + } + Logger.info( + "XMLLoginParameterResolver: SurName:" + + famName + + " GivenName: " + + givenName + + "found in list; user is NOT enabled"); + return false; + } + + public static final String XSD_MAPPING = "Mapping"; + + public static final String XSD_DOCELEM = "MOAIdentities"; + public static final String XSD_IDELEM = "Identity"; + public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + public static final String XSD_BPKIDELEM = "bPKIdentity"; + public static final String XSD_PARAMELEM = "Parameters"; + public static final String XML_LPR_CONFIG_PROPERTY_NAME = "moa.id.xmllpr.configuration"; + private Map bPKMap; + private Map namedMap; + private boolean isConfigured = false; +}
\ No newline at end of file |