diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa')
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java | 298 |
1 files changed, 146 insertions, 152 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index e38ccc62a..758f28150 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -1,18 +1,18 @@ package at.gv.egovernment.moa.id.auth.builder; -import java.io.ByteArrayInputStream; -import java.io.InputStream; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Text; +import org.w3c.dom.Node; +import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Builder for the <code><VerifyXMLSignatureRequestBuilder></code> structure @@ -22,124 +22,121 @@ import at.gv.egovernment.moa.util.XPathUtils; * @version $Id$ */ public class VerifyXMLSignatureRequestBuilder { - /** The MOA-Prefix */ - private static final String MOA = Constants.MOA_PREFIX + ":"; + + /** shortcut for XMLNS namespace URI */ + private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; + /** shortcut for MOA namespace URI */ + private static final String MOA_NS_URI = Constants.MOA_NS_URI; /** The DSIG-Prefix */ private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** the request as string */ - private String request; - /** the request as DOM-Element */ - private Element reqElem; - + + /** The document containing the <code>VerifyXMLsignatureRequest</code> */ + private Document requestDoc_; + /** the <code>VerifyXMLsignatureRequest</code> root element */ + private Element requestElem_; + + /** - * Constructor for VerifyXMLSignatureRequestBuilder. + * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root + * element and namespace declarations. + * + * @throws BuildException If an error occurs on building the document. */ - public VerifyXMLSignatureRequestBuilder() { + public VerifyXMLSignatureRequestBuilder() throws BuildException { + try { + DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + requestDoc_ = docBuilder.newDocument(); + requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + requestDoc_.appendChild(requestElem_); + } catch (Throwable t) { + throw new BuildException( + "builder.00", + new Object[] {"VerifyXMLSignatureRequest", t.toString()}, + t); + } } + + /** * Builds a <code><VerifyXMLSignatureRequest></code> * from an IdentityLink with a known trustProfileID which * has to exist in MOA-SP - * @param idl - The IdentityLink + * @param identityLink - The IdentityLink * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * * @return Element - The complete request as Dom-Element + * * @throws ParseException */ - public Element build(IdentityLink idl, String trustProfileID) - throws ParseException { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <Base64Content>" - + " </Base64Content>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung - +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>" - // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) - +" </ReferenceInfo>" - + " </SignatureManifestCheckParams>" - + " <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - + public Element build(IdentityLink identityLink, String trustProfileID) + throws ParseException + { try { - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "Base64Content"; - - Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - - String dtdString = "" - /* TODO MOA-ID-AUTH remove dtdString processing if it is not nec. in further versions - + "<!DOCTYPE saml:Assertion [\n" - + " <!ATTLIST saml:Assertion AssertionID ID #REQUIRED\n" - + ">\n" - + "]>" - */ - ; - - String serializedAssertion = idl.getSerializedSamlAssertion(); - //insert mini dtd after xml declaration to allow usage of AssertionID - //encode then base64 and put this into Element Base64Content - String dtdAndIL = - serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2) - + dtdString - + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2); - String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8")); - //replace all '\r' characters by no char. - String replaced = ""; - for (int i = 0; i < b64dtdAndIL.length(); i ++) { - if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i); - } - b64dtdAndIL = replaced; - Text b64content = (Text) insertTo.getFirstChild(); - b64content.setData(b64dtdAndIL); - - String SIGN_MANI_CHECK_PARAMS_XPATH = - "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams"; - insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH); - insertTo.removeChild( - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo")); - Element[] dsigTransforms = idl.getDsigReferenceTransforms(); - for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) - { - Element refInfo = - insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo"); - insertTo.appendChild(refInfo); - Element verifyTransformsInfoProfile = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "VerifyTransformsInfoProfile"); - refInfo.appendChild(verifyTransformsInfoProfile); - verifyTransformsInfoProfile.appendChild( - insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); + // build the request + Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); + requestElem_.appendChild(dateTimeElem); + Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); + dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + String serializedAssertion = identityLink.getSerializedSamlAssertion(); + String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8")); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + // add the transforms + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); + for (int i = 0; i < dsigTransforms.length; i++) { + Element verifyTransformsInfoProfileElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); + verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); + } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); } catch (Throwable t) { - throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)"); - "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); } - return reqElem; + return requestElem_; } - + + /** * Builds a <code><VerifyXMLSignatureRequest></code> * from the signed AUTH-Block with a known trustProfileID which @@ -154,59 +151,56 @@ public class VerifyXMLSignatureRequestBuilder { CreateXMLSignatureResponse csr, String[] verifyTransformsInfoProfileID, String trustProfileID) - throws ParseException { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <XMLContent xml:space=\"preserve\"/>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">" - + " <ReferenceInfo>"; - - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - request += " <VerifyTransformsInfoProfileID>" - + verifyTransformsInfoProfileID[i] - + "</VerifyTransformsInfoProfileID>"; - // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) - - } - - request += " </ReferenceInfo>" + " </SignatureManifestCheckParams>" - // Testweise ReturnReferenceInputData = False - +" <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - + throws BuildException { //samlAssertionObject + try { - // Build a DOM-Tree of the obove String - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - //Insert the SAML-Assertion-Object - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "XMLContent"; - - Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); + // build the request +// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" +// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); + verifySignatureEnvironmentElem.appendChild(xmlContentElem); + xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); + // insert the SAML assertion + xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true)); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); + // add the transform profile IDs + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); + } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); } catch (Throwable t) { - throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); + throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); } - return reqElem; + return requestElem_; } } |