aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at/gv/egovernment')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java31
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/BuildException.java34
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/ECDSAConverterException.java34
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/MOAIDException.java159
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/ParseException.java34
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/ServiceException.java34
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java1019
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java52
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java75
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java163
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java21
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java88
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java146
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java156
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java49
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java59
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java84
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java93
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java83
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java150
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java86
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java82
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java59
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java60
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java91
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java63
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java206
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java383
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java71
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java73
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java137
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java266
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java65
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java129
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java57
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java101
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java172
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java348
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java79
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java26
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java63
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java177
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java92
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java193
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java72
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java157
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java319
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java165
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java58
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java156
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java202
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java75
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java135
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java99
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java103
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java120
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java107
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java274
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java159
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java32
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java35
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java177
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java894
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java31
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java128
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java106
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/OAParameter.java76
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java414
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java268
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java360
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java135
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java173
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java184
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java268
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java188
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java394
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/Cookie.java119
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java114
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java111
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java59
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java96
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java51
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java66
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java36
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java51
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java186
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java119
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java46
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java64
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java68
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java149
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java142
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java249
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java211
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java86
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java37
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java82
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java95
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java39
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java678
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java422
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java55
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java143
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java158
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java100
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java71
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java35
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java879
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java212
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/ECDSAConstants.java36
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java572
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java76
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/HTTPUtils.java68
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java374
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java58
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java62
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/Random.java22
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java180
118 files changed, 0 insertions, 18184 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java b/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java
deleted file mode 100644
index 96a5e0673..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-
-/**
- * Exception thrown during handling of AuthenticationSession
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationException extends MOAIDException {
-
- /**
- * Constructor for AuthenticationException.
- * @param messageId
- */
- public AuthenticationException(String messageId, Object[] parameters) {
- super(messageId, parameters, null);
- }
- /**
- * Constructor for AuthenticationException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public AuthenticationException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/BuildException.java b/id.server/src/at/gv/egovernment/moa/id/BuildException.java
deleted file mode 100644
index 785dce7a3..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/BuildException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-
-/**
- * Exception thrown while building an XML or HTML structure.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class BuildException extends MOAIDException {
-
- /**
- * Constructor for BuildException.
- * @param messageId
- * @param parameters
- */
- public BuildException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for BuildException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public BuildException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id.server/src/at/gv/egovernment/moa/id/ECDSAConverterException.java
deleted file mode 100644
index 682395a83..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/ECDSAConverterException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-
-/**
- * Exception thrown while converting ECDSAKeys from/to an XML structure.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class ECDSAConverterException extends MOAIDException {
-
- /**
- * Constructor for ECDSAConverterException.
- * @param messageId
- * @param parameters
- */
- public ECDSAConverterException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ECDSAConverterException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ECDSAConverterException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java b/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java
deleted file mode 100644
index bce2c4778..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java
+++ /dev/null
@@ -1,159 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.DOMImplementation;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Base class of technical MOA exceptions.
- *
- * Technical exceptions are exceptions that originate from system failure (e.g.,
- * a database connection fails, a component is not available, etc.)
- *
- * @author Patrick Peck, Ivancsics Paul
- * @version $Id$
- */
-public class MOAIDException extends Exception {
- /** message ID */
- private String messageId;
- /** wrapped exception */
- private Throwable wrapped;
-
- /**
- * Create a new <code>MOAIDException</code>.
- *
- * @param messageId The identifier of the message associated with this
- * exception.
- * @param parameters Additional message parameters.
- */
- public MOAIDException(String messageId, Object[] parameters) {
- super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
- this.messageId = messageId;
- }
-
- /**
- * Create a new <code>MOAIDException</code>.
- *
- * @param messageId The identifier of the message associated with this
- * <code>MOAIDException</code>.
- * @param parameters Additional message parameters.
- * @param wrapped The exception wrapped by this
- * <code>MOAIDException</code>.
- */
- public MOAIDException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
-
- super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
- this.messageId = messageId;
- this.wrapped = wrapped;
- }
-
- /**
- * Print a stack trace of this exception to <code>System.err</code>.
- *
- * @see java.lang.Throwable#printStackTrace()
- */
- public void printStackTrace() {
- printStackTrace(System.err);
- }
-
- /**
- * Print a stack trace of this exception, including the wrapped exception.
- *
- * @param s The stream to write the stack trace to.
- * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
- */
- public void printStackTrace(PrintStream s) {
- if (getWrapped() == null)
- super.printStackTrace(s);
- else {
- s.print("Root exception: ");
- getWrapped().printStackTrace(s);
- }
- }
-
- /**
- * Print a stack trace of this exception, including the wrapped exception.
- *
- * @param s The stream to write the stacktrace to.
- * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
- */
- public void printStackTrace(PrintWriter s) {
- if (getWrapped() == null)
- super.printStackTrace(s);
- else {
- s.print("Root exception: ");
- getWrapped().printStackTrace(s);
- }
- }
-
- /**
- * @return message ID
- */
- public String getMessageId() {
- return messageId;
- }
-
- /**
- * @return wrapped exception
- */
- public Throwable getWrapped() {
- return wrapped;
- }
-
- /**
- * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code>
- * element from the MOA namespace.
- *
- * @return An <code>ErrorResponse</code> element, containing the subelements
- * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
- */
- public Element toErrorResponse() {
- DocumentBuilder builder;
- DOMImplementation impl;
- Document doc;
- Element errorResponse;
- Element errorCode;
- Element info;
-
- // create a new document
- try {
- builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- impl = builder.getDOMImplementation();
- } catch (ParserConfigurationException e) {
- return null;
- }
-
- // build the ErrorResponse element
- doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
- errorResponse = doc.getDocumentElement();
-
- // add MOA namespace declaration
- errorResponse.setAttributeNS(
- Constants.XMLNS_NS_URI,
- "xmlns",
- Constants.MOA_NS_URI);
-
- // build the child elements
- errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
- errorCode.appendChild(doc.createTextNode(messageId));
- info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
- info.appendChild(doc.createTextNode(toString()));
- errorResponse.appendChild(errorCode);
- errorResponse.appendChild(info);
- return errorResponse;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/ParseException.java b/id.server/src/at/gv/egovernment/moa/id/ParseException.java
deleted file mode 100644
index a5e0088d9..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/ParseException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-
-/**
- * Exception thrown while parsing an XML structure.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ParseException extends MOAIDException {
-
- /**
- * Constructor for ParseException.
- * @param messageId
- * @param parameters
- */
- public ParseException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ParseException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ParseException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java b/id.server/src/at/gv/egovernment/moa/id/ServiceException.java
deleted file mode 100644
index 9e6ab2361..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-
-/**
- * Exception thrown while calling the MOA-SPSS web service.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ServiceException extends MOAIDException {
-
- /**
- * Constructor for ServiceException.
- * @param messageId
- * @param parameters
- */
- public ServiceException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ServiceException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ServiceException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
deleted file mode 100644
index 5f4ec2d29..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ /dev/null
@@ -1,1019 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import iaik.pki.PKIException;
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
-import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
-import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * API for MOA ID Authentication Service.<br>
- * {@link AuthenticationSession} is stored in a session store and retrieved
- * by giving the session ID.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationServer implements MOAIDAuthConstants {
-
- /** single instance */
- private static AuthenticationServer instance;
- /** session data store (session ID -> AuthenticationSession) */
- private static Map sessionStore = new HashMap();
- /** authentication data store (assertion handle -> AuthenticationData) */
- private static Map authenticationDataStore = new HashMap();
- /**
- * time out in milliseconds used by {@link cleanup} for session store
- */
- private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes
- /**
- * time out in milliseconds used by {@link cleanup} for authentication data store
- */
- private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
-
- /**
- * Returns the single instance of <code>AuthenticationServer</code>.
- *
- * @return the single instance of <code>AuthenticationServer</code>
- */
- public static AuthenticationServer getInstance() {
- if (instance == null)
- instance = new AuthenticationServer();
- return instance;
- }
- /**
- * Constructor for AuthenticationServer.
- */
- public AuthenticationServer() {
- super();
- }
- /**
- * Processes request to select a BKU.
- * <br/>Processing depends on value of {@link AuthConfigurationProvider#getBKUSelectionType}.
- * <br/>For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> for the
- * "BKU Auswahl" service is returned.
- * <br/>For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection is returned.
- * @param authURL base URL of MOA-ID Auth component
- * @param target "Gesch&auml;ftsbereich"
- * @param oaURL online application URL requested
- * @param bkuSelectionTemplateURL template for BKU selection form to be used
- * in case of <code>HTMLSelect</code>; may be null
- * @param templateURL URL providing an HTML template for the HTML form to be used
- * for call <code>startAuthentication</code>
- * @return for <code>bkuSelectionType==HTMLComplete</code>, the <code>returnURI</code> for the
- * "BKU Auswahl" service;
- * for <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection
- * @throws WrongParametersException upon missing parameters
- * @throws AuthenticationException when the configured BKU selection service cannot be reached,
- * and when the given bkuSelectionTemplateURL cannot be reached
- * @throws ConfigurationException on missing configuration data
- * @throws BuildException while building the HTML form
- */
- public String selectBKU(
- String authURL,
- String target,
- String oaURL,
- String bkuSelectionTemplateURL,
- String templateURL)
- throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
-
- //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
-
- ConnectionParameter bkuConnParam =
- AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
- if (bkuConnParam == null)
- throw new ConfigurationException(
- "config.08",
- new Object[] { "BKUSelection/ConnectionParameter" });
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
- } else {
- if (!isEmpty(target)) {
- Logger.info("Ignoring target parameter thus application type is \"businessService\"");
- }
- target = null;
- }
-
- AuthenticationSession session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- String returnURL =
- new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
- String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
- if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL;
- return redirectURL;
- } else {
- // bkuSelectionType==HTMLSelect
- String bkuSelectTag;
- try {
- bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
- } catch (Throwable ex) {
- throw new AuthenticationException(
- "auth.11",
- new Object[] { bkuConnParam.getUrl(), ex.toString()},
- ex);
- }
- String bkuSelectionTemplate = null;
- // override template url by url from configuration file
- if (oaParam.getBkuSelectionTemplateURL() != null) {
- bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
- }
- if (bkuSelectionTemplateURL != null) {
- try {
- bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { bkuSelectionTemplateURL, ex.toString()},
- ex);
- }
- }
- String htmlForm =
- new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
- return htmlForm;
- }
- }
- /**
- * Method readBKUSelectTag.
- * @param conf the ConfigurationProvider
- * @param connParam the ConnectionParameter for that connection
- * @return String
- * @throws ConfigurationException on config-errors
- * @throws PKIException on PKI errors
- * @throws IOException on any data error
- * @throws GeneralSecurityException on security errors
- */
- private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- if (connParam.isHTTPSURL())
- return SSLUtils.readHttpsURL(conf, connParam);
- else
- return HTTPUtils.readHttpURL(connParam.getUrl());
- }
- /**
- * Processes the beginning of an authentication session.
- * <ul>
- * <li>Starts an authentication session</li>
- * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>Creates an HTML form for querying the identity link from the
- * security layer implementation.
- * <br>Form parameters include
- * <ul>
- * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>the data URL where the security layer implementation sends it response to</li>
- * </ul>
- * </ul>
- * @param authURL URL of the servlet to be used as data URL
- * @param target "Gesch&auml;ftsbereich" of the online application requested
- * @param oaURL online application URL requested
- * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used;
- * may be <code>null</code>; in this case, the default location will be used
- * @param templateURL URL providing an HTML template for the HTML form generated
- * @return HTML form
- * @throws AuthenticationException
- * @see GetIdentityLinkFormBuilder
- * @see InfoboxReadRequestBuilder
- */
- public String startAuthentication(
- String authURL,
- String target,
- String oaURL,
- String templateURL,
- String bkuURL,
- String sessionID)
- throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
-
- if (isEmpty(sessionID)) {
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
-
- //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr =
- AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
- }
- AuthenticationSession session;
- OAAuthParameter oaParam;
- if (sessionID != null) {
- session = getSession(sessionID);
- oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } else {
- oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
- } else {
- target = null;
- }
- session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- }
- // BKU URL has not been set yet, even if session already exists
- if (bkuURL == null) {
- bkuURL = DEFAULT_BKU;
- }
- session.setBkuURL(bkuURL);
- String infoboxReadRequest =
- new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(),
- oaParam.getBusinessService(),
- oaParam.getIdentityLinkDomainIdentifier());
- String dataURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_IDENTITY_LINK,
- session.getSessionID());
- String template = null;
- // override template url by url from configuration file
- if (oaParam.getTemplateURL() != null) {
- templateURL = oaParam.getTemplateURL();
- } else {
- templateURL = session.getTemplateURL();
- }
- if (templateURL != null) {
- try {
- template = new String(FileUtils.readURL(templateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { templateURL, ex.toString()},
- ex);
- }
- }
- String pushInfobox = "";
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
- if (verifyInfoboxParameters != null) {
- pushInfobox = verifyInfoboxParameters.getPushInfobox();
- }
- String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12());
- String certInfoDataURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_START_AUTHENTICATION,
- session.getSessionID());
- String htmlForm =
- new GetIdentityLinkFormBuilder().build(
- template,
- bkuURL,
- infoboxReadRequest,
- dataURL,
- certInfoRequest,
- certInfoDataURL,
- pushInfobox);
- return htmlForm;
- }
- /**
- * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Verifies identity link by calling the MOA SP component</li>
- * <li>Checks certificate authority of identity link</li>
- * <li>Stores identity link in the session</li>
- * <li>Verifies all additional infoboxes returned from the BKU</li>
- * <li>Creates an authentication block to be signed by the user</li>
- * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the
- * security layer implementation</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param infoboxReadResponseParameters The parameters from the response returned from
- * the BKU including the <code>&lt;InfoboxReadResponse&gt;</code>
- * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
- */
- public String verifyIdentityLink(String sessionID, Map infoboxReadResponseParameters)
- throws
- AuthenticationException,
- BuildException,
- ParseException,
- ConfigurationException,
- ValidateException,
- ServiceException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
-
- String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE);
- if (isEmpty(xmlInfoboxReadResponse))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
-
- AuthenticationSession session = getSession(sessionID);
- if (session.getTimestampIdentityLink() != null)
- throw new AuthenticationException("auth.01", new Object[] { sessionID });
- session.setTimestampIdentityLink();
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- // parses the <InfoboxReadResponse>
- IdentityLink identityLink =
- new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
- // validates the identity link
- IdentityLinkValidator.getInstance().validate(identityLink);
- // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest =
- new VerifyXMLSignatureRequestBuilder().build(
- identityLink,
- authConf.getMoaSpIdentityLinkTrustProfileID());
-
- // invokes the call
- Element domVerifyXMLSignatureResponse =
- new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse =
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
-
- if (identityLink.getIdentificationType().equalsIgnoreCase(Constants.URN_PREFIX_BASEID)) {
- }
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
- // if OA is type is business service the manifest validation result has to be ignored
- boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true : false;
-
- // validates the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponseValidator.getInstance().validate(
- verifyXMLSignatureResponse,
- authConf.getIdentityLinkX509SubjectNames(),
- VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
- ignoreManifestValidationResult);
-
- session.setIdentityLink(identityLink);
- // now validate the extended infoboxes
- verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl());
- // builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session);
-// session.setAuthBlock(authBlock);
- // builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
- // no OA specific transforms specified, use default ones
- transformsInfos = authConf.getTransformsInfos();
- }
- String createXMLSignatureRequest =
- new CreateXMLSignatureRequestBuilder().build(authBlock,
- oaParam.getKeyBoxIdentifier(),
- transformsInfos,
- oaParam.getSlVersion12());
- return createXMLSignatureRequest;
- }
- /**
- * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
- * @param session authentication session
- *
- * @return <code>&lt;saml:Assertion&gt;</code> as a String
- *
- * @throws BuildException If an error occurs on serializing an extended SAML attribute
- * to be appended to the AUTH-Block.
- */
- private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getName();
- String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
- session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(
- issuer,
- issueInstant,
- authURL,
- target,
- identificationValue,
- identificationType,
- oaURL,
- gebDat,
- extendedSAMLAttributes,
- session);
-
- return authBlock;
- }
-
- /**
- * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by
- * calling appropriate validator classes.
- *
- * @param session The actual authentication session.
- * @param infoboxReadResponseParams The parameters returned from the BKU as response
- * to an infobox read request (including the infobox
- * tokens to be verified).
- * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en)
- * should be hidden in any SAML attribute that may be
- * returned by a validator.
- *
- * @throws AuthenticationException If the verification of at least one infobox fails.
- * @throws ConfigurationException If the OAuthParameter cannot be extracted.
- */
- private void verifyInfoboxes(
- AuthenticationSession session, Map infoboxReadResponseParams, boolean hideStammzahl)
- throws ValidateException, ConfigurationException
- {
-
- AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance();
- // get the default VerifyInfobox parameters
- Map defaultInfoboxParameters = null;
- VerifyInfoboxParameters defaultVerifyInfoboxParameters =
- authConfigurationProvider.getDefaultVerifyInfoboxParameters();
- if (defaultVerifyInfoboxParameters != null) {
- defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
- }
- // get the OA specific VerifyInfobox parameters
- Map infoboxParameters = null;
- OAAuthParameter oaParam =
- authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
- if (verifyInfoboxParameters != null) {
- Vector authAttributes = new Vector();
- Vector oaAttributes = new Vector();
- infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
- // get the list of infobox identifiers
- List identifiers = verifyInfoboxParameters.getIdentifiers();
- if (identifiers != null) {
- // step through the identifiers and verify the infoboxes
- Iterator it = identifiers.iterator();
- while (it.hasNext()) {
- String identifier = (String)it.next();
- // get the infobox read response from the map of parameters
- String infoboxReadResponse = (String)infoboxReadResponseParams.get(identifier);
- // get the configuration parameters
- VerifyInfoboxParameter verifyInfoboxParameter = null;
- Object object = infoboxParameters.get(identifier);
- // if not present, use default
- if ((object == null) && (defaultInfoboxParameters != null)) {
- object = defaultInfoboxParameters.get(identifier);
- }
- if (object != null) {
- verifyInfoboxParameter = (VerifyInfoboxParameter)object;
- }
- if (infoboxReadResponse != null) {
- if (verifyInfoboxParameter == null) {
- // should not happen because of the pushinfobox mechanism; check it anyway
- Logger.error("No validator for verifying \"" + identifier + "\"-infobox configured.");
- throw new ValidateException("validator.41", new Object[] {identifier});
- } else {
- String friendlyName = verifyInfoboxParameter.getFriendlyName();
- // get the class for validating the infobox
- InfoboxValidator infoboxValidator = null;
- try {
- Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName());
- infoboxValidator = (InfoboxValidator) validatorClass.newInstance();
- } catch (Exception e) {
- Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
- "\" for \"" + identifier + "\"-infobox: " + e.getMessage());
- throw new ValidateException("validator.42", new Object[] {friendlyName});
- }
- Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
- "\" for \"" + identifier + "\"-infobox.");
- // parse the infobox read reponse
- List infoboxTokenList = null;
- try {
- infoboxTokenList =
- ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName);
- } catch (ParseException e) {
- Logger.error("InfoboxReadResponse for \"" + identifier +
- "\"-infobox could not be parsed successfully: " + e.getMessage());
- throw new ValidateException("validator.43", new Object[] {friendlyName});
- }
- // build the parameters for validating the infobox
- InfoboxValidatorParams infoboxValidatorParams =
- InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams(
- session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl);
- // now validate the infobox
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxValidator.validate(infoboxValidatorParams);
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
- throw new ValidateException(
- "validator.44", new Object[] {friendlyName});
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier + " infobox failed.");
- throw new ValidateException(
- "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
- }
-
- Logger.info(identifier + " infobox successfully validated.");
-
- // get the SAML attributes to be appended to the AUTHBlock or to the final
- // SAML Assertion
- ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes();
- if (extendedSAMLAttributes != null) {
- int length = extendedSAMLAttributes.length;
- for (int i=0; i<length; i++) {
- ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
- String name = samlAttribute.getName();
- if (name == null) {
- Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is null.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"});
- }
- if (name == "") {
- Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is empty.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"});
- }
- if (samlAttribute.getNameSpace() == null) {
- Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is null.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"});
- }
- Object value = samlAttribute.getValue();
- if (value == null) {
- Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is null.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
- }
- if ((value instanceof String) || (value instanceof Element)) {
-
- switch (samlAttribute.getAddToAUTHBlock()) {
- case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
- authAttributes.add(samlAttribute);
- oaAttributes.add(samlAttribute);
- break;
- case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
- authAttributes.add(samlAttribute);
- break;
- case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
- oaAttributes.add(samlAttribute);
- break;
- default:
- Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
- + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number "
- + (i+1) + " for infobox " + identifier);
- throw new ValidateException(
- "validator.47", new Object[] {friendlyName, String.valueOf((i+1))});
- }
- } else {
- Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" +
- " or \"org.w3c.dom.Element\"");
- throw new ValidateException(
- "validator.46", new Object[] {identifier, String.valueOf((i+1))});
-
- }
- }
-
- }
- }
- } else {
- if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) {
- Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU");
- throw new ValidateException(
- "validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()});
-
- }
- Logger.debug("Infobox \"" + identifier + "\" not returned from BKU.");
- }
- }
- session.setExtendedSAMLAttributesAUTH(authAttributes);
- session.setExtendedSAMLAttributesOA(oaAttributes);
- }
- }
- }
-
- /**
- * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
- * <li>Parses authentication block enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies authentication block by calling the MOA SP component</li>
- * <li>Creates authentication data</li>
- * <li>Creates a corresponding SAML artifact</li>
- * <li>Stores authentication data in the authentication data store
- * indexed by the SAML artifact</li>
- * <li>Deletes authentication session</li>
- * <li>Returns the SAML artifact, encoded BASE64</li>
- * </ul>
- *
- * @param sessionID session ID of the running authentication session
- * @param xmlCreateXMLSignatureReadResponse String representation of the
- * <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @return SAML artifact needed for retrieving authentication data, encoded BASE64
- */
- public String verifyAuthenticationBlock(
- String sessionID,
- String xmlCreateXMLSignatureReadResponse)
- throws
- AuthenticationException,
- BuildException,
- ParseException,
- ConfigurationException,
- ServiceException,
- ValidateException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
- if (isEmpty(xmlCreateXMLSignatureReadResponse))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- AuthenticationSession session = getSession(sessionID);
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- // parses <CreateXMLSignatureResponse>
- CreateXMLSignatureResponse csresp =
- new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
- try {
- String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
- session.setAuthBlock(serializedAssertion);
- } catch (TransformerException e) {
- throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- } catch (IOException e) {
- throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- }
- // validates <CreateXMLSignatureResponse>
- new CreateXMLSignatureResponseValidator().validate(csresp, session);
- // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
- String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
- Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
- // debug output
-
- // invokes the call
- Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
- // debug output
-
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
- // validates the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponseValidator.getInstance().validate(
- vsresp,
- null,
- VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
- false);
-
-
- // TODO See Bug #144
- // Compare AuthBlock Data with information stored in session, especially date and time
-
-
- // compares the public keys from the identityLink with the AuthBlock
- VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
- vsresp,
- session.getIdentityLink());
-
- // builds authentication data and stores it together with a SAML artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
- String samlArtifact =
- new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
- storeAuthenticationData(samlArtifact, authData);
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info(
- "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
- }
- /**
- * Builds the AuthenticationData object together with the
- * corresponding <code>&lt;saml:Assertion&gt;</code>
- * @param session authentication session
- * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP
- * @return AuthenticationData object
- * @throws ConfigurationException while accessing configuration data
- * @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
- */
- private AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
- throws ConfigurationException, BuildException {
-
- IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- boolean businessService = oaParam.getBusinessService();
- authData.setMajorVersion(1);
- authData.setMinorVersion(0);
- authData.setAssertionID(Random.nextRandom());
- authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
-
- authData.setIdentificationType(identityLink.getIdentificationType());
- authData.setGivenName(identityLink.getGivenName());
- authData.setFamilyName(identityLink.getFamilyName());
- authData.setDateOfBirth(identityLink.getDateOfBirth());
- authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
- authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
- authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
- authData.setBkuURL(session.getBkuURL());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- if (provideStammzahl) {
- authData.setIdentificationValue(identityLink.getIdentificationValue());
- }
- String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl);
- try {
- String signerCertificateBase64 = "";
- if (oaParam.getProvideCertifcate()) {
- X509Certificate signerCertificate = verifyXMLSigResp.getX509certificate();
- if (signerCertificate != null) {
- signerCertificateBase64 = Base64Utils.encode(signerCertificate.getEncoded());
- } else {
- Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available");
- }
- }
- authData.setSignerCertificate(signerCertificateBase64);
- if (businessService) {
- authData.setWBPK(identityLink.getIdentificationValue());
- } else {
- // only compute bPK if online applcation is a public service
- String bpkBase64 =
- new BPKBuilder().buildBPK(
- identityLink.getIdentificationValue(),
- session.getTarget());
- authData.setBPK(bpkBase64);
- }
- String ilAssertion =
- oaParam.getProvideIdentityLink()
- ? identityLink.getSerializedSamlAssertion()
- : "";
- if (!oaParam.getProvideStammzahl()) {
- ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink.getIdentificationValue(), "");
- }
- String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
- String samlAssertion =
- new AuthenticationDataAssertionBuilder().build(
- authData,
- prPerson,
- authBlock,
- ilAssertion,
- session.getBkuURL(),
- signerCertificateBase64,
- businessService,
- session.getExtendedSAMLAttributesOA());
- authData.setSamlAssertion(samlAssertion);
- return authData;
- } catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] { "AuthenticationData", ex.toString()},
- ex);
- }
- }
- /**
- * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
- * The <code>AuthenticationData</code> is deleted from the store upon end of this call.
- *
- * @return <code>AuthenticationData</code>
- */
- public AuthenticationData getAuthenticationData(String samlArtifact)
- throws AuthenticationException {
- String assertionHandle;
- try {
- assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
- } catch (ParseException ex) {
- throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()});
- }
- AuthenticationData authData = null;
- synchronized (authenticationDataStore) {
- authData = (AuthenticationData) authenticationDataStore.get(assertionHandle);
- if (authData == null) {
- Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
- throw new AuthenticationException("1206", new Object[] { samlArtifact });
- }
- authenticationDataStore.remove(assertionHandle);
- }
- long now = new Date().getTime();
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207", new Object[] { samlArtifact });
- Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
- return authData;
- }
- /**
- * Stores authentication data indexed by the assertion handle contained in the
- * given saml artifact.
- * @param samlArtifact SAML artifact
- * @param authData authentication data
- * @throws AuthenticationException when SAML artifact is invalid
- */
- private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
- throws AuthenticationException {
-
- try {
- SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
- // check type code 0x0001
- byte[] typeCode = parser.parseTypeCode();
- if (typeCode[0] != 0 || typeCode[1] != 1)
- throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
- String assertionHandle = parser.parseAssertionHandle();
- synchronized (authenticationDataStore) {
- Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact);
- authenticationDataStore.put(assertionHandle, authData);
- }
- } catch (AuthenticationException ex) {
- throw ex;
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
- }
- }
- /**
- * Creates a new session and puts it into the session store.
- *
- * @param id Session ID
- * @return AuthenticationSession created
- * @exception AuthenticationException
- * thrown when an <code>AuthenticationSession</code> is running
- * already for the given session ID
- */
- private static AuthenticationSession newSession() throws AuthenticationException {
- String sessionID = Random.nextRandom();
- AuthenticationSession newSession = new AuthenticationSession(sessionID);
- synchronized (sessionStore) {
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
- if (session != null)
- throw new AuthenticationException("auth.01", new Object[] { sessionID });
- sessionStore.put(sessionID, newSession);
- }
- return newSession;
- }
- /**
- * Retrieves a session from the session store.
- *
- * @param id session ID
- * @return <code>AuthenticationSession</code> stored with given session ID,
- * <code>null</code> if session ID unknown
- */
- public static AuthenticationSession getSession(String id) throws AuthenticationException {
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(id);
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[] { id });
- return session;
- }
- /**
- * Cleans up expired session and authentication data stores.
- */
- public void cleanup() {
- long now = new Date().getTime();
- synchronized (sessionStore) {
- Set keys = new HashSet(sessionStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String sessionID = (String) iter.next();
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
- if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
- Logger.info(
- MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.02",
- new Object[] { sessionID }));
- sessionStore.remove(sessionID);
- }
- }
- }
- synchronized (authenticationDataStore) {
- Set keys = new HashSet(authenticationDataStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String samlArtifact = (String) iter.next();
- AuthenticationData authData =
- (AuthenticationData) authenticationDataStore.get(samlArtifact);
- if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
- Logger.info(
- MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.03",
- new Object[] { samlArtifact }));
- authenticationDataStore.remove(samlArtifact);
- }
- }
- }
- }
-
- /**
- * Sets the sessionTimeOut.
- * @param seconds Time out of the session in seconds
- */
- public void setSecondsSessionTimeOut(long seconds) {
- sessionTimeOut = 1000 * seconds;
- }
- /**
- * Sets the authDataTimeOut.
- * @param seconds Time out for signing AuthData in seconds
- */
- public void setSecondsAuthDataTimeOut(long seconds) {
- authDataTimeOut = 1000 * seconds;
- }
-
- /**
- * Checks a parameter.
- * @param param parameter
- * @return true if the parameter is null or empty
- */
- private boolean isEmpty(String param) {
- return param == null || param.length() == 0;
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
deleted file mode 100644
index 7e5ed6ec7..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Thread cleaning the <code>AuthenticationServer</code> session store
- * and authentication data store from garbage.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationSessionCleaner implements Runnable {
-
- /** interval the <code>AuthenticationSessionCleaner</code> is run in */
- private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min
-
- /**
- * Runs the thread. Cleans the <code>AuthenticationServer</code> session store
- * and authentication data store from garbage, then sleeps for given interval, and restarts.
- */
- public void run() {
- while (true) {
- try {
- Logger.debug("AuthenticationSessionCleaner run");
- AuthenticationServer.getInstance().cleanup();
- }
- catch (Exception e) {
- Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
- }
- try {
- Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
- }
- catch (InterruptedException e) {
- }
- }
- }
-
- /**
- * start the sessionCleaner
- */
- public static void start() {
- // start the session cleanup thread
- Thread sessionCleaner =
- new Thread(new AuthenticationSessionCleaner());
- sessionCleaner.setName("SessionCleaner");
- sessionCleaner.setDaemon(true);
- sessionCleaner.setPriority(Thread.MIN_PRIORITY);
- sessionCleaner.start();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
deleted file mode 100644
index 43e88e7b5..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import iaik.asn1.ObjectID;
-
-
-/**
- * Constants used throughout moa-id-auth component.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public interface MOAIDAuthConstants {
-
- /** servlet parameter &quot;Target&quot; */
- public static final String PARAM_TARGET = "Target";
- /** servlet parameter &quot;OA&quot; */
- public static final String PARAM_OA = "OA";
- /** servlet parameter &quot;bkuURI&quot; */
- public static final String PARAM_BKU = "bkuURI";
- /** servlet parameter &quot;BKUSelectionTemplate&quot; */
- public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
- /** default BKU URL */
- public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request";
- /** servlet parameter &quot;returnURI&quot; */
- public static final String PARAM_RETURN = "returnURI";
- /** servlet parameter &quot;Template&quot; */
- public static final String PARAM_TEMPLATE = "Template";
- /** servlet parameter &quot;MOASessionID&quot; */
- public static final String PARAM_SESSIONID = "MOASessionID";
- /** servlet parameter &quot;XMLResponse&quot; */
- public static final String PARAM_XMLRESPONSE = "XMLResponse";
- /** servlet parameter &quot;SAMLArtifact&quot; */
- public static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
- /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */
- public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
- /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
- public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
- /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
- public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock";
- /** Logging hierarchy used for controlling debug output of XML structures to files */
- public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth";
- /** Header Name for controlling the caching mechanism of the browser */
- public static final String HEADER_EXPIRES = "Expires";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT";
- /** Header Name for controlling the caching mechanism of the browser */
- public static final String HEADER_PRAGMA = "Pragma";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_PRAGMA = "no-cache";
- /** Header Name for controlling the caching mechanism of the browser */
- public static final String HEADER_CACHE_CONTROL = "Cache-control";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0";
- /**
- * the identity link signer X509Subject names of those identity link signer certificates
- * not including the identity link signer OID. The authorisation for signing the identity
- * link must be checked by using their issuer names. After february 19th 2007 the OID of
- * the certificate will be used fo checking the authorisation for signing identity links.
- */
- public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID =
- new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
- "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};
- /**
- * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen"
- */
- public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
- /**
- * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen);
- * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
- */
- public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
deleted file mode 100644
index 7964e2fb6..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ /dev/null
@@ -1,163 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import iaik.pki.PKIException;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.Properties;
-
-import javax.activation.CommandMap;
-import javax.activation.MailcapCommandMap;
-import javax.mail.Session;
-import javax.net.ssl.SSLSocketFactory;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
-import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Web application initializer
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDAuthInitializer {
-
- /** a boolean identifying if the MOAIDAuthInitializer has been startet */
- public static boolean initialized = false;
-
- /**
- * Initializes the web application components which need initialization:
- * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
- */
- public static void initialize() throws ConfigurationException,
- PKIException, IOException, GeneralSecurityException {
- if (initialized) return;
- initialized = true;
- Logger.setHierarchy("moa.id.auth");
- Logger.info("Default java file.encoding: "
- + System.getProperty("file.encoding"));
-
- //JDK bug workaround according to:
- // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
- // register content data handlers for S/MIME types
- MailcapCommandMap mc = new MailcapCommandMap();
- CommandMap.setDefaultCommandMap(mc);
-
- // create some properties and get the default Session
- Properties props = new Properties();
- props.put("mail.smtp.host", "localhost");
- Session session = Session.getDefaultInstance(props, null);
-
- // Restricts TLS cipher suites
- System.setProperty(
- "https.cipherSuites",
- "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
- // load some jsse classes so that the integrity of the jars can be
- // verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction
- // with
- // iaik-jce (on jdk1.3)
- ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader();
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- } catch (ClassNotFoundException e) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
- "init.01", null), e);
- }
-
- // Initializes SSLSocketFactory store
- SSLUtils.initialize();
-
- // Initializes Namespace Map
- Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
- Constants.nSMap.put(Constants.ECDSA_PREFIX,
- "http://www.w3.org/2001/04/xmldsig-more#");
- Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-
- // Loads the configuration
- AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
- ConnectionParameter moaSPConnParam = authConf
- .getMoaSpConnectionParameter();
-
- // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK
- if (moaSPConnParam == null) {
- try {
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext("startup"));
- ConfigurationProvider config = ConfigurationProvider
- .getInstance();
- new IaikConfigurator().configure(config);
- } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
- throw new ConfigurationException("config.10", new Object[] { ex
- .toString() }, ex);
- }
- }
-
- // Initializes IAIKX509TrustManager logging
- String log4jConfigURL = System.getProperty("log4j.configuration");
- if (log4jConfigURL != null) {
- IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
- }
-
- // Initializes the Axis secure socket factory for use in calling the
- // MOA-SP web service
- if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf,
- moaSPConnParam);
- AxisSecureSocketFactory.initialize(ssf);
- }
-
- // sets the authentication session and authentication data time outs
- String param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
- if (param != null) {
- long sessionTimeOut = 0;
- try {
- sessionTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY }));
- }
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOut(sessionTimeOut);
- }
- param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
- if (param != null) {
- long authDataTimeOut = 0;
- try {
- authDataTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY }));
- }
- if (authDataTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsAuthDataTimeOut(authDataTimeOut);
- }
-
- }
-
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java
deleted file mode 100644
index 3ce2798ea..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown when the <code>AuthenticationServer</code> API is
- * called with wrong parameters provided.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class WrongParametersException extends MOAIDException {
-
- /**
- * Constructor
- */
- public WrongParametersException(String call, String parameter) {
- super("auth.05", new Object[] {call, parameter});
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
deleted file mode 100644
index 241cf0afc..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ /dev/null
@@ -1,88 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.IOException;
-import java.text.MessageFormat;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * Base class for building authentication the AUTHBlock and final OA data SAML assertions.
- * Encapsulates methods used by the two specific builders
- * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder AuthenticationBlockAssertionBuilder}
- * and
- * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder AuthenticationDataAssertionBuilder}
- *
- * @author Harald Bratko
- */
-public class AuthenticationAssertionBuilder {
-
- /** the NewLine representation in Java*/
- protected static String NL = "\n";
-
- protected static String SAML_ATTRIBUTE =
- " <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
- " <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
- " </saml:Attribute>"+ NL;
-
- /**
- * Empty constructor
- */
- public AuthenticationAssertionBuilder() {
- }
-
- /**
- * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
- * delivered to the online application.
- * The method traverses through the list of given SAML attribute objects and builds an
- * XML structure (String representation) for each of the attributes.
- *
- * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
- * to the SAML assertion delivered to the online application.
- * @return A string representation including the XML structures of
- * the SAML attributes.
- *
- * @throws ParseException If an error occurs on serializing an SAML attribute.
- */
- protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException
- {
- StringBuffer sb = new StringBuffer();
- if (extendedSAMLAttributes!=null) {
- Iterator it = extendedSAMLAttributes.iterator();
- while (it.hasNext()) {
- ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
- Object value = extendedSAMLAttribute.getValue();
- String name = extendedSAMLAttribute.getName();
- String namespace = extendedSAMLAttribute.getNameSpace();
- if (value instanceof String) {
- sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value}));
- } else if (value instanceof Element) {
- try {
- String serializedValue = DOMUtils.serializeNode((Element)(value));
- serializedValue = StringUtils.removeXMLDeclaration(serializedValue);
- sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, serializedValue}));
- } catch (TransformerException e) {
- Logger.error("Error on serializing SAML attribute \"" + name +
- " (namespace: \"" + namespace + "\".");
- throw new ParseException("parser.05", new Object[] { name, namespace});
- } catch (IOException e) {
- Logger.error("Error on serializing SAML attribute \"" + name +
- " (namespace: \"" + namespace + "\".");
- throw new ParseException("parser.05", new Object[] { name, namespace});
- }
- }
- }
- }
- return sb.toString();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
deleted file mode 100644
index 60cd11ed6..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ /dev/null
@@ -1,146 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the authentication block <code>&lt;saml:Assertion&gt;</code>
- * to be included in a <code>&lt;CreateXMLSignatureResponse&gt;</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
-
- /** template for the Auth-Block */
- private static String AUTH_BLOCK =
- "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
- " <saml:AttributeStatement>" + NL +
- " <saml:Subject>" + NL +
- " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + NL +
- " </saml:Subject>" + NL +
- "{4}" +
- " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{5}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL +
- " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL +
- "{7}" +
- " </saml:AttributeStatement>" + NL +
- "</saml:Assertion>";
-
- private static String GESCHAEFTS_BEREICH_ATTRIBUTE =
- " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL;
-
- private static String WBPK_ATTRIBUTE =
- " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>" + NL +
- " <pr:Identification>" + NL +
- " <pr:Value>{0}</pr:Value>" + NL +
- " <pr:Type>{1}</pr:Type>" + NL +
- " </pr:Identification>" + NL +
- " </saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL;
-
- /**
- * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
- */
- public static final int NUM_OF_SAML_ATTRIBUTES = 3;
-
- /**
- * Constructor for AuthenticationBlockAssertionBuilder.
- */
- public AuthenticationBlockAssertionBuilder() {
- super();
- }
-
- /**
- * Builds the authentication block <code>&lt;saml:Assertion&gt;</code>
- *
- * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code>
- * @param issueInstant current timestamp
- * @param authURL URL of MOA-ID authentication component
- * @param target "Gesch&auml;ftsbereich"; maybe <code>null</code> if the application
- * is a business application
- * @param identityLinkValue the content of the <code>&lt;pr:Value&gt;</code>
- * child element of the <code>&lt;pr:Identification&gt;</code>
- * element derived from the Identitylink; this is the
- * value of the <code>wbPK</code>;
- * maybe <code>null</code> if the application is a public service
- * @param identityLinkType the content of the <code>&lt;pr:Type&gt;</code>
- * child element of the <code>&lt;pr:Identification&gt;</code>
- * element derived from the Identitylink; this includes the
- * URN prefix and the identification number of the business
- * application used as input for wbPK computation;
- * maybe <code>null</code> if the application is a public service
- * @param oaURL public URL of online application requested
- * @param gebDat The date of birth from the identity link.
- * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
- *
- * @return String representation of authentication block
- * <code>&lt;saml:Assertion&gt;</code> built
- *
- * @throws BuildException If an error occurs on serializing an extended SAML attribute
- * to be appended to the AUTH-Block.
- */
- public String buildAuthBlock(
- String issuer,
- String issueInstant,
- String authURL,
- String target,
- String identityLinkValue,
- String identityLinkType,
- String oaURL,
- String gebDat,
- List extendedSAMLAttributes,
- AuthenticationSession session)
- throws BuildException
- {
- session.setSAMLAttributeGebeORwbpk(true);
- String gebeORwbpk = "";
- String wbpkNSDeclaration = "";
- if (target == null) {
- // OA is a business application
- if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
- // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
- gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
- wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
- } else {
- // We do not have a wbPK, therefore no SAML-Attribute is provided
- session.setSAMLAttributeGebeORwbpk(false);
- }
- } else {
- gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
- }
-
- String assertion;
- try {
- assertion = MessageFormat.format(
- AUTH_BLOCK, new Object[] {
- wbpkNSDeclaration,
- issuer,
- issueInstant,
- authURL,
- gebeORwbpk,
- oaURL,
- gebDat,
- buildExtendedSAMLAttributes(extendedSAMLAttributes)});
- } catch (ParseException e) {
- Logger.error("Error on building AUTH-Block: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
- }
-
- return assertion;
-
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
deleted file mode 100644
index 53520c846..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ /dev/null
@@ -1,156 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
- * to be provided by the MOA ID Auth component.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
- /** private static String NL contains the NewLine representation in Java*/
- private static final String NL = "\n";
- /**
- * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
- */
- private static final String AUTH_DATA =
- "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
- "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
- " xmlns:si=''" + XSI_NS_URI + "''" +
- " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
- " <saml:AttributeStatement>" + NL +
- " <saml:Subject>" + NL +
- " <saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL +
- " <saml:SubjectConfirmation>" + NL +
- " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
- " <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL +
- " </saml:SubjectConfirmation>" + NL +
- " </saml:Subject>" + NL +
- " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL +
- " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{8}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL +
- " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL +
- "{10}" +
- "{11}" +
- "{12}" +
- " </saml:AttributeStatement>" + NL +
- "</saml:Assertion>";
- /**
- * XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
- * to be inserted into the <code>&lt;saml:Assertion&gt;</code>
- */
- private static final String PUBLIC_AUTHORITY_ATT =
- " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL +
- " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL;
-
- private static final String SIGNER_CERTIFICATE_ATT =
- " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
- " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
- " </saml:Attribute>" + NL;
-
- /**
- * Constructor for AuthenticationDataAssertionBuilder.
- */
- public AuthenticationDataAssertionBuilder() {
- super();
- }
-
- /**
- * Builds the authentication data <code>&lt;saml:Assertion&gt;</code>.
- *
- * @param authData the <code>AuthenticationData</code> to build the
- * <code>&lt;saml:Assertion&gt;</code> from
- * @param xmlPersonData <code>lt;pr:Person&gt;</code> element as a String
- * @param xmlAuthBlock authentication block to be included in a
- * <code>lt;saml:SubjectConfirmationData&gt;</code> element; may include
- * the <code>"Stammzahl"</code> or not; may be empty
- * @param xmlIdentityLink the IdentityLink
- * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe
- * an empty string if the signer certificate should not be provided.
- * Will be ignored if the <code>businessService</code> parameter is
- * set to <code>false</code>.
- * @param businessService <code>true</code> if the online application is a
- * business service, otherwise <code>false</code>
- * @return the <code>&lt;saml:Assertion&gt;</code>
- * @throws BuildException if an error occurs during the build process
- */
- public String build(
- AuthenticationData authData,
- String xmlPersonData,
- String xmlAuthBlock,
- String xmlIdentityLink,
- String bkuURL,
- String signerCertificateBase64,
- boolean businessService,
- List extendedSAMLAttributes)
- throws BuildException
- {
-
- String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
- String publicAuthorityAttribute = "";
- if (authData.isPublicAuthority()) {
- String publicAuthorityIdentification = authData.getPublicAuthorityCode();
- if (publicAuthorityIdentification == null)
- publicAuthorityIdentification = "True";
- publicAuthorityAttribute = MessageFormat.format(
- PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification });
- }
-
-
- String signerCertificateAttribute = "";
- if (signerCertificateBase64 != "") {
- signerCertificateAttribute = MessageFormat.format(
- SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 });
- }
-
- String pkType;
- String pkValue;
- if (businessService) {
- pkType = authData.getIdentificationType();
- pkValue = authData.getWBPK();
-
- } else {
- pkType = URN_PREFIX_BPK;
- pkValue = authData.getBPK();
- }
-
- String assertion;
- try {
- assertion = MessageFormat.format(AUTH_DATA, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- pkType,
- pkValue,
- StringUtils.removeXMLDeclaration(xmlAuthBlock),
- StringUtils.removeXMLDeclaration(xmlIdentityLink),
- StringUtils.removeXMLDeclaration(xmlPersonData),
- isQualifiedCertificate,
- bkuURL,
- publicAuthorityAttribute,
- signerCertificateAttribute,
- buildExtendedSAMLAttributes(extendedSAMLAttributes)});
- } catch (ParseException e) {
- Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
- }
- return assertion;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
deleted file mode 100644
index 6cc8c1be8..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.security.MessageDigest;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the bPK, as defined in
- * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
- * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
- *
- * @author Paul Schamberger
- * @version $Id$
- */
-public class BPKBuilder {
-
- /**
- * Builds the bPK from the given parameters.
- * @param identificationValue Base64 encoded "Stammzahl"
- * @param target "Bereich lt. Verordnung des BKA"
- * @return bPK in a BASE64 encoding
- * @throws BuildException if an error occurs on building the bPK
- */
- public String buildBPK(String identificationValue, String target)
- throws BuildException {
-
- if ((identificationValue == null ||
- identificationValue.length() == 0 ||
- target == null ||
- target.length() == 0))
- {
- throw new BuildException("builder.00",
- new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
- identificationValue + ",target=" + target});
- }
- String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
- String hashBase64 = Base64Utils.encode(hash);
- return hashBase64;
- } catch (Exception ex) {
- throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java
deleted file mode 100644
index 3a2ee07de..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * Base class for HTML/XML builders providing commonly useful functions.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class Builder {
-
- /**
- * Replaces a given number of occurences of a special tag in an XML or HTML template by a value.
- * @param template html template
- * @param tag special tag
- * @param value value replacing the tag
- * @param expected specifies if the tag is expected to present; if <code>true</code> and the tag
- * is not present, an exception is thrown; if <code>false</code> and the tag is
- * not present, the original string is returned
- * @param maxreplacements Set -1 to replace each occurence of tag, or limit replacements by a given positive number
- * @return XML or HTML code, the tag replaced
- * @throws BuildException when template does not contain the tag
- */
- protected String replaceTag(
- String template,
- String tag,
- String value,
- boolean expected,
- int maxreplacements)
- throws BuildException
- {
- String result = template;
- int index = result.indexOf(tag);
- if (index < 0) {
- if (expected) {
- // Substring not found but should
- throw new BuildException(
- "builder.01",
- new Object[] {"&lt;" + tag.substring(1, tag.length() - 1) + "&gt;"});
- }
- } else {
- // replace each occurence
- if (maxreplacements == -1) {
- return StringUtils.replaceAll(template, tag, value);
- } else {
- int found = 1;
- while (index > -1 && (found <= maxreplacements)) {
- result = result.substring(0, index) + value + result.substring(index + tag.length());
- index = result.indexOf(tag);
- if (index > -1) found += 1;
- }
- }
- }
- return result;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
deleted file mode 100644
index 06c81f49e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.IOException;
-import java.text.MessageFormat;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * Builder for the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure
- * used for presenting certificate information in the secure viewer of the security layer implementation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements Constants {
-
- /** special tag in the VerifyXMLRequest template to be substituted for a <code>&lt;dsig:Signature&gt;</code> */
- private static final String SIGNATURE_TAG = "<dsig:Signature/>";
-
- /** private static String nl contains the NewLine representation in Java*/
- private static final String nl = "\n";
-
- /**
- * XML template for the CertInfoVerifyXMLSignatureRequest to be built
- */
- static final String CERTINFO_REQUEST =
- "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl +
- "<{0}:VerifyXMLSignatureRequest {2} xmlns:dsig=\"" + DSIG_NS_URI + "\">" + nl +
- " <{0}:SignatureInfo>" + nl +
- " <{0}:SignatureEnvironment>" + nl +
- " <{1}:XMLContent xml:space=\"preserve\"><dsig:Signature/></{1}:XMLContent>" + nl +
- " </{0}:SignatureEnvironment>" + nl +
- " <{0}:SignatureLocation>//dsig:Signature</{0}:SignatureLocation>" + nl +
- " </{0}:SignatureInfo>" + nl +
- "</{0}:VerifyXMLSignatureRequest>";
-
- /**
- * Constructor
- */
- public CertInfoVerifyXMLSignatureRequestBuilder() {
- super();
- }
- /**
- * Builds the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure.
- * @return the XML structure
- * @throws BuildException
- */
- public String build(boolean slVersion12) throws BuildException {
-
- String sl10Prefix;
- String sl11Prefix;
- String slNsDeclaration;
-
- if (slVersion12) {
-
- sl10Prefix = SL12_PREFIX;
- sl11Prefix = SL12_PREFIX;
- slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\"";
-
- } else {
-
- sl10Prefix = SL10_PREFIX;
- sl11Prefix = SL11_PREFIX;
- slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\"";
-
- }
-
- String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration});
- String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml";
-
-
- try {
- String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8");
- certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, true, 1);
- return certInfoRequest;
- }
- catch (IOException ex) {
- throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()});
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
deleted file mode 100644
index e9a9f308d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ /dev/null
@@ -1,93 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * Builder for the <code>&lt;CreateXMLSignatureRequest&gt;</code> structure
- * used for requesting a signature under the authentication block from the
- * security layer implementation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CreateXMLSignatureRequestBuilder implements Constants {
- /** private static String nl contains the NewLine representation in Java*/
- private static final String nl = "\n";
- /**
- * XML template for the <code>&lt;moa:CreateXMLSignatureRequest&gt;</code> to be built
- */
- private static final String CREATE_XML_SIGNATURE_REQUEST =
- "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl +
- "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl +
- " <{3}:KeyboxIdentifier>{1}</{3}:KeyboxIdentifier>" + nl +
- " <{3}:DataObjectInfo Structure=''detached''>" + nl +
- " <{4}:DataObject Reference=''''/>" + nl +
- "{2}" +
- " </{3}:DataObjectInfo>" + nl +
- " <{3}:SignatureInfo>" + nl +
- " <{3}:SignatureEnvironment>" + nl +
- " <{4}:XMLContent>{0}</{4}:XMLContent>" + nl +
- " </{3}:SignatureEnvironment>" + nl +
- " <{3}:SignatureLocation Index=''2''>/saml:Assertion</{3}:SignatureLocation>" + nl +
- " </{3}:SignatureInfo>" + nl +
- "</{3}:CreateXMLSignatureRequest>";
-
-
- /**
- * Constructor for CreateXMLSignatureRequestBuilder.
- */
- public CreateXMLSignatureRequestBuilder() {
- super();
- }
-
- /**
- * Builds the <code>&lt;CreateXMLSignatureRequest&gt;</code>.
- *
- * @param authBlock String representation of XML authentication block
- * @param keyBoxIdentifier the key box identifier which will be used (e.g. CertifiedKeypair)
- * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not
- * @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
- */
- public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) {
-
- String sl10Prefix;
- String sl11Prefix;
- String slNsDeclaration;
-
- String dsigTransformInfosString = "";
- for (int i = 0; i < dsigTransformInfos.length; i++) {
- dsigTransformInfosString += dsigTransformInfos[i];
- }
-
- if (slVersion12) {
-
- // replace the SecurityLayer namespace prefixes and URIs within the transforms
- dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString,
- SL10_PREFIX, SL12_PREFIX,
- SL10_NS_URI, SL12_NS_URI);
- sl10Prefix = SL12_PREFIX;
- sl11Prefix = SL12_PREFIX;
- slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'";
-
- } else {
-
- sl10Prefix = SL10_PREFIX;
- sl11Prefix = SL11_PREFIX;
- slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'";
-
- }
-
- String request = MessageFormat.format(
- CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock,
- keyBoxIdentifier,
- dsigTransformInfosString,
- sl11Prefix,
- sl10Prefix,
- slNsDeclaration });
-
- return request;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
deleted file mode 100644
index 30cc1df5a..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ /dev/null
@@ -1,83 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Builds a DataURL parameter meant for the security layer implementation
- * to respond to.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DataURLBuilder {
-
- /**
- * Constructor for DataURLBuilder.
- */
- public DataURLBuilder() {
- super();
- }
-
- /**
- * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>,
- * including the <code>MOASessionID</code> as a parameter.
- *
- * @param authBaseURL base URL (context path) of the MOA ID Authentication component,
- * including a trailing <code>'/'</code>
- * @param authServletName request part of the data URL
- * @param sessionID sessionID to be included in the dataURL
- * @return String
- */
- public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
-
- String individualDataURLPrefix = null;
- String dataURL;
- try {
- //check if an individual prefix is configured
- individualDataURLPrefix = AuthConfigurationProvider.getInstance().
- getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
-
- if (null != individualDataURLPrefix) {
-
- //check individualDataURLPrefix
- if(!individualDataURLPrefix.startsWith("http"))
- throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
-
- //when ok then use it
- dataURL = individualDataURLPrefix + authServletName;
- } else
- dataURL = authBaseURL + authServletName;
-
- } catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
- dataURL = authBaseURL + authServletName;
- }
-
- dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
- return dataURL;
- }
-
- /**
- * Method addParameter.
- * @param urlString represents the url
- * @param paramname is the parameter to be added
- * @param value is the value of that parameter
- * @return String
- */
- private String addParameter(String urlString, String paramname, String value) {
- String url = urlString;
- if (paramname != null) {
- if (url.indexOf("?") < 0)
- url += "?";
- else
- url += "&";
- url += paramname + "=" + value;
- }
- return url;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
deleted file mode 100644
index 0d0595b69..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ /dev/null
@@ -1,150 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.IOException;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import at.gv.egovernment.moa.id.BuildException;
-
-/**
- * Builder for HTML form requesting the security layer implementation
- * to get the identity link from smartcard by a <code>&lt;InfoboxReadRequest&gt;</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class GetIdentityLinkFormBuilder extends Builder {
- /** private static String NL contains the NewLine representation in Java*/
- private static final String nl = "\n";
- /** special tag in the HTML template to be substituted for the BKU URL */
- private static final String BKU_TAG = "<BKU>";
- /** special tag in the HTML template to be substituted for the XML request */
- private static final String XMLREQUEST_TAG = "<XMLRequest>";
- /** special tag in the HTML template to be substituted for the data URL */
- private static final String DATAURL_TAG = "<DataURL>";
- /** special tag in the HTML template to be substituted for certificate info XML request */
- private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>";
- /** special tag in the HTML template to be substituted for the certificate info data URL */
- private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>";
- /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
- private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
- /** private static int all contains the representation to replace all tags*/
- private static final int ALL = -1;
-
- /** default HTML template */
- private static final String DEFAULT_HTML_TEMPLATE =
- "<html>" + nl +
- "<head>" + nl +
- "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
- "<title>Anmeldung mit B&uuml;rgerkarte</title>" + nl +
- "</head>" + nl +
- "<body>" + nl +
- "<form name=\"GetIdentityLinkForm\"" + nl +
- " action=\"" + BKU_TAG + "\"" + nl +
- " method=\"post\">" + nl +
- " <input type=\"hidden\" " + nl +
- " name=\"XMLRequest\"" + nl +
- " value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
- " <input type=\"hidden\" " + nl +
- " name=\"DataURL\"" + nl +
- " value=\"" + DATAURL_TAG + "\"/>" + nl +
- " <input type=\"hidden\" " + nl +
- " name=\"PushInfobox\"" + nl +
- " value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
- " <input type=\"submit\" value=\"Anmeldung mit B&uuml;rgerkarte\"/>" + nl +
- "</form>" + nl +
- "<form name=\"CertificateInfoForm\"" + nl +
- " action=\"" + BKU_TAG + "\"" + nl +
- " method=\"post\">" + nl +
- " <input type=\"hidden\" " + nl +
- " name=\"XMLRequest\"" + nl +
- " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl +
- " <input type=\"hidden\" " + nl +
- " name=\"DataURL\"" + nl +
- " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl +
-// " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
- " <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
- "</form>" + nl +
- "</body>" + nl +
- "</html>";
-
- /**
- * Constructor for GetIdentityLinkFormBuilder.
- */
- public GetIdentityLinkFormBuilder() {
- super();
- }
- /**
- * Builds the HTML form, including XML Request and data URL as parameters.
- *
- * @param htmlTemplate template to be used for the HTML form;
- * may be <code>null</code>, in this case a default layout will be produced
- * @param xmlRequest XML Request to be sent as a parameter in the form
- * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
- * may be <code>null</code>, in this case the default URL will be used
- * @param dataURL DataURL to be sent as a parameter in the form
- */
- public String build(
- String htmlTemplate,
- String bkuURL,
- String xmlRequest,
- String dataURL,
- String certInfoXMLRequest,
- String certInfoDataURL,
- String pushInfobox)
- throws BuildException
- {
- String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
-// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
- htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
- htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
- htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
- htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
-//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
- htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
- htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
- return htmlForm;
- }
- /**
- * Encodes a string for inclusion as a parameter in the form.
- * Double quotes are substituted by <code>"&amp;quot;"</code>.
- * @param s the string to be encoded
- * @return the string encoded
- * @throws BuildException on any exception encountered
- */
- public static String encodeParameter(String s) throws BuildException {
- StringReader in = new StringReader(s);
- StringWriter out = new StringWriter();
- try {
- for (int ch = in.read(); ch >= 0; ch = in.read()) {
- if (ch == '"')
- out.write("&quot;");
- else if (ch == '<')
- out.write("&lt;");
- else if (ch == '>')
- out.write("&gt;");
- else if (ch == 'ä')
- out.write("&auml;");
- else if (ch == 'ö')
- out.write("&ouml;");
- else if (ch == 'ü')
- out.write("&uuml;");
- else if (ch == 'Ä')
- out.write("&Auml;");
- else if (ch == 'Ö')
- out.write("&Ouml;");
- else if (ch == 'Ü')
- out.write("&Uuml;");
- else if (ch == 'ß')
- out.write("&szlig;");
- else
- out.write(ch);
- }
- }
- catch (IOException ex) {
- throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()});
- }
- return out.toString();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
deleted file mode 100644
index c2bafe43b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the <code>&lt;InfoboxReadRequest&gt;</code> structure
- * used for requesting the identity link from the security layer implementation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class InfoboxReadRequestBuilder implements Constants {
-
-
- /**
- * Constructor for InfoboxReadRequestBuilder.
- */
- public InfoboxReadRequestBuilder() {
- }
-
-
- /**
- * Builds an <code>&lt;InfoboxReadRequest&gt;</code>.
- *
- * @param slVersion12 specifies whether the Security Layer version is
- * version 1.2 or not
- * @param businessService specifies whether the online application is a
- * business service or not
- * @param identityLinkDomainIdentifier the identification number of the business
- * company; maybe <code>null</code> if the OA
- * is a public service; must not be <code>null</code>
- * if the OA is a business service
- *
- * @return <code>&lt;InfoboxReadRequest&gt;</code> as String
- */
- public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) {
-
- String slPrefix;
- String slNsDeclaration;
-
- if (slVersion12) {
- slPrefix = SL12_PREFIX;
- slNsDeclaration = SL12_NS_URI;
- } else {
- slPrefix = SL10_PREFIX;
- slNsDeclaration = SL10_NS_URI;
- }
-
- StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
- sb.append("<");
- sb.append(slPrefix);
- sb.append(":InfoboxReadRequest xmlns:");
- sb.append(slPrefix);
- sb.append("=\"");
- sb.append(slNsDeclaration);
- sb.append("\">");
- sb.append("<");
- sb.append(slPrefix);
- sb.append(":InfoboxIdentifier>IdentityLink</");
- sb.append(slPrefix);
- sb.append(":InfoboxIdentifier>");
- sb.append("<");
- sb.append(slPrefix);
- sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>");
- if (businessService) {
- sb.append("<");
- sb.append(slPrefix);
- sb.append(":BoxSpecificParameters>");
- sb.append("<");
- sb.append(slPrefix);
- sb.append(":IdentityLinkDomainIdentifier>");
- sb.append(identityLinkDomainIdentifier);
- sb.append("</sl:IdentityLinkDomainIdentifier>");
- sb.append("</");
- sb.append(slPrefix);
- sb.append(":BoxSpecificParameters>");
- }
- sb.append("</");
- sb.append(slPrefix);
- sb.append(":InfoboxReadRequest>");
-
- return sb.toString();
-
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
deleted file mode 100644
index 038e549be..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.util.List;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * This class provides one method for building parameters needed for
- * validating an infobox token.
- *
- * @author Harald Bratko
- */
-public class InfoboxValidatorParamsBuilder {
-
- // hide the default constructor
- private InfoboxValidatorParamsBuilder() {
- }
-
- /**
- * Builds the parameters passed to the validator class for validating an infobox token.
- *
- * @param session The actual Authentication session.
- * @param verifyInfoboxParameter The configuration parameters for the infobox.
- * @param infoboxTokenList Contains the infobox token to be validated.
- * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en)
- * should be hidden in any SAML attributes returned by
- * an infobox validator.
- *
- * @return Parameters for validating an infobox token.
- */
- public static InfoboxValidatorParams buildInfoboxValidatorParams(
- AuthenticationSession session,
- VerifyInfoboxParameter verifyInfoboxParameter,
- List infoboxTokenList,
- boolean hideStammzahl)
- {
- InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
- IdentityLink identityLink = session.getIdentityLink();
-
- // the infobox token to validate
- infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
- // configuration parameters
- infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
- infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
- infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
- // authentication session parameters
- infoboxValidatorParams.setBkuURL(session.getBkuURL());
- infoboxValidatorParams.setTarget(session.getTarget());
- infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
- // parameters from the identity link
- infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
- infoboxValidatorParams.setGivenName(identityLink.getGivenName());
- infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
- if (verifyInfoboxParameter.getProvideStammzahl()) {
- infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
- }
- infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
- infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
- if (verifyInfoboxParameter.getProvideIdentityLink()) {
- Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
- if (!verifyInfoboxParameter.getProvideStammzahl()) {
- Element identificationValueElem =
- (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- if (identificationValueElem != null) {
- identificationValueElem.getFirstChild().setNodeValue("");
- }
- }
- infoboxValidatorParams.setIdentityLink(identityLinkElem);
- }
- infoboxValidatorParams.setHideStammzahl(hideStammzahl);
- return infoboxValidatorParams;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
deleted file mode 100644
index 819ed79bb..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Builder for the <code>lt;pr:Person&gt;</code> element to be inserted
- * in the authentication data <code>lt;saml:Assertion&gt;</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PersonDataBuilder {
-
- /**
- * Constructor for PersonDataBuilder.
- */
- public PersonDataBuilder() {
- super();
- }
- /**
- * Builds the <code>&lt;pr:Person&gt;</code> element.<br/>
- * Utilizes the parsed <code>&lt;prPerson&gt;</code> from the identity link
- * and the information regarding inclusion of <code>"Stammzahl"</code> in the
- * <code>&lt;pr:Person&gt;</code> data.
- *
- * @param identityLink <code>IdentityLink</code> containing the
- * attribute <code>prPerson</code>
- * @param provideStammzahl true if <code>"Stammzahl"</code> is to be included;
- * false otherwise
- * @return the <code>&lt;pr:Person&gt;</code> element as a String
- * @throws BuildException on any error
- */
- public String build(IdentityLink identityLink, boolean provideStammzahl)
- throws BuildException {
-
- try {
- Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true);
- if (! provideStammzahl) {
- Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value");
- //remove IdentificationValue
- prIdentification.getFirstChild().setNodeValue("");
- }
- String xmlString = DOMUtils.serializeNode(prPerson);
- return xmlString;
- }
- catch (Exception ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"PersonData", ex.toString()},
- ex);
- }
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
deleted file mode 100644
index 27e19e830..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.ByteArrayOutputStream;
-import java.security.MessageDigest;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.Base64Utils;
-
-/**
- * Builder for the SAML artifact, as defined in the
- * Browser/Artifact profile of SAML.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLArtifactBuilder {
-
- /**
- * Constructor for SAMLArtifactBuilder.
- */
- public SAMLArtifactBuilder() {
- super();
- }
-
- /**
- * Builds the SAML artifact, encoded BASE64.
- * <ul>
- * <li><code>TypeCode</code>: <code>0x0001</code>.</li>
- * <li><code>SourceID</code>: SHA-1 hash of the authURL</li>
- * <li><code>AssertionHandle</code>: SHA-1 hash of the <code>MOASessionID</code></li>
- * </ul>
- * @param authURL URL auf the MOA-ID Auth component to be used for construction
- * of <code>SourceID</code>
- * @param sessionID <code>MOASessionID</code> to be used for construction
- * of <code>AssertionHandle</code>
- * @return the 42-byte SAML artifact, encoded BASE64
- */
- public String build(String authURL, String sessionID) throws BuildException {
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] sourceID = md.digest(authURL.getBytes());
- byte[] assertionHandle = md.digest(sessionID.getBytes());
- ByteArrayOutputStream out = new ByteArrayOutputStream(42);
- out.write(0);
- out.write(1);
- out.write(sourceID, 0, 20);
- out.write(assertionHandle, 0, 20);
- byte[] samlArtifact = out.toByteArray();
- String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
- return samlArtifactBase64;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()},
- ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
deleted file mode 100644
index 64cb16181..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
+++ /dev/null
@@ -1,91 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * Builder for the <code>lt;samlp:Response&gt;</code> used for passing
- * result and status information from the <code>GetAuthenticationData</code>
- * web service.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLResponseBuilder implements Constants {
- /** XML - Template for samlp:Response */
- private static final String RESPONSE =
- "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
- "<samlp:Response xmlns:samlp=\"" + SAMLP_NS_URI + "\" xmlns:saml=\"" + SAML_NS_URI + "\"" +
- " ResponseID=\"{0}\" InResponseTo=\"{1}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{2}\">" +
- " <samlp:Status>" +
- " <samlp:StatusCode Value=\"{3}\">" +
- " {4}" +
- " </samlp:StatusCode>" +
- " <samlp:StatusMessage>{5}</samlp:StatusMessage>" +
- " </samlp:Status>" +
- " {6}" +
- "</samlp:Response>";
- /** XML - Template for samlp:StatusCode */
- private static final String SUB_STATUS_CODE =
- "<samlp:StatusCode Value=\"{0}\"></samlp:StatusCode>";
-
- /**
- * Constructor for SAMLResponseBuilder.
- */
- public SAMLResponseBuilder() {
- super();
- }
- /**
- * Builds the SAML response.
- * @param responseID response ID
- * @param inResponseTo request ID of <code>lt;samlp:Request&gt;</code> responded to
- * @param issueInstant current timestamp
- * @param statusCode status code
- * @param subStatusCode sub-status code refining the status code; may be <code>null</code>
- * @param statusMessage status message
- * @param samlAssertion SAML assertion representing authentication data
- * @return SAML response as a DOM element
- */
- public Element build(
- String responseID,
- String inResponseTo,
- String issueInstant,
- String statusCode,
- String subStatusCode,
- String statusMessage,
- String samlAssertion)
- throws BuildException {
-
- try {
- String xmlSubStatusCode =
- subStatusCode == null ?
- "" :
- MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode});
-
- String xmlResponse = MessageFormat.format(RESPONSE, new Object[] {
- responseID,
- inResponseTo,
- issueInstant,
- statusCode,
- xmlSubStatusCode,
- statusMessage,
- StringUtils.removeXMLDeclaration(samlAssertion) });
- Element domResponse = DOMUtils.parseDocument(xmlResponse, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return domResponse;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] { "samlp:Response", ex.toString() },
- ex);
- }
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
deleted file mode 100644
index 312179e73..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.id.BuildException;
-
-/**
- * Builder for the BKU selection form requesting the user to choose
- * a BKU from a list.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SelectBKUFormBuilder extends Builder {
- /** private static String NL contains the NewLine representation in Java*/
- private static final String nl = "\n";
- /** special tag in the HTML template to be substituted for the form action which is
- * a URL of MOA-ID Auth */
- private static final String ACTION_TAG = "<StartAuth>";
- /** special tag in the HTML template to be substituted for the <code>&lt;select;gt;</code> tag
- * containing the BKU selection options */
- private static final String SELECT_TAG = "<BKUSelect>";
- /**
- * Template for the default html-code to be returned as security-layer-selection to be built
- */
- private static final String DEFAULT_HTML_TEMPLATE =
- "<html>" + nl +
- "<head>" + nl +
- "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
- "<title>Auswahl der B&uuml;rgerkartenumgebung</title>" + nl +
- "</head>" + nl +
- "<body>" + nl +
- "<form name=\"BKUSelectionForm\"" + nl +
- " action=\"" + ACTION_TAG + "\"" + nl +
- " method=\"post\">" + nl +
- SELECT_TAG + nl +
- " <input type=\"submit\" value=\"B&uuml;rgerkartenumgebung ausw&auml;hlen\"/>" + nl +
- "</form>" + nl +
- "</body>" + nl +
- "</html>";
-
- /**
- * Constructor
- */
- public SelectBKUFormBuilder() {
- super();
- }
- /**
- * Method build. Builds the form
- * @param htmlTemplate to be used
- * @param startAuthenticationURL the url where the startAuthenticationServlet can be found
- * @param bkuSelectTag if a special bku should be used
- * @return String
- * @throws BuildException on any error
- */
- public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag)
- throws BuildException {
-
- String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
- htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1);
- htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1);
- return htmlForm;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
deleted file mode 100644
index 758f28150..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ /dev/null
@@ -1,206 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
- * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureRequestBuilder {
-
- /** shortcut for XMLNS namespace URI */
- private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
- /** shortcut for MOA namespace URI */
- private static final String MOA_NS_URI = Constants.MOA_NS_URI;
- /** The DSIG-Prefix */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
-
- /** The document containing the <code>VerifyXMLsignatureRequest</code> */
- private Document requestDoc_;
- /** the <code>VerifyXMLsignatureRequest</code> root element */
- private Element requestElem_;
-
-
- /**
- * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root
- * element and namespace declarations.
- *
- * @throws BuildException If an error occurs on building the document.
- */
- public VerifyXMLSignatureRequestBuilder() throws BuildException {
- try {
- DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- requestDoc_ = docBuilder.newDocument();
- requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
- requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
- requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
- requestDoc_.appendChild(requestElem_);
- } catch (Throwable t) {
- throw new BuildException(
- "builder.00",
- new Object[] {"VerifyXMLSignatureRequest", t.toString()},
- t);
- }
- }
-
-
- /**
- * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
- * from an IdentityLink with a known trustProfileID which
- * has to exist in MOA-SP
- * @param identityLink - The IdentityLink
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- *
- * @return Element - The complete request as Dom-Element
- *
- * @throws ParseException
- */
- public Element build(IdentityLink identityLink, String trustProfileID)
- throws ParseException
- {
- try {
- // build the request
- Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
- requestElem_.appendChild(dateTimeElem);
- Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
- dateTimeElem.appendChild(dateTime);
- Element verifiySignatureInfoElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
- requestElem_.appendChild(verifiySignatureInfoElem);
- Element verifySignatureEnvironmentElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
- verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
- Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
- verifySignatureEnvironmentElem.appendChild(base64ContentElem);
- // insert the base64 encoded identity link SAML assertion
- String serializedAssertion = identityLink.getSerializedSamlAssertion();
- String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8"));
- //replace all '\r' characters by no char.
- StringBuffer replaced = new StringBuffer();
- for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
- char c = base64EncodedAssertion.charAt(i);
- if (c != '\r') {
- replaced.append(c);
- }
- }
- base64EncodedAssertion = replaced.toString();
- Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
- base64ContentElem.appendChild(base64Content);
- // specify the signature location
- Element verifySignatureLocationElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
- verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
- Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
- verifySignatureLocationElem.appendChild(signatureLocation);
- // signature manifest params
- Element signatureManifestCheckParamsElem =
- requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
- requestElem_.appendChild(signatureManifestCheckParamsElem);
- signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
- // add the transforms
- Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
- signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
- Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
- for (int i = 0; i < dsigTransforms.length; i++) {
- Element verifyTransformsInfoProfileElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
- referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
- verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));
- }
- Element returnHashInputDataElem =
- requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
- requestElem_.appendChild(returnHashInputDataElem);
- Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
- trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
- requestElem_.appendChild(trustProfileIDElem);
- } catch (Throwable t) {
- throw new ParseException("builder.00",
- new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
- }
-
- return requestElem_;
- }
-
-
- /**
- * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
- * from the signed AUTH-Block with a known trustProfileID which
- * has to exist in MOA-SP
- * @param csr - signed AUTH-Block
- * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- * @return Element - The complete request as Dom-Element
- * @throws ParseException
- */
- public Element build(
- CreateXMLSignatureResponse csr,
- String[] verifyTransformsInfoProfileID,
- String trustProfileID)
- throws BuildException { //samlAssertionObject
-
- try {
- // build the request
-// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:"
-// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
- Element verifiySignatureInfoElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
- requestElem_.appendChild(verifiySignatureInfoElem);
- Element verifySignatureEnvironmentElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
- verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
- Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
- verifySignatureEnvironmentElem.appendChild(xmlContentElem);
- xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
- // insert the SAML assertion
- xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true));
- // specify the signature location
- Element verifySignatureLocationElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
- verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
- Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
- verifySignatureLocationElem.appendChild(signatureLocation);
- // signature manifest params
- Element signatureManifestCheckParamsElem =
- requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
- requestElem_.appendChild(signatureManifestCheckParamsElem);
- signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
- // add the transform profile IDs
- Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
- signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
- for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
- Element verifyTransformsInfoProfileIDElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
- referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
- verifyTransformsInfoProfileIDElem.appendChild(
- requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
- }
- Element returnHashInputDataElem =
- requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
- requestElem_.appendChild(returnHashInputDataElem);
- Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
- trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
- requestElem_.appendChild(trustProfileIDElem);
-
- } catch (Throwable t) {
- throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
- }
-
- return requestElem_;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
deleted file mode 100644
index 90d79a46d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ /dev/null
@@ -1,383 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.util.Date;
-import java.util.List;
-
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Session data to be stored between <code>AuthenticationServer</code> API calls.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationSession {
-
- private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
-
- /**
- * session ID
- */
- private String sessionID;
- /**
- * "Gesch&auml;ftsbereich" the online application belongs to; maybe <code>null</code>
- * if the online application is a business application
- */
- private String target;
- /**
- * public online application URL requested
- */
- private String oaURLRequested;
- /**
- * public online application URL prefix
- */
- private String oaPublicURLPrefix;
- /**
- * URL of MOA ID authentication component
- */
- private String authURL;
- /**
- * HTML template URL
- */
- private String templateURL;
- /**
- * URL of the BKU
- */
- private String bkuURL;
- /**
- * identity link read from smartcard
- */
- private IdentityLink identityLink;
- /**
- * authentication block to be signed by the user
- */
- private String authBlock;
- /**
- * timestamp logging when authentication session has been created
- */
- private Date timestampStart;
- /**
- * timestamp logging when identity link has been received
- */
- private Date timestampIdentityLink;
- /**
- * Indicates whether the corresponding online application is a business
- * service or not
- */
- private boolean businessService;
-
- /**
- * SAML attributes from an extended infobox validation to be appended
- * to the SAML assertion delivered to the final online application.
- */
- private List extendedSAMLAttributesOA;
-
- /**
- * The boolean value for either a target or a wbPK is provided as
- * SAML Attribute in the SAML Assertion or not.
- */
- private boolean samlAttributeGebeORwbpk;
-
- /**
- * SAML attributes from an extended infobox validation to be appended
- * to the SAML assertion of the AUTHBlock.
- */
- private List extendedSAMLAttributesAUTH;
-
- /**
- * The issuing time of the AUTH-Block SAML assertion.
- */
- private String issueInstant;
-
- /**
- * Constructor for AuthenticationSession.
- *
- * @param id Session ID
- */
- public AuthenticationSession(String id) {
- sessionID = id;
- setTimestampStart();
- }
-
- /**
- * Returns the identityLink.
- * @return IdentityLink
- */
- public IdentityLink getIdentityLink() {
- return identityLink;
- }
-
- /**
- * Returns the sessionID.
- * @return String
- */
- public String getSessionID() {
- return sessionID;
- }
-
- /**
- * Sets the identityLink.
- * @param identityLink The identityLink to set
- */
- public void setIdentityLink(IdentityLink identityLink) {
- this.identityLink = identityLink;
- }
-
- /**
- * Sets the sessionID.
- * @param sessionId The sessionID to set
- */
- public void setSessionID(String sessionId) {
- this.sessionID = sessionId;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getOAURLRequested() {
- return oaURLRequested;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getPublicOAURLPrefix() {
- return oaPublicURLPrefix;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Returns the target.
- * @return String
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Sets the oaURLRequested.
- * @param oaURLRequested The oaURLRequested to set
- */
- public void setOAURLRequested(String oaURLRequested) {
- this.oaURLRequested = oaURLRequested;
- }
-
- /**
- * Sets the oaPublicURLPrefix
- * @param oaPublicURLPrefix The oaPublicURLPrefix to set
- */
- public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
- this.oaPublicURLPrefix = oaPublicURLPrefix;
- }
-
- /**
- * Sets the bkuURL
- * @param bkuURL The BKU URL to set
- */
- public void setBkuURL(String bkuURL) {
- this.bkuURL = bkuURL;
- }
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- * @param target The target to set
- */
- public void setTarget(String target) {
- if (target != null && target.startsWith(TARGET_PREFIX_))
- {
- // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix
- this.target = target.substring(TARGET_PREFIX_.length());
- Logger.debug("Target prefix stripped off; resulting target: " + this.target);
- }
- else
- {
- this.target = target;
- }
- }
-
- /**
- * Returns the authURL.
- * @return String
- */
- public String getAuthURL() {
- return authURL;
- }
-
- /**
- * Sets the authURL.
- * @param authURL The authURL to set
- */
- public void setAuthURL(String authURL) {
- this.authURL = authURL;
- }
-
- /**
- * Returns the authBlock.
- * @return String
- */
- public String getAuthBlock() {
- return authBlock;
- }
-
- /**
- * Sets the authBlock.
- * @param authBlock The authBlock to set
- */
- public void setAuthBlock(String authBlock) {
- this.authBlock = authBlock;
- }
-
- /**
- * Returns the timestampIdentityLink.
- * @return Date
- */
- public Date getTimestampIdentityLink() {
- return timestampIdentityLink;
- }
-
- /**
- * Returns the businessService.
- * @return <code>true</code> if the corresponding online application is
- * a business application, otherwise <code>false</code>
- */
- public boolean getBusinessService() {
- return businessService;
- }
-
- /**
- * Sets the businessService variable.
- * @param businessService the value for setting the businessService variable.
- */
- public void setBusinessService(boolean businessService) {
- this.businessService = businessService;
- }
-
- /**
- * Returns the timestampStart.
- * @return Date
- */
- public Date getTimestampStart() {
- return timestampStart;
- }
-
- /**
- * Sets the current date as timestampIdentityLink.
- */
- public void setTimestampIdentityLink() {
- timestampIdentityLink = new Date();
- }
-
- /**
- * Sets the current date as timestampStart.
- */
- public void setTimestampStart() {
- timestampStart = new Date();
- }
-
- /**
- * @return template URL
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
- /**
- * @param string the template URL
- */
- public void setTemplateURL(String string) {
- templateURL = string;
- }
-
- /**
- * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- */
- public List getExtendedSAMLAttributesAUTH() {
- return extendedSAMLAttributesAUTH;
- }
-
- /**
- * Sets the SAML Attributes to be appended to the AUTHBlock.
- *
- * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock.
- */
- public void setExtendedSAMLAttributesAUTH(
- List extendedSAMLAttributesAUTH) {
- this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
- }
-
- /**
- * Returns the SAML Attributes to be appended to the SAML assertion
- * delivered to the online application. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the SAML assertion
- * delivered to the online application
- */
- public List getExtendedSAMLAttributesOA() {
- return extendedSAMLAttributesOA;
- }
-
- /**
- * Sets the SAML Attributes to be appended to the SAML assertion
- * delivered to the online application.
- *
- * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML
- * assertion delivered to the online application.
- */
- public void setExtendedSAMLAttributesOA(
- List extendedSAMLAttributesOA) {
- this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
- }
-
- /**
- * Returns the boolean value for either a target or a wbPK is
- * provided as SAML Attribute in the SAML Assertion or not.
- *
- * @return true either a target or a wbPK is provided as SAML Attribute
- * in the SAML Assertion or false if not.
- */
- public boolean getSAMLAttributeGebeORwbpk() {
- return this.samlAttributeGebeORwbpk;
- }
-
- /**
- * Sets the boolean value for either a target or a wbPK is
- * provided as SAML Attribute in the SAML Assertion or not.
- *
- * @param samlAttributeGebeORwbpk The boolean for value either a target or
- * wbPK is provided as SAML Attribute in the SAML Assertion or not.
- */
- public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
- this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
- }
-
- /**
- * Returns the issuing time of the AUTH-Block SAML assertion.
- *
- * @return The issuing time of the AUTH-Block SAML assertion.
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Sets the issuing time of the AUTH-Block SAML assertion.
- *
- * @param issueInstant The issueInstant to set.
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
deleted file mode 100644
index d121f2c55..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import org.w3c.dom.Element;
-
-/**
- * This bean saves all information of the CreateXMLSignature-Response:
- * a {@link SAMLAttribute} array, the SamlAssertion-Element and the
- * saml NameIdentifier
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class CreateXMLSignatureResponse {
- /** the samlNameIdentifier */
-private String samlNameIdentifier;
- /** an array of saml-attributes */
-private SAMLAttribute[] samlAttributes;
- /**
- * the original saml:Assertion-Element
- */
- private Element samlAssertion;
-/**
- * Returns the samlAssertion.
- * @return Element
- */
-public Element getSamlAssertion() {
- return samlAssertion;
-}
-
-/**
- * Returns the samlAttribute.
- * @return SAMLAttribute[]
- */
-public SAMLAttribute[] getSamlAttributes() {
- return samlAttributes;
-}
-
-/**
- * Returns the samlNameIdentifier.
- * @return String
- */
-public String getSamlNameIdentifier() {
- return samlNameIdentifier;
-}
-
-/**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
-public void setSamlAssertion(Element samlAssertion) {
- this.samlAssertion = samlAssertion;
-}
-
-/**
- * Sets the samlAttribute.
- * @param samlAttributes The samlAttributes to set
- */
-public void setSamlAttributes(SAMLAttribute[] samlAttributes) {
- this.samlAttributes = samlAttributes;
-}
-
-/**
- * Sets the samlNameIdentifier.
- * @param samlNameIdentifier The samlNameIdentifier to set
- */
-public void setSamlNameIdentifier(String samlNameIdentifier) {
- this.samlNameIdentifier = samlNameIdentifier;
-}
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
deleted file mode 100644
index 795079227..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-/**
- * A SAML-Attribute to be appended to the final SAML-Assertion
- * that will be passed to the online application.
- */
-public interface ExtendedSAMLAttribute {
- /**
- * Add this attribute only to the SAML-Assertion
- * passed to the online application, but not to
- * the AUTH-Block.
- */
- public final static int NOT_ADD_TO_AUTHBLOCK = 0;
- /**
- * Add this attribute to both, the AUTH-Block and the
- * final SAML-Assertion passed to the online application.
- */
- public final static int ADD_TO_AUTHBLOCK = 1;
- /**
- * Add this attribute to only the AUTH-Block, but not
- * to the final SAML-Assertion passed to the online application.
- */
- public final static int ADD_TO_AUTHBLOCK_ONLY = 2;
-
- /**
- * The value of the SAML-Attribute. This must be either a
- * <code>org.w3c.Element</code> or a <code>java.lang.String</code>
- * object. Each other type will be ignored. <br>
- * If, for example, the type of the actual SAML-Attribute is a
- * <code>&lt;xsd:boolean&gt;</code> the value must be either the String
- * <code>&quot;true&quot;</code> or <code>&quot;false&quot;</code>.
- * Or the <code>&lt;xsd:integer&gt;</code> number <code>273</code>
- * has to be the String <code>&quot;273&quot;</code>.
- *
- * @return The value of the SAML-Attribute. Must not be <code>null</code>.
- */
- public Object getValue();
-
- /**
- * The name of the SAML-Attribute.
- *
- * @return The name of the SAML-Attribute. Must not be <code>null</code>.
- */
- public String getName();
-
- /**
- * The namespace of the SAML-Attribute.
- * An application will use the context specific namespace URI for the attribute it returns.
- * However, if the application cannot explicitely assign a namespace URI, the
- * {@link at.gv.egovernment.moa.util.Constants#MOA_NS_URI default} MOA namespace URI
- * should be used.
- *
- * @return The namespace of the SAML-Attribute. Must not be <code>null</code>.
- */
- public String getNameSpace();
-
- /**
- * Specifies if this SAML-Attribute should be added to the AUTH-Block.
- * <br>
- * Depending on the returned value, this SAML-Attribute should be only added to the
- * final SAML-Assertion passed to the online application (0), to both, the final
- * assertion and the AUTH-Block (1) or to the AUTH-Block only (2).
- *
- * @return <ul>
- * <li>0 - add this SAML-Attribute to the final SAML-Assertion only</li>
- * <li>1 - add this SAML-Attribute to both, the final SAML-Assertion and the
- * AUTH-Block</li>
- * <li>2 - add this SAML-Attribute to the AUTH-Block only
- * </ul>
- */
- public int getAddToAUTHBlock();
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
deleted file mode 100644
index e7e490924..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ /dev/null
@@ -1,137 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-/**
- * This class contains SAML attributes to be appended to the SAML assertion delivered to
- * the Online application.
- *
- * @author Harald Bratko
- */
-public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute {
-
- /**
- * The value of this SAML attribute. Must be either of type <code>java.lang.String</code>
- * or <code>org.w3c.Element</code>.
- */
- protected Object value_;
-
- /**
- * The name of this SAML attribute.
- */
- protected String name_;
-
- /**
- * The namespace URI of this SAML attribute.
- */
- protected String namespace_;
-
- /**
- * Specifies whether this SAML attribute should be appended to AUTH Block.
- */
- protected int addToAUTHBlock_;
-
- /**
- * Sets this ExtendedSAMLAttribute.
- * @param name The name of this SAML Attribute.
- * @param value The value of this SAML Attribute. Must be either of type
- * <code>java.lang.String</code> or <code>org.w3c.dom.Element</code>.
- * @param namespace The namespace of this SAML Attribute.
- * @param addToAUTHBlock Specifies if this SAML Attribute should be added to the AUTHBlock.
- * The following values are allowed:
- * <ul>
- * <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
- * </li>
- * <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
- * </li>
- * <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
- * </li>
- * </ul>
- *
- */
- public ExtendedSAMLAttributeImpl(String name, Object value, String namespace, int addToAUTHBlock) {
- name_ = name;
- value_ = value;
- namespace_ = namespace;
- addToAUTHBlock_ = addToAUTHBlock;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue()
- */
- public Object getValue() {
- return value_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName()
- */
- public String getName() {
- return name_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace()
- */
- public String getNameSpace() {
- return namespace_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
- */
- public int getAddToAUTHBlock() {
- return addToAUTHBlock_;
- }
-
- /**
- * Specifies if this SAML Attribute should be added to the AUTHBlock.
- *
- * @param addToAUTHBlock One of the following values:
- * <ul>
- * <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
- * </li>
- * <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
- * </li>
- * <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
- * </li>
- * </ul>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
- */
- public void setAddToAUTHBlock(int addToAUTHBlock) {
- addToAUTHBlock_ = addToAUTHBlock;
- }
-
- /**
- * Sets the name of this SAML attribute.
- *
- * @param name The name of this SAML attribute.
- */
- public void setName(String name) {
- name_ = name;
- }
-
- /**
- * Sets the namespace of this SAML attribute.
- *
- * @param namespace The namespace to set.
- */
- public void setNamespace(String namespace) {
- namespace_ = namespace;
- }
-
- /**
- * Sets the value of this SAML attribute.
- *
- * @param value The value of this SAML Attribute. Must be either of type
- * <code>java.lang.String</code> or <code>org.w3c.dom.Element</code>.
- */
- public void setValue(Object value) {
- value_ = value;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
deleted file mode 100644
index 844451035..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ /dev/null
@@ -1,266 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.io.IOException;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.util.DOMUtils;
-
-
-/**
- * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
- * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLink {
- /**
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- */
- private String identificationValue;
- /**
- * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
- */
- private String identificationType;
- /**
- * first name
- */
- private String givenName;
- /**
- * family name
- */
- private String familyName;
-
- /**
- * The name as (givenName + familyName)
- */
- private String name;
- /**
- * date of birth
- */
- private String dateOfBirth;
- /**
- * the original saml:Assertion-Element
- */
- private Element samlAssertion;
- /**
- * the serializes saml:Assertion
- */
- private String serializedSamlAssertion;
- /**
- * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
- */
- private Element prPerson;
- /**
- * we need for each dsig:Reference Element all
- * transformation elements
- */
- private Element[] dsigReferenceTransforms;
-
- /**
- * The issuing time of the identity link SAML assertion.
- */
- private String issueInstant;
-
- /**
- * we need all public keys stored in
- * the identity link
- */
- private PublicKey[] publicKey;
-
- /**
- * Constructor for IdentityLink
- */
- public IdentityLink() {
- }
-
- /**
- * Returns the dateOfBirth.
- * @return Calendar
- */
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Returns the name.
- * @return The name.
- */
- public String getName() {
- if (name == null) {
- name = givenName + " " + familyName;
- }
- return name;
- }
-
- /**
- * Returns the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- * @return String
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Returns the identificationType.
- * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
- * @return String
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the Type of the identificationValue.
- * @param identificationType The type of identificationValue to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Returns the samlAssertion.
- * @return Element
- */
- public Element getSamlAssertion() {
- return samlAssertion;
- }
-
- /**
- * Returns the samlAssertion.
- * @return Element
- */
- public String getSerializedSamlAssertion() {
- return serializedSamlAssertion;
- }
-
- /**
- * Sets the samlAssertion and the serializedSamlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
- this.samlAssertion = samlAssertion;
- this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);
- }
-
- /**
- * Returns the dsigReferenceTransforms.
- * @return Element[]
- */
- public Element[] getDsigReferenceTransforms() {
- return dsigReferenceTransforms;
- }
-
- /**
- * Sets the dsigReferenceTransforms.
- * @param dsigReferenceTransforms The dsigReferenceTransforms to set
- */
- public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
- this.dsigReferenceTransforms = dsigReferenceTransforms;
- }
-
- /**
- * Returns the publicKey.
- * @return PublicKey[]
- */
- public PublicKey[] getPublicKey() {
- return publicKey;
- }
-
- /**
- * Sets the publicKey.
- * @param publicKey The publicKey to set
- */
- public void setPublicKey(PublicKey[] publicKey) {
- this.publicKey = publicKey;
- }
-
- /**
- * Returns the prPerson.
- * @return Element
- */
- public Element getPrPerson() {
- return prPerson;
- }
-
- /**
- * Sets the prPerson.
- * @param prPerson The prPerson to set
- */
- public void setPrPerson(Element prPerson) {
- this.prPerson = prPerson;
- }
-
- /**
- * Returns the issuing time of the identity link SAML assertion.
- *
- * @return The issuing time of the identity link SAML assertion.
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Sets the issuing time of the identity link SAML assertion.
- *
- * @param issueInstant The issueInstant to set.
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
deleted file mode 100644
index 6b1f24aba..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
+++ /dev/null
@@ -1,65 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import org.w3c.dom.Element;
-
-/**
- * Contains an infobox token included in an <code>InfoboxReadResponse</code>.
- * Depending on whether the token is extracted from an <code>XMLContent</code> or a
- * <code>Base64Content</code> it is either returned as DOM element
- * ({@link #getXMLToken()}) or base64 encoded string ({@link #getBase64Token()}).
- *
- * @author Harald Bratko
- */
-public interface InfoboxToken {
-
- /**
- * The key of the corresponding infobox.
- * This is the value of <code>Key</code> attribute of the <code>&lt;Pair&gt;</code> child
- * element in an <code>&lt;AssocArrayData&gt;</code> content of an InfoboxReadResponse.
- * Maybe <code>null</code> if the InfoboxReadResponse conatains <code>BinaryFileData</code>.
- *
- *
- * @return The key identifier of the corresponding infobox.
- */
- public String getKey();
-
- /**
- * Specifies if this token is the first token (e.g in an array of tokens) included in an
- * <code>InfoboxReadResponse</code>. If <code>true</code> this token is the token to be
- * validated by a corresponding
- * {@link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator InfoboxValidator}.
- * If <code>false</code> this token maybe needed to validate the primary token.
- *
- * @return <code>True</code> if this token is the first token.
- */
- public boolean isPrimary();
-
- /**
- * Returns the infobox token.
- * Maybe <code>null</code> if the token is returned by method {@link #getBase64Token()}
- * as base64 encoded string.
- * <br>
- * Note that this token is <code><i><b>not</b></i></code> validated against the
- * application specific schema (e.g. Mandates schema in the mandates context).
- * Thus the validating application <code><i><b>has to</b></i></code> validate the token
- * against the appropriate schema.
- *
- * @return The infobox token. If <code>null</code> the token is returned by method
- * {@link #getBase64Token()} as base64 encoded string.
- */
- public Element getXMLToken();
-
- /**
- * Returns the infobox token.
- * Maybe <code>null</code> if the token is returned by method {@link #getXMLToken()}
- * as a DOM element.
- * <br>
- * Note, that the base64 encoded string actually may include more than one infobox
- * elements.
- *
- * @return The infobox token. If <code>null</code> the token is returned by method
- * {@link #getBase64Token()} as base64 encoded string.
- */
- public String getBase64Token();
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
deleted file mode 100644
index f1ff30a8a..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
+++ /dev/null
@@ -1,129 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import org.w3c.dom.Element;
-
-/**
- * This class contains an infobox token.
- *
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken
- *
- * @author Harald Bratko
- */
-public class InfoboxTokenImpl implements InfoboxToken {
-
- /**
- * The key of the infobox token.
- */
- private String key_;
-
- /**
- * Specifies whether this token is the primary (first in an array) token.
- */
- private boolean primary_;
-
- /**
- * The infobox token.
- */
- private Element xmlToken_;
-
- /**
- * The base64 encoded infobox token.
- */
- private String base64Token_;
-
- /**
- * Sets an XML infobox token.
- *
- * @param key The key of the infobox token.
- * @param primary <code>True</code> this token is the primary (e.g .first in an array)
- * token, otherwise <code>false</code>
- * @param xmlToken The infobox token.
- */
- public InfoboxTokenImpl(String key, boolean primary, Element xmlToken) {
- key_ = key;
- primary_ = primary;
- xmlToken_ = xmlToken;
- base64Token_ = null;
- }
-
- /**
- * Sets a base64 encoded infobox token.
- *
- * @param key The key of the infobox token.
- * @param primary <code>True</code> this token is the primary (e.g .first in an array)
- * token, otherwise <code>false</code>
- * @param base64Token The base64 encoded infobox token.
- */
- public InfoboxTokenImpl(String key, boolean primary, String base64Token) {
- key_ = key;
- primary_ = primary;
- base64Token_ = base64Token;
- xmlToken_ = null;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getKey()
- */
- public String getKey() {
- return key_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#isPrimary()
- */
- public boolean isPrimary() {
- return primary_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getXMLToken()
- */
- public Element getXMLToken() {
- return xmlToken_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getBase64Token()
- */
- public String getBase64Token() {
- return base64Token_;
- }
-
- /**
- * Sets the key of the infobox token.
- *
- * @param key The key of the infobox token.
- */
- public void setKey(String key) {
- key_ = key;
- }
-
- /**
- * Specifies whether this token is the primary (e.g. first in an array) token.
- *
- * @param primary <code>True</code> this token is the primary (e.g .first in an array)
- * token, otherwise <code>false</code>.
- */
- public void setPrimary(boolean primary) {
- primary_ = primary;
- }
-
- /**
- * Sets the base64 encoded token.
- *
- * @param base64Token The base64 encoded token.
- */
- public void setBase64Token(String base64Token) {
- base64Token_ = base64Token;
- }
-
- /**
- * Sets the infobox token.
- *
- * @param xmlToken The infobox token.
- */
- public void setXmlToken(Element xmlToken) {
- xmlToken_ = xmlToken;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
deleted file mode 100644
index b8dd7f18e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-
-/**
- * Includes the result of an extended infobox validation.
- *
- * If validation succeeds, an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
- * maybe provided. Each of these SAML-Attributes will be either appended to the
- * final SAML-Assertion passed to the online application or to the AUTH-Block,
- * or to both.
- * <br>
- * If validation fails the implementing class has to provide a short error message.
- *
- * @author Harald Bratko
- */
-public interface InfoboxValidationResult {
-
- /**
- * The method returns <code>true</code> if validation succeeds. In that case
- * method {@link #getExtendedSamlAttributes()} may provide an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
- * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the
- * AUTH-Block or to both.
- * <br>
- * The method returns <code>false</code> if validation fails. In that case
- * method {@link #getErrorMessage()} has to provide a short error description.
- *
- * @return <code>True</code> if validation succeeds,
- * otherwise <code>false</code>.
- */
- public boolean isValid();
-
- /**
- * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
- * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
- * provided to the online application.
- * The SAML-Attributes in that array will be added to the final
- * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
- * in the array this method returns.
- *
- * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
- * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
- * provided to the online application, the AUTH-Block, or both. If no attributes should
- * be added this array maybe <code>null</code> or empty.
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes();
-
- /**
- * A short error description that should be displayed by MOA-ID if
- * validation of the InfoBoxReadResponse fails.
- *
- * @return An short error message if validation fails.
- */
- public String getErrorMessage();
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
deleted file mode 100644
index 97f52fb55..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
+++ /dev/null
@@ -1,101 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-
-/**
- * Default implementation of the {@link InfoboxValidationResult} interface.
- *
- * @author Harald Bratko
- */
-public class InfoboxValidationResultImpl implements InfoboxValidationResult {
-
- /**
- * Indicates whether the validation was successful or not.
- */
- protected boolean valid_;
-
- /**
- * The error message.
- */
- protected String errorMessage_;
-
- /**
- * The SAML attributes returned by the infobox validator.
- */
- protected ExtendedSAMLAttribute[] extendedSamlAttributes_;
-
- /**
- * Empty constructor.
- */
- public InfoboxValidationResultImpl() {
- }
-
- /**
- * Constructor to set all values.
- *
- * @param valid Global validation result.
- * @param extendedSamlAttributes SAML attributes that should be appended to the final
- * <code>SAML Assertion</code> or to the <code>AUTH Block</code>
- * or to both.
- * @param errorMessage An error message if infobox validation fails.
- */
- public InfoboxValidationResultImpl(
- boolean valid,
- ExtendedSAMLAttribute[] extendedSamlAttributes,
- String errorMessage)
- {
- valid_ = valid;
- extendedSamlAttributes_ = extendedSamlAttributes;
- errorMessage_ = errorMessage;
- }
-
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getErrorMessage()
- */
- public String getErrorMessage() {
- return errorMessage_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getExtendedSamlAttributes()
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
- return extendedSamlAttributes_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#isValid()
- */
- public boolean isValid() {
- return valid_;
- }
-
- /**
- * Sets the error message if validation fails..
- *
- * @param errorMessage The error message to set.
- */
- public void setErrorMessage(String errorMessage) {
- errorMessage_ = errorMessage;
- }
-
- /**
- * Sets the SAML attributes returned by the infobox validatior..
- *
- * @param extendedSamlAttributes The SAML attributes returned by the infobox validator.
- */
- public void setExtendedSamlAttributes(ExtendedSAMLAttribute[] extendedSamlAttributes) {
- extendedSamlAttributes_ = extendedSamlAttributes;
- }
-
- /**
- * Sets validation result..
- *
- * @param valid <code>True</code> if the infobox could be validated successfully,
- * otherwise <code>false</code>.
- */
- public void setValid(boolean valid) {
- valid_ = valid;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
deleted file mode 100644
index c7a557290..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
+++ /dev/null
@@ -1,172 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.security.PublicKey;
-import java.util.List;
-
-import org.w3c.dom.Element;
-
-/**
- * Parameters for validating an infobox.
- *
- * This interface is used by MOA-ID to provide parameters to an
- * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator
- * InfoboxValidator}.
- *
- * @author Harald Bratko
- */
-public interface InfoboxValidatorParams {
-
- /**
- * Returns a list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
- * objects. The first token in this list is the one to be validated. Each further token
- * maybe needed to validate this first token.
- *
- * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
- * objects.
- */
- public List getInfoboxTokenList();
-
- /**
- * Returns the ID of the trust profile to be used for validating
- * certificates. Maybe ignored by a validator, if no certificates
- * has to be validated.
- *
- * @return The ID of a trust profile.
- */
- public String getTrustProfileID();
-
- /**
- * Returns schema location URIs that may be needed by the
- * validator to parse infobox tokens.
- * Each entry in the list is a {@link Schema} specifying the location
- * of an XML schema.
- *
- * @return A list of {@link Schema} objects each of them specifying the
- * location of an XML schema.
- */
- public List getSchemaLocations();
-
- /**
- * Returns the URL of the BKU.
- * Maybe needed by a validator.
- *
- * @return The url of the BKU.
- */
- public String getBkuURL();
-
- /**
- * Returns the target parameter.
- * <code>null</code> in the case of a business service.
- *
- * @return The target parameter.
- */
- public String getTarget();
-
- /**
- * Returns <code>true</code> if the application is a business
- * service, otherwise <code>false</code>. This may be useful
- * for the validating application.
- *
- * @return <code>True</code> if the application is a business
- * service, otherwise <code>false</code>
- */
- public boolean getBusinessApplication();
-
- /**
- * Returns the family name from the identity link.
- * Maybe needed by a validator.
- *
- * @return The family name from the identity link.
- */
- public String getFamilyName();
-
- /**
- * Returns the given name from the identity link.
- * Maybe needed by a validator.
- *
- * @return The given name from the identity link.
- */
- public String getGivenName();
-
- /**
- * The date of birth from the identity link.
- * The method returns the value of the <pr:DateOfBirth>
- * element from the identity link.
- * Maybe needed by a validator.
- *
- * @return The date of birth from the identity link.
- */
- public String getDateOfBirth();
-
- /**
- * Returns he identification value from the identity
- * link. This may be the <code>Stammzahl</code>
- * in the case of a public application or the
- * <code>wbPK</code> in the case of a business
- * application. This parameter is only returned
- * if specified within the config file.
- *
- * @return The identification value from the identity link.
- */
- public String getIdentificationValue();
-
- /**
- * Returns the type of the identification value
- * from the identity link. This may be
- * especially of interest for business
- * applications.
- *
- * @return The type of the identification value
- * from the identity link.
- */
- public String getIdentificationType();
-
- /**
- * Returns the public keys from the identity link.
- * Maybe needed by the application.
- *
- * @return PublicKey[] The public keys from the
- * identity link.
- */
- public PublicKey[] getPublicKeys();
-
- /**
- * Returns the identity link.
- * A validator may need other data from the identity link, than
- * family name, given name, date of birth and identification value.
- * The identity link element is only returned if specified within the
- * config file.
- *
- * @return The identity link.
- */
- public Element getIdentityLink();
-
- /**
- * Indicates whether source pins (<code>Stammzahl</code>en) should be hidden or not.
- * If an online application lying behind MOA-ID is not allowed to get source pins
- * (<code>Stammzahl</code>en), any source pins within <code>SAML attributes</code>
- * returned by the validator must suppressed:<br>
- * If the parameter <code>getHideStammzahl</code> is <code>true</code>, then the validator
- * <b>MUST</b> hide (replace by an empty string) any source pin (<code>Stammzahl</code>)
- * that may be included in a <code>SAML attribute</code> returned by the validator.
- *
- * @return <code>true</code> if source pins (<code>Stammzahl</code>en) must be hidden,
- * otherwise <code>false</code>.
- */
- public boolean getHideStammzahl();
-
- /**
- * Returns application specific parameters.
- * Each child element of this element contains
- * a validating application specific parameter. The
- * element is passed as specified within the config
- * file and its up to the implementing class to
- * parse and interprete its children.
- *
- * @return Application specific parameters.
- */
- public Element getApplicationSpecificParams();
-
-}
-
-
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
deleted file mode 100644
index 80ba5995f..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
+++ /dev/null
@@ -1,348 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.security.PublicKey;
-import java.util.List;
-
-import org.w3c.dom.Element;
-
-/**
- * Parameters for validating an infobox.
- *
- * This interface is used by MOA-ID to provide parameters to an
- * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator
- * InfoboxValidator}.
- *
- * @author Harald Bratko
- */
-public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
-
- /**
- * A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects.
- * The first token in this list is the one to be validated. Each further token
- * maybe needed to validate this first token.
- */
- protected List infoboxTokenList_;
-
- /**
- * The ID of the trust profile used for validating certificates.
- */
- protected String trustProfileID_;
-
- /**
- * The locations of schemas that maybe needed for validating infobox tokens.
- */
- protected List schemaLocations_;
-
- /**
- * The URL of the BKU.
- */
- protected String bkuURL_;
-
- /**
- * Specifies whether the current online application is a business or a public application.
- */
- protected boolean businessApplication_;
-
- /**
- * The target parameter.
- */
- protected String target_;
-
- /**
- * The family name from the identity link.
- */
- protected String familyName_;
-
- /**
- * The given name from the identity link.
- */
- protected String givenName_;
-
- /**
- * The date of birth from the identity link.
- */
- protected String dateOfBirth_;
-
- /**
- * The date of identification value.
- */
- protected String identificationValue_;
-
- /**
- * The identification type.
- */
- protected String identificationType_;
-
- /**
- * The public keys from the identity link.
- */
- protected PublicKey[] publicKeys_;
-
- /**
- * The identity link.
- */
- protected Element identityLink_;
-
- /**
- * Indicates whether source pins (<code>Stammzahl</code>en) must be hidden or not.
- */
- protected boolean hideStammzahl_;
-
- /**
- * Application specific parameters.
- */
- protected Element applicationSpecificParams_;
-
- /**
- * Empty constructor.
- */
- public InfoboxValidatorParamsImpl() {
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getInfoboxTokenList()
- */
- public List getInfoboxTokenList() {
- return infoboxTokenList_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTrustProfileID()
- */
- public String getTrustProfileID() {
- return trustProfileID_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getSchemaLocations()
- */
- public List getSchemaLocations() {
- return schemaLocations_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBkuURL()
- */
- public String getBkuURL() {
- return bkuURL_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTarget()
- */
- public String getTarget() {
- return target_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication()
- */
- public boolean getBusinessApplication() {
- return businessApplication_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getFamilyName()
- */
- public String getFamilyName() {
- return familyName_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getGivenName()
- */
- public String getGivenName() {
- return givenName_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDateOfBirth()
- */
- public String getDateOfBirth() {
- return dateOfBirth_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationValue()
- */
- public String getIdentificationValue() {
- return identificationValue_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationType()
- */
- public String getIdentificationType() {
- return identificationType_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getPublicKeys()
- */
- public PublicKey[] getPublicKeys() {
- return publicKeys_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentityLink()
- */
- public Element getIdentityLink() {
- return identityLink_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getHideStammzahl()
- */
- public boolean getHideStammzahl() {
- return hideStammzahl_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getApplicationSpecificParams()
- */
- public Element getApplicationSpecificParams() {
- return applicationSpecificParams_;
- }
-
- /**
- * Sets the application specific parameters.
- *
- * @param applicationSpecificParams The application specific parameters to set.
- */
- public void setApplicationSpecificParams(Element applicationSpecificParams) {
- applicationSpecificParams_ = applicationSpecificParams;
- }
-
- /**
- * Sets the bku URL.
- *
- * @param bkuURL The bku URL to set.
- */
- public void setBkuURL(String bkuURL) {
- bkuURL_ = bkuURL;
- }
-
- /**
- * Sets the business application parameter.
- *
- * @param businessApplication The business application parameter to set.
- * (<code>True</code> if the application is a business
- * application, otherwies <code>false</code>).
- */
- public void setBusinessApplication(boolean businessApplication) {
- businessApplication_ = businessApplication;
- }
-
- /**
- * Sets the date of birth.
- *
- * @param dateOfBirth The date of birth.
- */
- public void setDateOfBirth(String dateOfBirth) {
- dateOfBirth_ = dateOfBirth;
- }
-
- /**
- * Sets the family name.
- *
- * @param familyName The family name.
- */
- public void setFamilyName(String familyName) {
- familyName_ = familyName;
- }
-
- /**
- * Sets the given name.
- *
- * @param givenName The given name.
- */
- public void setGivenName(String givenName) {
- givenName_ = givenName;
- }
-
- /**
- * Sets the identification type.
- *
- * @param identificationType The identification type.
- */
- public void setIdentificationType(String identificationType) {
- identificationType_ = identificationType;
- }
-
- /**
- * Sets the identification value.
- *
- * @param identificationValue The identification value.
- */
- public void setIdentificationValue(String identificationValue) {
- identificationValue_ = identificationValue;
- }
-
- /**
- * Sets the identity link.
- *
- * @param identityLink The identity link.
- */
- public void setIdentityLink(Element identityLink) {
- identityLink_ = identityLink;
- }
-
- /**
- * Sets the infobox token to be validated.
- *
- * @param infoboxTokenList A list {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
- * objects.
- */
- public void setInfoboxTokenList(List infoboxTokenList) {
- infoboxTokenList_ = infoboxTokenList;
- }
-
- /**
- * Sets the public Keys.
- *
- * @param publicKeys The public keys.
- */
- public void setPublicKeys(PublicKey[] publicKeys) {
- publicKeys_ = publicKeys;
- }
-
- /**
- * Sets the schema locations.
- *
- * @param schemaLocations The schema locations. A list of
- * {@link Schema} objects.
- */
- public void setSchemaLocations(List schemaLocations) {
- schemaLocations_ = schemaLocations;
- }
-
- /**
- * Sets the target.
- *
- * @param target The target.
- */
- public void setTarget(String target) {
- target_ = target;
- }
-
- /**
- * Sets the ID of the trust profile used for validating certificates.
- *
- * @param trustProfileID the ID of the trust profile used for validating certificates.
- */
- public void setTrustProfileID(String trustProfileID) {
- trustProfileID_ = trustProfileID;
- }
-
- /**
- * Sets the {@link #hideStammzahl_} parameter. This indicates whether source pins
- * (<code>Stammzahl</code>en) must be hidden or not.
- *
- * @param hideStammzahl <code>True</code> if source pins (<code>Stammzahl</code>en) should
- * be hidden, otherwise <code>false</code>.
- */
- public void setHideStammzahl(boolean hideStammzahl) {
- hideStammzahl_ = hideStammzahl;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
deleted file mode 100644
index 76ba6366d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-/**
- * This bean saves all data of a single SAMLAttribute:
- * the name, value and namespace
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class SAMLAttribute {
-
- /** the name to be stored */
- private String name;
- /** the namespace to be stored */
- private String namespace;
- /** the value to be stored */
- private Object value;
-
- /**
- * Constructor for SAMLAttribute.
- */
- public SAMLAttribute(String name, String namespace, Object value) {
-
- this.name = name;
- this.namespace = namespace;
- this.value = value;
-
- }
-
- /**
- * Returns the name.
- * @return String
- */
- public String getName() {
- return name;
- }
-
- /**
- * Returns the namespace.
- * @return String
- */
- public String getNamespace() {
- return namespace;
- }
-
- /**
- * Returns the value.
- * @return String
- */
- public Object getValue() {
- return value;
- }
-
- /**
- * Sets the name.
- * @param name The name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * Sets the namespace.
- * @param namespace The namespace to set
- */
- public void setNamespace(String namespace) {
- this.namespace = namespace;
- }
-
- /**
- * Sets the value.
- * @param value The value to set
- */
- public void setValue(Object value) {
- this.value = value;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java
deleted file mode 100644
index c113f16b8..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/Schema.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-/**
- * Specifies the location of a schema.
- *
- * @author Harald Bratko
- */
-public interface Schema {
-
- /**
- * The namespace URI of this schema.
- *
- * @return The namespace of this schema.
- */
- public String getNamespace();
-
- /**
- * The location URI of this schema.
- * Relative paths have to be interpreted relative to the
- * location of the MOA-ID config file.
- *
- * @return The location URI of this schema.
- */
- public String getSchemaLocation();
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
deleted file mode 100644
index 964725416..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-/**
- * This class specifies the location of a schema.
- *
- * @author Harald Bratko
- */
-public class SchemaImpl implements Schema {
-
- /**
- * The namespace of this schema.
- */
- protected String namespace_;
-
- /**
- * The location (URI) of this schema;
- */
- protected String schemaLocation_;
-
- /**
- * Sets the namespace and schema location URIS of this schema.
- *
- * @param namespace The namespace URI of this schema.
- * @param schemaLocation The location URI of this schema.
- */
- public SchemaImpl(String namespace, String schemaLocation) {
- namespace_ = namespace;
- schemaLocation_ = schemaLocation;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.Schema#getNamespace()
- */
- public String getNamespace() {
- return namespace_;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.auth.data.Schema#getSchemaLocation()
- */
- public String getSchemaLocation() {
- return schemaLocation_;
- }
-
- /**
- * Sets the namespace.
- *
- * @param namespace The namespace to set.
- */
- public void setNamespace(String namespace) {
- namespace_ = namespace;
- }
-
- /**
- * Sets the location URI of this schema.
- *
- * @param schemaLocation The schemaLocation to set.
- */
- public void setSchemaLocation(String schemaLocation) {
- schemaLocation_ = schemaLocation;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
deleted file mode 100644
index 8233d1478..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ /dev/null
@@ -1,177 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import iaik.x509.X509Certificate;
-
-/**
- * This bean saves all information of the MOA-SP-Answer
- * after the verification of any signature
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class VerifyXMLSignatureResponse {
- /** The xmlDsigSubjectName to be stored */
- private String xmlDsigSubjectName;
- /** The signatureCheckCode to be stored */
- private int signatureCheckCode;
- /** The xmlDSIGManifestCheckCode to be stored */
- private int xmlDSIGManifestCheckCode;
- /** The xmlDSIGManigest to be stored */
- private boolean xmlDSIGManigest;
- /** The certificateCheckCode to be stored */
- private int certificateCheckCode;
- /** The publicAuthority to be stored */
- private boolean publicAuthority;
- /** The publicAuthorityCode to be stored */
- private String publicAuthorityCode;
- /** The qualifiedCertificate to be stored */
- private boolean qualifiedCertificate;
- /** The x509certificate to be stored */
- private X509Certificate x509certificate;
-
- /**
- * Returns the certificateCheckCode.
- * @return int
- */
- public int getCertificateCheckCode() {
- return certificateCheckCode;
- }
-
- /**
- * Returns the signatureCheckCode.
- * @return int
- */
- public int getSignatureCheckCode() {
- return signatureCheckCode;
- }
-
- /**
- * Returns the xmlDSIGManifestCheckCode.
- * @return int
- */
- public int getXmlDSIGManifestCheckCode() {
- return xmlDSIGManifestCheckCode;
- }
-
- /**
- * Returns the xmlDsigSubjectName.
- * @return String
- */
- public String getXmlDsigSubjectName() {
- return xmlDsigSubjectName;
- }
-
- /**
- * Sets the certificateCheckCode.
- * @param certificateCheckCode The certificateCheckCode to set
- */
- public void setCertificateCheckCode(int certificateCheckCode) {
- this.certificateCheckCode = certificateCheckCode;
- }
-
- /**
- * Sets the signatureCheckCode.
- * @param signatureCheckCode The signatureCheckCode to set
- */
- public void setSignatureCheckCode(int signatureCheckCode) {
- this.signatureCheckCode = signatureCheckCode;
- }
-
- /**
- * Sets the xmlDSIGManifestCheckCode.
- * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
- */
- public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
- this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
- }
-
- /**
- * Sets the xmlDsigSubjectName.
- * @param xmlDsigSubjectName The xmlDsigSubjectName to set
- */
- public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
- this.xmlDsigSubjectName = xmlDsigSubjectName;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return int
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityCode The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityCode) {
- this.publicAuthorityCode = publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the x509certificate.
- * @return X509Certificate
- */
- public X509Certificate getX509certificate() {
- return x509certificate;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the x509certificate.
- * @param x509certificate The x509certificate to set
- */
- public void setX509certificate(X509Certificate x509certificate) {
- this.x509certificate = x509certificate;
- }
-
- /**
- * Returns the xmlDSIGManigest.
- * @return boolean
- */
- public boolean isXmlDSIGManigest() {
- return xmlDSIGManigest;
- }
-
- /**
- * Sets the xmlDSIGManigest.
- * @param xmlDSIGManigest The xmlDSIGManigest to set
- */
- public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
- this.xmlDSIGManigest = xmlDSIGManigest;
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
deleted file mode 100644
index a18cf7322..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ /dev/null
@@ -1,92 +0,0 @@
-package at.gv.egovernment.moa.id.auth.invoke;
-
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
-
-import org.apache.axis.message.SOAPBodyElement;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-
-/**
- * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
- * Either invokes the web service, or calls the corresponding API, depending on configuration data.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class SignatureVerificationInvoker {
- /** This QName Object identifies the SignatureVerification endpoint of the web service */
- private static final QName SERVICE_QNAME = new QName("SignatureVerification");
-
- /**
- * Method verifyXMLSignature.
- * @param request to be sent
- * @return Element with the answer
- * @throws ServiceException if an error occurs
- */
- public Element verifyXMLSignature(Element request) throws ServiceException {
- return doCall(SERVICE_QNAME, request);
- }
-
- /**
- * Method doCall.
- * @param serviceName the name of the service
- * @param request the request to be sent
- * @return Element the answer
- * @throws ServiceException if an error occurs
- */
- protected Element doCall(QName serviceName, Element request) throws ServiceException {
- ConnectionParameter authConnParam = null;
- try {
- Service service = ServiceFactory.newInstance().createService(serviceName);
- Call call = service.createCall();
- SOAPBodyElement body = new SOAPBodyElement(request);
- SOAPBodyElement[] params = new SOAPBodyElement[] { body };
- Vector responses;
- SOAPBodyElement response;
-
- String endPoint;
- AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance();
- authConnParam = authConfigProvider.getMoaSpConnectionParameter();
- //If the ConnectionParameter do NOT exist, we try to get the api to work....
- if (authConnParam != null) {
- endPoint = authConnParam.getUrl();
- call.setTargetEndpointAddress(endPoint);
- responses = (Vector) call.invoke(serviceName, params);
- response = (SOAPBodyElement) responses.get(0);
- return response.getAsDOM();
- }
- else {
- SignatureVerificationService svs = SignatureVerificationService.getInstance();
- VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
-
- VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
- Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
-
- Logger.setHierarchy("moa.id.auth");
- return result.getDocumentElement();
- }
- }
- catch (Exception ex) {
- if (authConnParam != null) {
- throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
- } else {
- throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
- }
- }
- }
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
deleted file mode 100644
index a8b870f04..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ /dev/null
@@ -1,193 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses an <code>&lt;InfoboxReadResponse&gt;</code> returned from
- * the security layer
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-public class CreateXMLSignatureResponseParser {
- //
- // XPath namespace prefix shortcuts
- //
-
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = Constants.SAML_PREFIX + ":";
- /** Xpath prefix for reaching XML-DSIG Namespaces */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = ":CreateXMLSignatureResponse/";
- /** Xpath expression to the SAML:Assertion element */
- private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion";
- /** Xpath expression to the SAML:NameIdentifier element */
- private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier";
- /** Xpath expression to the AttributeStatement element */
- private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute";
- /** Xpath expression to the AttributeValue element */
- private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue";
-
-
- /** This is the root element of the CreateXMLsignatureResponse */
- private Element sigResponse_;
-
- /**
- * Parses and validates the document given as string and extracts the
- * root element.
- *
- * @param xmlResponse <code>&lt;CreateXMLSignatureResponse&gt;</code> as String
- *
- * @throws AuthenticationException if any authentication error occurs
- * @throws ParseException if an element cannot be parsed
- */
- public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException {
- try {
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
- init(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Parses and validates the document given as stream and extracts the
- * root element.
- *
- * @param is <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
- *
- * @throws AuthenticationException If any authentication error occurs
- * @throws ParseException If an element cannot be parsed
- */
- public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException {
- init(is);
- }
-
- /**
- * Constructor for CreateXMLSignatureResponseParser.
- * The incoming Element will be used for further operations
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
- */
- public CreateXMLSignatureResponseParser(Element xmlResponse) {
- sigResponse_ = xmlResponse;
- }
-
- /**
- * Initializes the parser.
- * Parses and validates the document given as stream and extracts the
- * root element.
- *
- * @param is The CreateXMLSignatureResponse as stream.
- * @throws AuthenticationException if an authentication error occurs.
- * @throws ParseException If an error occurs on parsing the the document.
- */
- private void init(InputStream is) throws AuthenticationException, ParseException {
- try {
-
- Element responseElem = DOMUtils.parseXmlValidating(is);
-
- if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
- sigResponse_ = responseElem;
- } else {
- ErrorResponseParser erp = new ErrorResponseParser(responseElem);
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
- }
-
- } catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Unmarshalls the <@link sigResponse> to an
- * <code>&lt;CreateXMLSignatureResponse&gt;</code> object.
- *
- * @return a <code>&lt;CreateXMLSignatureResponse&gt;</code> object
- * @throws ParseException
- */
-
- public CreateXMLSignatureResponse parseResponse() throws ParseException {
- CreateXMLSignatureResponse cResp;
- try {
- cResp = new CreateXMLSignatureResponse();
- String slPrefix = XPathUtils.getSlPrefix(sigResponse_);
- cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse_, "/" + slPrefix + SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null));
- cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse_, "/" + slPrefix + SAML_ASSERTION_XPATH));
- NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse_, "/" + slPrefix + SAML_ATTRIBUTE_XPATH);
- Element samlAttr;
- List samlAttributes = new ArrayList();
- while ((samlAttr = (Element) attrIter.nextNode()) != null) {
- String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", "");
- String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", "");
- Object attrValue;
- Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH);
- attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes());
- if (attrValue == null) {
- if (null!=attrValueElem.getFirstChild()) {
- attrValue = attrValueElem.getFirstChild().getNodeValue();
- } else {
- attrValue = "";
- }
- }
- samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
- }
- SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
- samlAttributes.toArray(result);
- cResp.setSamlAttributes(result);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- return cResp;
- }
-
-// public CreateXMLSignatureResponse parseResponse() throws ParseException {
-// CreateXMLSignatureResponse cResp;
-// try {
-// cResp = new CreateXMLSignatureResponse();
-// Element samlAssertion = (Element)sigResponse.getElementsByTagNameNS(Constants.SAML_NS_URI, "Assertion").item(0);
-// cResp.setSamlAssertion(samlAssertion);
-// Element samlAttributeStatement = (Element)samlAssertion.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeStatement").item(0);
-// Element samlSubject = (Element)samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Subject").item(0);
-// Element samlNameIdentifier = (Element)samlSubject.getElementsByTagNameNS(Constants.SAML_NS_URI, "NameIdentifier").item(0);
-// cResp.setSamlNameIdentifier(samlNameIdentifier.getFirstChild().getNodeValue());
-// NodeList nl = samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Attribute");
-// List samlAttributes = new ArrayList();
-// for (int i=0; i<nl.getLength(); i++) {
-// Element samlAttribute = (Element)nl.item(i);
-// String attrName = samlAttribute.getAttribute("AttributeName");
-// String attrNamespace = samlAttribute.getAttribute("AttributeNamespace");
-// String attrValue = ((Element)samlAttribute.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeValue").item(0)).getFirstChild().getNodeValue();
-// samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
-// }
-// SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
-// samlAttributes.toArray(result);
-// cResp.setSamlAttributes(result);
-// }
-// catch (Throwable t) {
-// throw new ParseException("parser.01", new Object[] { t.toString()}, t);
-// }
-// return cResp;
-// }
-
-
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
deleted file mode 100644
index e3c54095d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
+++ /dev/null
@@ -1,72 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-/**
- * Parses an <code>&lt;ErrorResponse&gt;</code>.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-public class ErrorResponseParser {
-
- /**
- * The error code included in this error response.
- * <code>1000</code> is used as default value, if some problems occur on
- * evaluating the error response.
- */
- private String errorCode_ = "1000";
-
- /**
- * The error info included in this error response.
- * <code>&lt;Unklassifizierter Fehler.&gt;</code> is used as default value,
- * if some problems occur on evaluating the error response.
- */
- private String errorInfo_ = "Unklassifizierter Fehler.";
-
-
- /**
- * This Constructor extracts the error code and error info included in this
- * error response.
- *
- * @param errorElement The error element. This is the root element of
- * the error response.
- */
- public ErrorResponseParser(Element errorElement) throws ParseException {
- if (errorElement != null) {
- String namespace = errorElement.getNamespaceURI();
- NodeList nl = errorElement.getElementsByTagNameNS(namespace, "ErrorCode");
- if (nl.getLength() == 1) {
- errorCode_ = ((Element)nl.item(0)).getFirstChild().getNodeValue();
- }
- nl = errorElement.getElementsByTagNameNS(namespace, "Info");
- if (nl.getLength() == 1) {
- errorInfo_ = ((Element)nl.item(0)).getFirstChild().getNodeValue();
- }
- }
- }
-
- /**
- * Returns the error code included in this error response.
- */
- public String getErrorCode() {
- return errorCode_ ;
- }
-
- /**
- * Returns the information included in this error response.
- * @return The error infomation String
- */
- public String getErrorInfo() {
- return errorInfo_ ;
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
deleted file mode 100644
index e493f07fb..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
+++ /dev/null
@@ -1,157 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.Vector;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
-import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-/**
- * Parses and unmarshales <code>InfoboxReadResponse<code>.
- * This parser is especially used for parsing additional responses (additional to that
- * one containing the <code>IdentityLink</code> retuned from the BKU as an answer of
- * a <code>&lt;PushInfobox&gt;</code> request.
- */
-public class ExtendedInfoboxReadResponseParser {
-
- /**
- * Hide default constructor.
- */
- private ExtendedInfoboxReadResponseParser() {
- }
-
- /**
- * Parses and unmarshales the given <code>infoboxReadResponse</code> to a list of
- * {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects.
- * The method parses the given <code>infoboxReadResponse</code>
- *
- * @param infoboxReadResponse The infobox read response to be unmarshaled.
- * @param infoboxName The name of the infobox the reponse corresponds to.
- *
- * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
- * objects. Maybe empty.
- *
- * @throws ParseException If an error occurs on parsing and unmarshaling the response.
- */
- public static List parseInfoboxReadResponse(String infoboxReadResponse, String infoboxName)
- throws ParseException
- {
- Element infoboxReadResponseElem = null;
- try {
- Document doc =
- DOMUtils.parseDocument(infoboxReadResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null);
- infoboxReadResponseElem = doc.getDocumentElement();
- } catch (Exception e) {
- Logger.error("InfoboxReadResponse for \"" + infoboxName +
- "\"-infobox could not be parsed successfully: " + e.getMessage());
- throw new ParseException("parser.01", new Object[] {infoboxName + "-InfoboxReadResponse"});
- }
-
- Vector infoboxTokenList = new Vector();
-
- if (infoboxReadResponseElem != null) {
- // avoid using namespace URI or prefix, because it might change within the response
- // (e.g.: sl11-namespace, some child sl10-namespace
- List infoboxReadResponseChildren = DOMUtils.getChildElements(infoboxReadResponseElem);
- String key = null;
- boolean primary = true;
- Element infoboxReadResponseChild = (Element)infoboxReadResponseChildren.get(0);
- String infoboxReadResponseChildName = infoboxReadResponseChild.getLocalName();
- if (infoboxReadResponseChildName.equals("AssocArrayData")) {
- // get the <Pair> child elements from the <AssocArrayData> element
- List assocArrayPairs = DOMUtils.getChildElements(infoboxReadResponseChild);
- Iterator assocArrayPairIt = assocArrayPairs.iterator();
- int pairCount = 0;
- // step through the <Pair> elemnts
- while (assocArrayPairIt.hasNext()) {
- Element assocArrayPair = (Element)assocArrayPairIt.next();
- // check if the element actually a "Pair" element and not only a "key"
- if (assocArrayPair.getLocalName().equals("Key")) {
- // do not accept only a Key
- throw new ParseException("parser.07", new Object[] {infoboxName});
- }
- key = assocArrayPair.getAttribute("Key");
- if (pairCount > 0) {
- primary = false;
- }
- pairCount++;
- infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(assocArrayPair, infoboxName, key, primary));
- }
-
- } else if (infoboxReadResponseChildName.equals("BinaryFileData")) {
- infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(infoboxReadResponseChild, infoboxName, null, true));
- }
- }
- return infoboxTokenList;
- }
-
- /**
- * Unmarshales the <code>&lt;XMLContent&gt;</code> or
- * <code>&lt;Base64Content&gt;</code> child of the given element to a list of
- * infobox token.
- *
- * @param contentParent The elment including the <code>&lt;XMLContent&gt;</code> or
- * <code>&lt;Base64Content&gt;</code> child to unmarshal the
- * infobox token from.
- * @param infoboxName The name of the infobox.
- * @param key The key of an <code>AssocArrayData-Pair</code>.
- * Maybe <code>null</code>.
- * @param primary Specifies whether this token is the first (e.g. in an
- * AssocArrayData) token.
- *
- * @return A infobox token list.
- *
- * @throws ParseException If the <code>contentParent</code> has no <code>&lt;XMLContent&gt;</code>
- * or <code>&lt;Base64Content&gt;</code> child or the
- * <code>&lt;XMLContent&gt;</code> is empty.
- */
- public static List getTokenFromXMLOrBase64Content(
- Element contentParent,
- String infoboxName,
- String key,
- boolean primary)
- throws ParseException
- {
- Vector tokenList = new Vector();
- // get the <XMLContent> or <Base64Content>
- List content = DOMUtils.getChildElements(contentParent);
- if (content.size() == 1) {
- Element contentElem = (Element)content.get(0);
- if (contentElem.getLocalName().equals("XMLContent")) {
- List xmlContentChildren = DOMUtils.getChildElements(contentElem);
- if (xmlContentChildren.size() == 0) {
- throw new ParseException("parser.06", new Object[] {infoboxName, "Inhalt", "XMLContent"});
- }
- int xmlCount = 0;
- Iterator contentIt = xmlContentChildren.iterator();
- while (contentIt.hasNext()) {
- Element xmlToken = (Element)contentIt.next();
- if (xmlCount > 0) {
- primary = false;
- }
- InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, xmlToken);
- tokenList.add(infoboxToken);
- xmlCount++;
- }
- } else {
- String base64Token = contentElem.getFirstChild().getNodeValue();
- InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, base64Token);
- tokenList.add(infoboxToken);
- }
- } else {
- throw new ParseException("parser.06",
- new Object[] {infoboxName, "XMLContent oder Base64Content", contentParent.getLocalName()});
- }
- return tokenList;
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
deleted file mode 100644
index d8a57fd2f..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ /dev/null
@@ -1,319 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.ECDSAConverterException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses an identity link <code>&lt;saml:Assertion&gt;</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLinkAssertionParser {
-
- //
- // XPath namespace prefix shortcuts
- //
-
- /** Xpath prefix for reaching PersonData Namespaces */
- private static final String PDATA = Constants.PD_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = Constants.SAML_PREFIX + ":";
- /** Xpath prefix for reaching XML-DSIG Namespaces */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** Xpath prefix for reaching ECDS Namespaces */
- private static final String ECDSA = Constants.ECDSA_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "";
- /** Xpath expression to the SAMLSubjectConfirmationData element */
- private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Subject/"
- + SAML
- + "SubjectConfirmation/"
- + SAML
- + "SubjectConfirmationData";
- /** Xpath expression to the PersonData element */
- private static final String PERSON_XPATH =
- SAML_SUBJECT_CONFIRMATION_DATA_XPATH
- + "/"
- + PDATA
- + "Person";
- /** Xpath expression to the PersonData GivenName element */
- private static final String PERSON_GIVEN_NAME_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Name/"
- + PDATA
- + "GivenName";
- /** Xpath expression to the PersonData FamilyName element */
- private static final String PERSON_FAMILY_NAME_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Name/"
- + PDATA
- + "FamilyName";
- /** Xpath expression to the PersonData DateOfBirth element */
- private static final String PERSON_DATE_OF_BIRTH_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "DateOfBirth";
- /** Xpath expression to the Identification element */
- private static final String PERSON_IDENT_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Identification";
-
- /** Xpath expression to the Identification Value element */
- public static final String PERSON_IDENT_VALUE_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Identification/"
- + PDATA
- + "Value";
-
- /** Xpath expression to the Identification Value element */
- private static final String PERSON_IDENT_TYPE_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Identification/"
- + PDATA
- + "Type";
-
- /** Xpath expression to the RSAKeyValue element */
- private static final String RSA_KEY_VALUE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/"
- + SAML
- + "AttributeValue/"
- + DSIG
- + "RSAKeyValue";
-
- /** Xpath expression to the ECKeyValue element */
- private static final String ECDSA_KEY_VALUE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/"
- + SAML
- + "AttributeValue/"
- + ECDSA
- + "ECDSAKeyValue";
-
-
- /** Xpath expression to the RSA Modulus element */
- private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus";
- /** Xpath expression to the RSA Exponent element */
- private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent";
- /** Xpath expression to the DSIG X509Certificate element */
- private static final String DSIG_CERTIFICATES_XPATH =
- ROOT
- + DSIG
- + "Signature/"
- + DSIG
- + "KeyInfo/"
- + DSIG
- + "X509Data/"
- + DSIG
- + "X509Certificate";
- /** Xpath expression to the DSIG Transforms element */
- private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH =
- ROOT
- + DSIG
- + "Signature/"
- + DSIG
- + "SignedInfo/"
- + DSIG
- + "Reference/"
- + DSIG
- + "Transforms";
-
- /** The IssueInstant attribute of the SAML assertion */
- private static final String ISSUE_INSTANT_ATTR = "IssueInstant";
-
- /**This is the root element of the XML-Document provided by the Security Layer Card*/
- private Element assertionElem;
-
- /**
- * Constructor for <code>IdentityLinkAssertionParser</code>.
- * A DOM-representation of the incoming String will be created
- * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as String
- * @throws ParseException on any parsing error
- */
- public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException {
- try {
- InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8"));
- assertionElem = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Sets the <@link assertionElem>.
- * @param xmlAssertion the assertion element
- * @throws ParseException on any parsing error
- */
- public IdentityLinkAssertionParser(Element xmlAssertion) throws ParseException {
- assertionElem = xmlAssertion;
- }
-
- /**
- * Constructor for <code>IdentityLinkAssertionParser</code>.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as InputStream
- * @throws ParseException on any parsing error
- */
- public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception {
- try {
- assertionElem = DOMUtils.parseXmlValidating(xmlAssertion);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
- /**
- * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
-
- public IdentityLink parseIdentityLink() throws ParseException {
- IdentityLink identityLink;
- try {
- identityLink = new IdentityLink();
- identityLink.setSamlAssertion(assertionElem);
- identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR));
- identityLink.setPrPerson((Element)
- XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH));
- identityLink.setIdentificationValue(
- XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
- identityLink.setIdentificationType(
- XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, ""));
- identityLink.setGivenName(
- XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
- identityLink.setFamilyName(
- XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""));
- identityLink.setDateOfBirth(
- XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, ""));
- NodeIterator dsigRefTransforms =
- XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH);
- List transElems = new ArrayList();
- Element transformsElem;
- while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) {
- transElems.add(transformsElem);
- }
- Element[] result = new Element[transElems.size()];
- transElems.toArray(result);
- identityLink.setDsigReferenceTransforms(result);
-
- identityLink.setPublicKey(getPublicKeys());
-
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
-
- return identityLink;
- }
-
- /**
- * Parses an array of Public Keys from the <code>&lt;InfoboxReadResponse&gt;</code>
- * @return RSAPublicKey[]
- * @throws IOException can occur when decoding the base64 values of the modulus and exponent
- */
- public PublicKey[] getPublicKeys() throws IOException, ECDSAConverterException{
-
-
- List pubKeys = new ArrayList();
- //Try to get RSA-Keys
- NodeIterator rsaIter =
- XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, RSA_KEY_VALUE_XPATH);
- Element rsaElem;
-
- while ((rsaElem = (Element) rsaIter.nextNode()) != null) {
- String modulus =
- XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, "");
- String exponent =
- XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, "");
-
- RSAPublicKey resPub =
- new iaik.security.rsa.RSAPublicKey(
- new BigInteger(1, Base64Utils.decode(modulus, true)),
- new BigInteger(1, Base64Utils.decode(exponent, true)));
- pubKeys.add(resPub);
- }
-
- //Try to get ECDSA-Keys
- NodeIterator ecdsaIter =
- XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, ECDSA_KEY_VALUE_XPATH);
- Element ecdsaElem;
- PublicKey ecPubKey = null;
- while ((ecdsaElem = (Element) ecdsaIter.nextNode()) != null) {
- try {
- ecPubKey = ECDSAKeyValueConverter.element2ECDSAPublicKey(ecdsaElem);
- pubKeys.add(ecPubKey);
- }
- catch(Exception e) {
- throw new ECDSAConverterException("parser.03", new Object[] { e.toString() }, e);
- }
- }
-
- PublicKey[] result = new PublicKey[pubKeys.size()];
- pubKeys.toArray(result);
- return result;
-
- }
- /**
- * Parses a string array of decoded base64 certificates from
- * the <code>&lt;InfoboxReadResponse&gt;</code> found in the dsig-signature
- * @return String[] with raw-certificates from the dsig-signature keyinfo
- * @throws Exception
- */
- public String[] getCertificates() throws Exception {
- List certs = new ArrayList();
- NodeIterator rsaIter =
- XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH);
- Element certElem;
- while ((certElem = (Element) rsaIter.nextNode()) != null) {
- String content = DOMUtils.getText(certElem);
- certs.add(new String(Base64Utils.decode(content, true)));
- }
- String[] result = new String[certs.size()];
- certs.toArray(result);
- return result;
-
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
deleted file mode 100644
index e59c88ddc..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ /dev/null
@@ -1,165 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-public class InfoboxReadResponseParser {
-
- /** This is the root element of the XML-Document provided by the Security Layer Card*/
- private Element infoBoxElem_;
-
- /**
- * Parses and validates the document given as string and extracts the
- * root element.
- *
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
- * @throws ParseException If an element cannot be parsed
- * @throws AuthenticationException If any authentication error occurs
- */
- public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException {
-
- try {
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
- init(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Parses and validates the document given as stream and extracts the
- * root element.
- *
- * @param is <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
- * @throws ParseException If an element cannot be parsed
- * @throws AuthenticationException If any authentication error occurs
- */
- public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException {
- init(is);
- }
-
- /**
- * Initializes the parser.
- * Parses and validates the document given as stream and extracts the
- * root element.
- *
- * @param is The InfoBoxReadResponse as stream.
- * @throws AuthenticationException If an authentication error occurs.
- * @throws ParseException If an error occurs on parsing the the document.
- */
- private void init(InputStream is) throws AuthenticationException, ParseException {
- try {
-
- Element responseElem = DOMUtils.parseXmlValidating(is);
-
- if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
- infoBoxElem_ = responseElem;
- } else {
- ErrorResponseParser erp = new ErrorResponseParser(responseElem);
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
- }
-
- } catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
-
-
- /**
- * Parses the embedded <code>&lt;saml:Assertion&gt;</code> element from <code>&lt;InfoboxReadResponse&gt;</code>
- * @return <code>&lt;saml:Assertion&gt;</code> as String
- * @throws ParseException on any parsing error
- */
-// public String parseSAMLAssertion() throws ParseException {
-// try {
-//
-// String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_);
-// StringBuffer sb = new StringBuffer("/");
-// sb.append(slPrefix);
-// sb.append(":InfoboxReadResponse/");
-// sb.append(slPrefix);
-// sb.append(":BinaryFileData/");
-// sb.append(slPrefix);
-// sb.append(":XMLContent/");
-// sb.append(Constants.SAML_PREFIX);
-// sb.append(":Assertion");
-// String samlAssertionXPath = sb.toString();
-// Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath);
-// return DOMUtils.serializeNode(samlAssertion);
-//
-// }
-// catch (Throwable t) {
-// throw new ParseException("parser.01", new Object[] { t.toString()}, t);
-// }
-// }
-
- /**
- * Parses the embedded <code>&lt;saml:Assertion&gt;</code> element from <code>&lt;InfoboxReadResponse&gt;</code>
- * @return <code>&lt;saml:Assertion&gt;</code> as String
- * @throws ParseException on any parsing error
- */
- public Element parseSAMLAssertion() throws ParseException {
- try {
-
- String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_);
- StringBuffer sb = new StringBuffer("/");
- sb.append(slPrefix);
- sb.append(":InfoboxReadResponse/");
- sb.append(slPrefix);
- sb.append(":BinaryFileData/");
- sb.append(slPrefix);
- sb.append(":XMLContent/");
- sb.append(Constants.SAML_PREFIX);
- sb.append(":Assertion");
- String samlAssertionXPath = sb.toString();
- Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath);
- return samlAssertion;
-
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
-
-// public IdentityLink parseIdentityLink() throws ParseException {
-// String samlAssertionString = parseSAMLAssertion();
-// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString);
-// return ilParser.parseIdentityLink();
-// }
-
- /**
- * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
- public IdentityLink parseIdentityLink() throws ParseException {
- Element samlAssertion = parseSAMLAssertion();
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
- return ilParser.parseIdentityLink();
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
deleted file mode 100644
index 7c4c01abe..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.io.IOException;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.util.Base64Utils;
-
-/**
- * Parser for a SAML artifact.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLArtifactParser {
- /** byte array containing the SamlArtifact bytes */
- private byte[] samlArtifactBytes;
-
- /**
- * Constructor
- * @param samlArtifact as String
- * @throws ParseException on any parsing error
- */
- public SAMLArtifactParser(String samlArtifact) throws ParseException {
- try {
- samlArtifactBytes = Base64Utils.decode(samlArtifact, false);
- }
- catch (IOException ex) {
- throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
- }
- }
- /**
- * Parses the type code.
- * @return type code
- * @throws ParseException when SAML artifact is invalid
- */
- public byte[] parseTypeCode() throws ParseException {
- try {
- byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]};
- return typeCode;
- }
- catch (Throwable ex) {
- throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
- }
- }
- /**
- * Parses the assertion handle.
- * @return assertion handle
- * @throws ParseException when SAML artifact is invalid
- */
- public String parseAssertionHandle() throws ParseException {
- try {
- return new String(samlArtifactBytes, 22, 20);
- }
- catch (Throwable ex) {
- throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
deleted file mode 100644
index 4c49afb76..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ /dev/null
@@ -1,156 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import iaik.utils.Base64InputStream;
-import iaik.x509.X509Certificate;
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.*;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
- * MOA-SPSS.
- * This class implements the Singleton pattern
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-
-public class VerifyXMLSignatureResponseParser {
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching MOA Namespaces */
- private static final String MOA = Constants.MOA_PREFIX + ":";
- /** Xpath prefix for reaching DSIG Namespaces */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
-
- /** Xpath expression to the X509SubjectName element */
- private static final String DSIG_SUBJECT_NAME_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- DSIG + "X509SubjectName";
- /** Xpath expression to the X509Certificate element */
- private static final String DSIG_X509_CERTIFICATE_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- DSIG + "X509Certificate";
- /** Xpath expression to the PublicAuthority element */
- private static final String PUBLIC_AUTHORITY_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- MOA + "PublicAuthority";
- /** Xpath expression to the PublicAuthorityCode element */
- private static final String PUBLIC_AUTHORITY_CODE_XPATH =
- PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";
- /** Xpath expression to the QualifiedCertificate element */
- private static final String QUALIFIED_CERTIFICATE_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- MOA + "QualifiedCertificate";
-
- /** Xpath expression to the SignatureCheckCode element */
- private static final String SIGNATURE_CHECK_CODE_XPATH =
- ROOT + MOA + "SignatureCheck/" + MOA + "Code";
- /** Xpath expression to the XMLDSIGManifestCheckCode element */
- private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH =
- ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
- /** Xpath expression to the CertificateCheckCode element */
- private static final String CERTIFICATE_CHECK_CODE_XPATH =
- ROOT + MOA + "CertificateCheck/" + MOA + "Code";
-
-
- /** This is the root element of the XML-Document provided by the Security Layer Card*/
- private Element verifyXMLSignatureResponse;
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * A DOM-representation of the incoming String will be created
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
- * @throws ParseException on any parsing error
- */
- public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
- try {
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
-
- verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
- * @throws Exception on any parsing error
- */
- public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
- {
- try {
- verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", null, t);
- }
- }
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * The incoming Element will be used for further operations
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
- */
- public VerifyXMLSignatureResponseParser(Element xmlResponse)
- {
- verifyXMLSignatureResponse =xmlResponse;
-
- }
-
- /**
- * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
-
- public VerifyXMLSignatureResponse parseData() throws ParseException {
-
- VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
-
- try {
- respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
- Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
- respData.setQualifiedCertificate(e!=null);
-
- Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
- verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
-
- respData.setX509certificate(new X509Certificate(in));
- Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
- respData.setPublicAuthority(publicAuthority != null);
- respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
- respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
-
- String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
- if (xmlDsigCheckCode!=null)
- {
- respData.setXmlDSIGManigest(true);
- respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
- }
- else
- respData.setXmlDSIGManigest(false);
- respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", null, t);
- }
- return respData;
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
deleted file mode 100644
index 96e8e6dd6..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ /dev/null
@@ -1,202 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.FileItemFactory;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.URLDecoder;
-
-/**
- * Base class for MOA-ID Auth Servlets, providing standard error handling
- * and constant names.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
-
-
- /**
- * Handles an error. <br>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request
- * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage error message
- * @param exceptionThrown exception thrown
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleError(
- String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
-
-
- if(null != errorMessage) {
- Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage );
- }
-
- if (null != exceptionThrown) {
- if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
- Logger.error(errorMessage, exceptionThrown);
- req.setAttribute("ExceptionThrown", exceptionThrown);
- }
-
- //forward this to errorpage-auth.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
-
- }
- /**
- * Handles a <code>WrongParametersException</code>.
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
- Logger.error(ex.toString());
- req.setAttribute("WrongParameters", ex.getMessage());
-
- // forward this to errorpage-auth.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Logs all servlet parameters for debugging purposes.
- */
- protected void logParameters(HttpServletRequest req) {
- for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
- String parname = (String)params.nextElement();
- Logger.debug("Parameter " + parname + req.getParameter(parname));
- }
- }
-
- /**
- * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
- * (no standard exists how browsers should encode them).
- *
- * @param req servlet request
- *
- * @return mapping parameter name -> value
- *
- * @throws IOException if parsing request parameters fails.
- *
- * @throws FileUploadException if parsing request parameters fails.
- */
- protected Map getParameters(HttpServletRequest req)
- throws IOException, FileUploadException {
-
- Map parameters = new HashMap();
-
-
- if (ServletFileUpload.isMultipartContent(req))
- {
- // request is encoded as mulitpart/form-data
- FileItemFactory factory = new DiskFileItemFactory();
- ServletFileUpload upload = null;
- upload = new ServletFileUpload(factory);
- List items = null;
- items = upload.parseRequest(req);
- for (int i = 0; i < items.size(); i++)
- {
- FileItem item = (FileItem) items.get(i);
- if (item.isFormField())
- {
- // Process only form fields - no file upload items
- parameters.put(item.getFieldName(), item.getString("UTF-8"));
- Logger.debug("Processed multipart/form-data request parameter: \nName: " +
- item.getFieldName() + "\nValue: " +
- item.getString("UTF-8"));
- }
- }
- }
-
- else
- {
- // request is encoded as application/x-www-urlencoded
- InputStream in = req.getInputStream();
-
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
- parameters.put(paramName, paramValue);
- }
- }
- while (paramName.length() > 0);
- in.close();
- }
-
- return parameters;
- }
-
- /**
- * Reads bytes up to a delimiter, consuming the delimiter.
- * @param in input stream
- * @param delimiter delimiter character
- * @return String constructed from the read bytes
- * @throws IOException
- */
- protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- boolean done = false;
- int b;
- while (! done && (b = in.read()) >= 0) {
- if (b == delimiter)
- done = true;
- else
- bout.write(b);
- }
- return bout.toString();
- }
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
deleted file mode 100644
index f33377547..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
- /**
- * Handle a HTTP GET request, used to indicated that the MOA
- * configuration needs to be updated (reloaded).
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
- MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
-
- try {
- MOAIDAuthInitializer.initialized=false;
- MOAIDAuthInitializer.initialize();
- String message = msg.getMessage("config.00", new Object[]
- { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
-
- Logger.info(message);
- HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
-
- } catch (Throwable t) {
- String errorMessage = msg.getMessage("config.04", null);
- Logger.error(errorMessage, t);
- HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
- }
- }
-
- /**
- * Do the same as <code>doGet</code>.
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- }
-
-}
-
-
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
deleted file mode 100644
index c41b514c8..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.util.Calendar;
-
-import org.apache.axis.AxisFault;
-import org.w3c.dom.Element;
-
-import org.w3c.dom.NodeList;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Web service for picking up authentication data created in the MOA-ID Auth component.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
- */
-public class GetAuthenticationDataService implements Constants {
-
- /**
- * Constructor for GetAuthenticationDataService.
- */
- public GetAuthenticationDataService() {
- super();
- }
-
- /**
- * Takes a <code>lt;samlp:Request&gt;</code> containing a
- * <code>SAML artifact</code> and returns the corresponding
- * authentication data <code>lt;saml:Assertion&gt;</code>
- * (obtained from the <code>AuthenticationServer</code>),
- * enclosed in a <code>lt;samlp:Response&gt;</code>.
- * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode&gt;</code>s,
- * possibly containing enclosed sub-<code>lt;samlp:StatusCode&gt;</code>s.
- * The status codes are defined in the SAML specification.
- *
- * @param requests request elements of type <code>lt;samlp:Request&gt;</code>;
- * only 1 request element is allowed
- * @return response element of type <code>lt;samlp:Response&gt;</code>,
- * packed into an <code>Element[]</code>
- * @throws AxisFault thrown when an error occurs in assembling the
- * <code>lt;samlp:Response&gt;</code>
- */
- public Element[] Request(Element[] requests)
- throws AxisFault {
-
- Element request = requests[0];
- Element[] responses = new Element[1];
- String requestID = "";
- String statusCode = "";
- String subStatusCode = null;
- String statusMessageCode = null;
- String statusMessage = null;
- String samlAssertion = "";
- if (requests.length > 1) {
- // more than 1 request given as parameter
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1201";
- }
- else {
- try {
- DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
- NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
- if (samlArtifactList.getLength() == 0) {
- // no SAML artifact given in request
- statusCode = "samlp:Requester";
- statusMessageCode = "1202";
- }
- else if (samlArtifactList.getLength() > 1) {
- // too many SAML artifacts given in request
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1203";
- }
- else {
- Element samlArtifactElem = (Element)samlArtifactList.item(0);
- requestID = samlArtifactElem.getAttribute("RequestID");
- String samlArtifact = DOMUtils.getText(samlArtifactElem);
- try {
- AuthenticationData authData = AuthenticationServer.getInstance().
- getAuthenticationData(samlArtifact);
- // success
- samlAssertion = authData.getSamlAssertion();
- statusCode = "samlp:Success";
- statusMessageCode = "1200";
- }
- catch (AuthenticationException ex) {
- // no authentication data for given SAML artifact
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:ResourceNotRecognized";
- statusMessage = ex.toString();
- }
- }
- }
- catch (Throwable t) {
- // invalid request format
- statusCode = "samlp:Requester";
- statusMessageCode = "1204";
- }
- }
- try {
- String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
- if (statusMessage == null)
- statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
- responses[0] = new SAMLResponseBuilder().build(
- responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
- }
- catch (MOAIDException e) {
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- catch (Throwable t) {
- MOAIDException e = new MOAIDException("1299", null, t);
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- return responses;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
deleted file mode 100644
index 4dc69c70b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ /dev/null
@@ -1,99 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for selecting a BKU.
- * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete,
- * the browser is redirected to the configured "BKU-Auswahl-URL".
- * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect,
- * the list of available BKU's is fetched from a BKU-Auswahl server, and presented
- * to the user in an HTML form.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SelectBKUServlet extends AuthServlet {
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
-
- /**
- * Responds with an HTML form which requests the user to choose a BKU.
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET SelectBKU");
- String authURL =
- req.getScheme() + "://" +
- req.getServerName() + ":" +
- req.getServerPort() +
- req.getContextPath() + "/";
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
-
- try {
- String returnValue = AuthenticationServer.getInstance().selectBKU(
- authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
- String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
- if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = returnValue;
- resp.setContentType("text/html");
- resp.sendRedirect(redirectURL);
- Logger.info("REDIRECT TO: " + redirectURL);
- } else {
- // bkuSelectionType==HTMLSelect
- String htmlForm = returnValue;
- resp.setContentType("text/html;charset=UTF-8");
- Logger.debug("HTML-Form: " + htmlForm);
- Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
- out.write(htmlForm);
- out.flush();
- Logger.debug("Finished GET SelectBKU");
- }
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (Throwable ex) {
- handleError(null, ex, req, resp);
- }
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
deleted file mode 100644
index 6098f5138..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ /dev/null
@@ -1,103 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for starting a MOA ID authentication session.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see AuthenticationServer#startAuthentication
- */
-public class StartAuthenticationServlet extends AuthServlet {
-
- /**
- * Responds with an HTML form which upon submit requests the identity link
- * from the security layer implementation.
- * <br>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/html"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET StartAuthentication");
- String authURL =
- req.getScheme() + "://" +
- req.getServerName() + ":" +
- req.getServerPort() +
- req.getContextPath() + "/";
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuURL = req.getParameter(PARAM_BKU);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- String sessionID = req.getParameter(PARAM_SESSIONID);
- resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
- try {
- String getIdentityLinkForm =
- AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID);
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
- Logger.debug("Finished GET StartAuthentication");
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
- }
-
-
- /**
- * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doGet(req, resp);
- }
-
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
deleted file mode 100644
index 6ec4a247d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ /dev/null
@@ -1,120 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for verifying the signed authentication block
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class VerifyAuthenticationBlockServlet extends AuthServlet {
-
-
- /**
- * Constructor for VerifyAuthenticationBlockServlet.
- */
- public VerifyAuthenticationBlockServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET VerifyAuthenticationBlock");
- }
-
- /**
- * Verifies the signed authentication block and redirects the browser
- * to the online application requested, adding a parameter needed for
- * retrieving the authentication data.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * </ul>
- * Response:
- * <ul>
- * <li>Status: <code>302</code></li>
- * <li>Header <code>"Location"</code>: URL of the online application requested, with
- * parameters <code>"Target"</code>(only if the online application is
- * a public service) and <code>"SAMLArtifact"</code> added</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see AuthenticationServer#verifyAuthenticationBlock
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST VerifyAuthenticationBlock");
- Map parameters;
- try
- {
- parameters = getParameters(req);
- } catch (FileUploadException e)
- {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
- String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
-
- try {
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
- String redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
-
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
-
- }
- /**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- private static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
deleted file mode 100644
index 2134c1444..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ /dev/null
@@ -1,107 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Enumeration;
-import java.util.Map;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.fileupload.FileUploadException;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for verifying the identity link
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class VerifyIdentityLinkServlet extends AuthServlet {
-
- /**
- * Constructor for VerifyIdentityLinkServlet.
- */
- public VerifyIdentityLinkServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET VerifyIdentityLink");
- }
-
- /**
- * Verifies the identity link and responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
- * </ul>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/xml"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST VerifyIdentityLink");
- Map parameters;
- try
- {
- parameters = getParameters(req);
- } catch (FileUploadException e)
- {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
-
- try {
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
- String createXMLSignatureRequest =
- AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
- resp.setStatus(307);
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
- resp.addHeader("Location", dataURL);
-
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
-
- OutputStream out = resp.getOutputStream();
- out.write(createXMLSignatureRequest.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST VerifyIdentityLink");
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
deleted file mode 100644
index e6c9f4bee..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ /dev/null
@@ -1,274 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import java.util.Iterator;
-import java.util.List;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- *
- * This class is used to validate an {@link CreateXMLSignatureResponse}
- * returned by the security layer.
- * This class implements the Singleton pattern.
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class CreateXMLSignatureResponseValidator {
-
-
- /** Xpath expression to the dsig:Signature element */
- private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
-
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static CreateXMLSignatureResponseValidator instance;
-
- /**
- * Constructor for a singleton CreateXMLSignatureResponseValidator.
- * @return an instance of CreateXMLSignatureResponseValidator
- * @throws ValidateException if no instance can be created
- */
- public static synchronized CreateXMLSignatureResponseValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new CreateXMLSignatureResponseValidator();
- }
- return instance;
- }
-
-
- /**
- * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
- * @param createXMLSignatureResponse
- * @param session
- * @throws ValidateException
- */
- public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
- throws ValidateException {
-
- // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-
- String gbTarget = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
- boolean businessService = session.getBusinessService();
-
- IdentityLink identityLink = session.getIdentityLink();
-
- Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
- String issuer = samlAssertion.getAttribute("Issuer");
- if (issuer == null) {
- // should not happen, because parser would dedect this
- throw new ValidateException("validator.32", null);
- }
- String issueInstant = samlAssertion.getAttribute("IssueInstant");
- if (!issueInstant.equals(session.getIssueInstant())) {
- throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()});
- }
-
- String name = identityLink.getName();
- if (!issuer.equals(name)) {
- throw new ValidateException("validator.33", new Object[] {issuer, name});
- }
-
- SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes();
-
- boolean foundOA = false;
- boolean foundGB = false;
- boolean foundWBPK = false;
- int offset = 0;
-
- // check number of SAML aatributes
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- int extendedSAMLAttributesNum = 0;
- if (extendedSAMLAttributes != null) {
- extendedSAMLAttributesNum = extendedSAMLAttributes.size();
- }
- int expectedSAMLAttributeNumber =
- AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum;
- if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--;
- int actualSAMLAttributeNumber = samlAttributes.length;
- if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) {
- Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " +
- expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber);
- throw new ValidateException(
- "validator.36",
- new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)});
- }
-
- SAMLAttribute samlAttribute;
- if (session.getSAMLAttributeGebeORwbpk()) {
- // check the first attribute ("Geschaeftsbereich" or "wbPK")
- samlAttribute = samlAttributes[0];
- if (businessService) {
- if (!samlAttribute.getName().equals("wbPK")) {
- if (samlAttribute.getName().equals("Geschaeftsbereich")) {
- throw new ValidateException("validator.26", null);
- } else {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
- }
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundWBPK = true;
- try {
- Element attrValue = (Element)samlAttribute.getValue();
- String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
- String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
- if (!value.equals(identityLink.getIdentificationValue())) {
- throw new ValidateException("validator.28", null);
- }
- if (!type.equals(identityLink.getIdentificationType())) {
- throw new ValidateException("validator.28", null);
- }
- } catch (Exception ex) {
- throw new ValidateException("validator.29", null);
- }
- } else {
- throw new ValidateException("validator.30", null);
- }
- } else {
- if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
- if (samlAttribute.getName().equals("wbPK")) {
- throw new ValidateException("validator.26", null);
- } else {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
- }
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundGB = true;
- if (!gbTarget.equals((String)samlAttribute.getValue())) {
- throw new ValidateException("validator.13", null);
- }
- } else {
- throw new ValidateException("validator.12", null);
- }
- }
- } else {
- offset--;
- }
-
- // check the second attribute (must be "OA")
- samlAttribute = samlAttributes[1 + offset];
- if (!samlAttribute.getName().equals("OA")) {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)});
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundOA = true;
- if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
- throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()});
- }
- } else {
- throw new ValidateException("validator.15", null);
- }
-
- // check the third attribute (must be "Geburtsdatum")
- samlAttribute = samlAttributes[2 + offset];
- if (!samlAttribute.getName().equals("Geburtsdatum")) {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)});
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- String samlDateOfBirth = (String)samlAttribute.getValue();
- String dateOfBirth = identityLink.getDateOfBirth();
- if (!samlDateOfBirth.equals(dateOfBirth)) {
- throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth});
- }
- } else {
- throw new ValidateException("validator.35", null);
- }
-
- // now check the extended SAML attributes
- int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
- if (extendedSAMLAttributes != null) {
- Iterator it = extendedSAMLAttributes.iterator();
- while (it.hasNext()) {
- ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
- samlAttribute = samlAttributes[i];
- String actualName = samlAttribute.getName();
- String expectedName = extendedSAMLAttribute.getName();
- if (!actualName.equals(expectedName)) {
- throw new ValidateException(
- "validator.38",
- new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName });
- }
- String actualNamespace = samlAttribute.getNamespace();
- String expectedNamespace = extendedSAMLAttribute.getNameSpace();
- if (!actualNamespace.equals(expectedNamespace)) {
- throw new ValidateException(
- "validator.38",
- new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, });
- }
- Object expectedValue = extendedSAMLAttribute.getValue();
- Object actualValue = samlAttribute.getValue();
- try {
- if (expectedValue instanceof String) {
- // replace \r\n because text might be base64-encoded
- String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
- expValue = StringUtils.replaceAll(expValue,"\n","");
- String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
- actValue = StringUtils.replaceAll(actValue,"\n","");
- if (!expValue.equals(actValue)) {
- throw new ValidateException(
- "validator.38",
- new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue });
- }
- } else if (expectedValue instanceof Element) {
- // only check the name of the element
- String actualElementName = ((Element)actualValue).getNodeName();
- String expectedElementName = ((Element)expectedValue).getNodeName();
- if (!(expectedElementName.equals(actualElementName))){
- throw new ValidateException(
- "validator.38",
- new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName});
- }
- } else {
- // should not happen
- throw new ValidateException(
- "validator.38",
- new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()});
- }
- } catch (ClassCastException e) {
- throw new ValidateException(
- "validator.38",
- new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()});
- }
- i++;
- }
- }
-
-
- if (!foundOA) throw new ValidateException("validator.14", null);
- if (businessService) {
- if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) throw new ValidateException("validator.31", null);
- } else {
- if (!foundGB) throw new ValidateException("validator.11", null);
- }
-
- //Check if dsig:Signature exists
-// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
-// if (nl.getLength() != 1) {
-// throw new ValidateException("validator.05", null);
-// }
- Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH);
- if (dsigSignature == null) {
- throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
- }
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
deleted file mode 100644
index 444f706e4..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ /dev/null
@@ -1,159 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * This class is used to validate an {@link IdentityLink}
- * returned by the security layer
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class IdentityLinkValidator implements Constants {
-
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching PersonData Namespaces */
- private static final String PDATA = PD_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = SAML_PREFIX + ":";
- /** Xpath prefix for reaching XML-DSIG Namespaces */
- private static final String DSIG = DSIG_PREFIX + ":";
- /** Xpath prefix for reaching ECDSA Namespaces */
- private static final String ECDSA = ECDSA_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "";
- /** Xpath expression to the SAML:SubjectConfirmationData element */
- private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Subject/"
- + SAML
- + "SubjectConfirmation/"
- + SAML
- + "SubjectConfirmationData";
-/** Xpath expression to the PersonData:Person element */
- private static final String PERSON_XPATH =
- SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person";
- /** Xpath expression to the SAML:Attribute element */
- private static final String ATTRIBUTE_XPATH =
- ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
- /** Xpath expression to the SAML:AttributeName attribute */
- private static final String ATTRIBUTE_NAME_XPATH =
- ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
- /** Xpath expression to the SAML:AttributeNamespace attribute */
- private static final String ATTRIBUTE_NAMESPACE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/@AttributeNamespace";
- /** Xpath expression to the SAML:AttributeValue element */
- private static final String ATTRIBUTE_VALUE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/"
- + SAML
- + "AttributeValue";
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static IdentityLinkValidator instance;
-
- /**
- * Constructor for a singleton IdentityLinkValidator.
- * @return a new IdentityLinkValidator instance
- * @throws ValidateException if no instance can be created
- */
- public static synchronized IdentityLinkValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new IdentityLinkValidator();
- }
- return instance;
- }
-
- /**
- * Method validate. Validates the {@link IdentityLink}
- * @param identityLink The identityLink to validate
- * @throws ValidateException on any validation error
- */
- public void validate(IdentityLink identityLink) throws ValidateException {
-
- Element samlAssertion = identityLink.getSamlAssertion();
- //Search the SAML:ASSERTION Object (A2.054)
- if (samlAssertion == null) {
- throw new ValidateException("validator.00", null);
- }
-
- // Check how many saml:Assertion/saml:AttributeStatement/
- // saml:Subject/ saml:SubjectConfirmation/
- // saml:SubjectConfirmationData/pr:Person of type
- // PhysicalPersonType exist (A2.056)
- NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH);
- // If we have just one Person-Element we don't need to check the attributes
- int counterPhysicalPersonType = 0;
- if (nl.getLength() > 1)
- for (int i = 0; i < nl.getLength(); i++) {
- String xsiType =
- ((Element) nl.item(i))
- .getAttributeNodeNS(
- "http://www.w3.org/2001/XMLSchema-instance",
- "type")
- .getNodeValue();
- // We have to check if xsiType contains "PhysicalPersonType"
- // An equal-check will fail because of the Namespace-prefix of the attribute value
- if (xsiType.indexOf("PhysicalPersonType") > -1)
- counterPhysicalPersonType++;
- }
- if (counterPhysicalPersonType > 1)
- throw new ValidateException("validator.01", null);
-
- //Check the SAML:ATTRIBUTES
- nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH);
- for (int i = 0; i < nl.getLength(); i++) {
- String attributeName =
- XPathUtils.getAttributeValue(
- (Element) nl.item(i),
- "@AttributeName",
- null);
- String attributeNS =
- XPathUtils.getAttributeValue(
- (Element) nl.item(i),
- "@AttributeNamespace",
- null);
- if (attributeName.equals("CitizenPublicKey")) {
-
- if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") ||
- attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) {
- Element attributeValue =
- (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue");
- if (attributeValue==null)
- attributeValue =
- (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
- if (attributeValue == null)
- throw new ValidateException("validator.02", null);
-
- }
- else
- throw new ValidateException("validator.03", new Object [] {attributeNS} );
- }
- else
- throw new ValidateException("validator.04", new Object [] {attributeName} );
- }
-
- //Check if dsig:Signature exists
- Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature");
- if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"});
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
deleted file mode 100644
index c776418ab..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-
-/**
- * Validates an InfoboxReadResponse.
- * An implementing class has to validate the content of the InfoboxReadResponse
- * according to the type specific rules and guidelines of the underlying
- * application.
- */
-public interface InfoboxValidator {
-
- /**
- * This method validates an InfoboxReadResponse.
- * The method validates the content of the passed <code>infoboxReadResponse</code>
- * according to the type specific rules and guidelines of the underlying
- * application.
- *
- * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams
- * Parameters} needed by the validator.
- *
- * @return <code>True</code> if validation succeeds,
- * otherwise <code>false</code>.
- *
- * @throws ValidateException If an error occurs on validating the
- * InfoboxReadResponse.
- */
- public InfoboxValidationResult validate (InfoboxValidatorParams params)
- throws ValidateException;
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
deleted file mode 100644
index a6685fca8..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown while validating an incoming XML structure
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ValidateException extends MOAIDException {
-
- /**
- * Constructor for ValidateException.
- * @param messageId
- * @param parameters
- */
- public ValidateException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ValidateException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ValidateException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
deleted file mode 100644
index 1f2ebc37c..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ /dev/null
@@ -1,177 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import iaik.asn1.structures.Name;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.utils.RFC2253NameParserException;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * This class is used to validate an {@link VerifyXMLSignatureResponse}
- * returned by MOA-SPSS
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureResponseValidator {
-
- /** Identification string for checking identity link */
- public static final String CHECK_IDENTITY_LINK = "IdentityLink";
- /** Identification string for checking authentication block */
- public static final String CHECK_AUTH_BLOCK = "AuthBlock";
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static VerifyXMLSignatureResponseValidator instance;
-
- /**
- * Constructor for a singleton VerifyXMLSignatureResponseValidator.
- */
- public static synchronized VerifyXMLSignatureResponseValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new VerifyXMLSignatureResponseValidator();
- }
- return instance;
- }
-
- /**
- * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS.
- *
- * @param verifyXMLSignatureResponse the <code>&lt;VerifyXMLSignatureResponse&gt;</code>
- * @param identityLinkSignersSubjectDNNames subject names configured
- * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
- * @param ignoreManifestValidationResult specifies whether the validation result of the
- * manifest has to be ignored (identityLink validation if
- * the OA is a business service) or not
- * @throws ValidateException on any validation error
- */
- public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- List identityLinkSignersSubjectDNNames,
- String whatToCheck,
- boolean ignoreManifestValidationResult)
- throws ValidateException {
-
- if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
- throw new ValidateException("validator.06", null);
-
- if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
- String checkFailedReason ="";
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
-
- if (whatToCheck.equals(CHECK_IDENTITY_LINK))
- throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
- else
- throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
- }
-
- if (ignoreManifestValidationResult) {
- Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result");
- } else {
- if (verifyXMLSignatureResponse.isXmlDSIGManigest())
- if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
- throw new ValidateException("validator.08", null);
- }
-
-
- // TODO See Bug #322
- // Check result of SignatureManifestCheck
-
-
- //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
- if (identityLinkSignersSubjectDNNames != null) {
- String subjectDN = "";
- X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
- try {
- subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
- }
- catch (RFC2253NameParserException e) {
- throw new ValidateException("validator.17", null);
- }
- // check the authorisation to sign the identity link
- if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
- // subject DN check failed, try OID check:
- try {
- if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) {
- throw new ValidateException("validator.18", new Object[] { subjectDN });
- } else {
- Logger.debug("Identity link signer cert accepted for signing identity link: " +
- "subjectDN check failed, but OID check successfully passed.");
- }
- } catch (X509ExtensionInitException e) {
- throw new ValidateException("validator.49", null);
- }
- } else {
- Logger.debug("Identity link signer cert accepted for signing identity link: " +
- "subjectDN check successfully passed.");
- }
-
- }
- }
-
- /**
- * Method validateCertificate.
- * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
- * @param idl The Identitylink
- * @throws ValidateException
- */
- public void validateCertificate(
- VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- IdentityLink idl)
- throws ValidateException {
-
- X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
- PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
-
- PublicKey pubKeySignature = x509Response.getPublicKey();
-
- boolean found = false;
- for (int i = 0; i < pubKeysIdentityLink.length; i++) {
-
- //compare RSAPublicKeys
- if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) &&
- (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) {
-
- RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature;
- RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
-
- if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus())
- && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent()))
- found = true;
- }
-
- //compare ECDSAPublicKeys
- if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) &&
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) {
-
- ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature;
- ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i];
-
- if(ecdsakey.equals(ecdsaPubKeySignature))
- found = true;
- }
- }
-
- if (!found)
- throw new ValidateException("validator.09", null);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
deleted file mode 100644
index 90b780526..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ /dev/null
@@ -1,894 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-import iaik.pki.pathvalidation.ChainingModes;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
-import java.math.BigInteger;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Vector;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.Schema;
-import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
-import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathException;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * A class that builds configuration data from a DOM based representation.
- *
- * @author Patrick Peck
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class ConfigurationBuilder {
-
- //
- // XPath namespace prefix shortcuts
- //
- /** an XPATH-Expression */
- protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
- /** an XPATH-Expression */
- protected static final String DSIG = Constants.DSIG_PREFIX + ":";
-
- //
- // chaining mode constants appearing in the configuration file
- //
- /** an XPATH-Expression */
- protected static final String CM_CHAINING = "chaining";
- /** an XPATH-Expression */
- protected static final String CM_PKIX = "pkix";
- /** an XPATH-Expression */
- protected static final String DEFAULT_ENCODING = "UTF-8";
-
- //
- // XPath expressions to select certain parts of the configuration
- //
- /** an XPATH-Expression */
- protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
-
- /** an XPATH-Expression */
- protected static final String AUTH_BKU_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
- /** an XPATH-Expression */
- protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL";
- /** an XPATH-Expression */
- protected static final String AUTH_TEMPLATE_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL";
- /** an XPATH-Expression */
- public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
- /** an XPATH-Expression */
- protected static final String AUTH_MOA_SP_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
- /** an XPATH-Expression */
- protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
- /** an XPATH-Expression */
- protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
- /** an XPATH-Expression */
- protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
-
- /** an XPATH-Expression */
- protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
-
- /** an XPATH-Expression */
- public static final String AUTH_VERIFY_INFOBOXES_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
-
- /** an XPATH-Expression */
- protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
- /** an XPATH-Expression */
- protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
- /** an XPATH-Expression */
- protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
- /** an XPATH-Expression */
- protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber";
- /** an XPATH-Expression */
- protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH =
- CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL";
- /** an XPATH-Expression */
- protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH =
- CONF + "Templates/" + CONF + "Template/@URL";
- /** an XPATH-Expression */
- protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
- /** an XPATH-Expression */
- protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
- /** an XPATH-Expression */
- protected static final String CONNECTION_PARAMETER_URL_XPATH =
- CONF + "ConnectionParameter/@URL";
- /** an XPATH-Expression */
- protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
- CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
- /** an XPATH-Expression */
- protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
- CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
- /** an XPATH-Expression */
- protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
- CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
- /** an XPATH-Expression */
- protected static final String GENERIC_CONFIGURATION_XPATH =
- ROOT + CONF + "GenericConfiguration";
-
- /** an XPATH-Expression */
- protected static final String CHAINING_MODES_XPATH =
- ROOT + CONF + "ChainingModes";
- /** an XPATH-Expression */
- protected static final String CHAINING_MODES_DEFAULT_XPATH =
- CHAINING_MODES_XPATH + "/@systemDefaultMode";
- /** an XPATH-Expression */
- protected static final String TRUST_ANCHOR_XPATH =
- ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
- /** an XPATH-Expression */
- protected static final String ISSUER_XPATH = DSIG + "X509IssuerName";
- /** an XPATH-Expression */
- protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
- /** an XPATH-Expression */
- protected static final String TRUSTED_CA_CERTIFICATES_XPATH =
- ROOT + CONF + "TrustedCACertificates";
-
- /** an XPATH-Expression */
- protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile";
- /** an XPATH-Expression */
- protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID";
- /** an XPATH-Expression */
- protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox";
-
-
-
-
- /**
- * main configuration file directory name used to configure MOA-ID
- */
- protected String rootConfigFileDir_;
-
- /** The root element of the MOA-ID configuration */
- protected Element configElem_;
-
- /**
- * Creates a new <code>MOAConfigurationProvider</code>.
- *
- * @param configElem The root element of the MOA-ID configuration.
- */
- public ConfigurationBuilder(Element configElem, String rootConfigDir) {
- configElem_ = configElem;
- rootConfigFileDir_ = rootConfigDir;
- }
-
- /**
- * Returns the root element of the MOA-ID configuration.
- *
- * @return The root element of the MOA-ID configuration.
- */
- public Element getConfigElem() {
- return configElem_;
- }
-
- /**
- * Build a ConnectionParameter object containing all information
- * of the moa-sp element in the authentication component
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter buildAuthBKUConnectionParameter() {
-
- Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH);
- if (authBKU==null) return null;
- return buildConnectionParameter(authBKU);
- }
-
- /**
- * Method buildAuthBKUSelectionType.
- *
- * Build a string with the configuration value of BKUSelectionAlternative
- *
- * @return String
- */
- public String buildAuthBKUSelectionType() {
-
- Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH);
- if (authBKU==null) return null;
- return (authBKU).getAttribute("BKUSelectionAlternative");
- }
-
- /**
- * Build a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @param contextNode The node from which should be searched
- * @param xpathExpr The XPATH expression for the search
- * @return String[] of filenames to the Security Layer Transforms Information
- * or <code>null</code> if no transforms are included
- */
- public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) {
-
- List transformsInfoFileNames = new ArrayList();
-
- try {
- NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr);
-
- Attr tiElem;
- while ((tiElem = (Attr) tiIter.nextNode()) != null) {
- String tiFileName = tiElem.getNodeValue();
- transformsInfoFileNames.add(tiFileName);
- }
-
- String[] result = new String[transformsInfoFileNames.size()];
- transformsInfoFileNames.toArray(result);
-
- return result;
- } catch (XPathException xpe) {
- return new String[0];
- }
- }
-
-
- /**
- * Loads the <code>transformsInfos</code> from files.
- * @throws Exception on any exception thrown
- */
- public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
-
- String[] transformsInfos = new String[transformsInfoFileNames.length];
- for (int i = 0; i < transformsInfoFileNames.length; i++) {
- String fileURL = transformsInfoFileNames[i];
-
- //if fileURL is relative to rootConfigFileDir make it absolute
- fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_);
- String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
- transformsInfos[i] = transformsInfo;
- }
- return transformsInfos;
- }
-
- /**
- * Build a ConnectionParameter bean containing all information
- * of the authentication component moa-sp element
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter buildMoaSpConnectionParameter() {
-
- Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH);
- if (connectionParameter==null) return null;
- return buildConnectionParameter(connectionParameter);
- }
-
- /**
- * Return a string with a url-reference to the VerifyIdentityLink trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyIdentityLink trust profile ID
- */
- public String getMoaSpIdentityLinkTrustProfileID() {
- return XPathUtils.getElementValue(
- configElem_,
- AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
- "");
- }
- /**
- * Return a string representation of an URL pointing to trusted CA Certificates
- * @return String representation of an URL pointing to trusted CA Certificates
- */
- public String getTrustedCACertificates() {
- return XPathUtils.getElementValue(
- configElem_,
- TRUSTED_CA_CERTIFICATES_XPATH,null);
- }
-
- /**
- * Return a string with a url-reference to the VerifyAuthBlock trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyAuthBlock trust profile ID
- */
- public String getMoaSpAuthBlockTrustProfileID() {
- return XPathUtils.getElementValue(
- configElem_,
- AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
- "");
- }
- /**
- * Build a string array with references to all verify transform info
- * IDs within the moa-sp part of the authentication component
- * @return A string array containing all urls to the
- * verify transform info IDs
- */
- public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {
-
- List verifyTransformsInfoIDs = new ArrayList();
- NodeIterator vtIter =
- XPathUtils.selectNodeIterator(
- configElem_,
- AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
- Element vtElem;
-
- while ((vtElem = (Element) vtIter.nextNode()) != null) {
-
- String vtInfoIDs = DOMUtils.getText(vtElem);
- verifyTransformsInfoIDs.add(vtInfoIDs);
- }
- String[] result = new String[verifyTransformsInfoIDs.size()];
- verifyTransformsInfoIDs.toArray(result);
-
- return result;
- }
-
-
- /**
- * Returns a list containing all X509 Subject Names
- * of the Identity Link Signers
- * @return a list containing the configured identity-link signer X509 subject names
- */
- public List getIdentityLink_X509SubjectNames() {
-
- Vector x509SubjectNameList = new Vector();
- NodeIterator x509Iter =
- XPathUtils.selectNodeIterator(
- configElem_,
- AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
- Element x509Elem;
-
- while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
- String vtInfoIDs = DOMUtils.getText(x509Elem);
- x509SubjectNameList.add(vtInfoIDs);
- }
-
- // now add the default identity link signers
- String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
- for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
- String identityLinkSigner = identityLinkSignersWithoutOID[i];
- if (!x509SubjectNameList.contains(identityLinkSigner)) {
- x509SubjectNameList.add(identityLinkSigner);
- }
- }
-
- return x509SubjectNameList;
- }
-
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- *
- * @param defaultVerifyInfoboxParameters Default parameters for verifying additional
- * infoboxes. Maybe <code>null</code>.
- * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
- * the identity link signer certificate. Needed for
- * checking if this ID is not used for validating other
- * infoboxes.
- *
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the authentication component of the online
- * application
- */
- public OAAuthParameter[] buildOnlineApplicationAuthParameters(
- VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID)
- throws ConfigurationException
- {
-
- String bkuSelectionTemplateURL =
- XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
- String templateURL =
- XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
-
- List OA_set = new ArrayList();
- NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
-
- for (int i = 0; i < OAIter.getLength(); i++) {
- Element oAElem = (Element) OAIter.item(i);
- Element authComponent =
- (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);
-
- OAAuthParameter oap = new OAAuthParameter();
- String publicURLPrefix = oAElem.getAttribute("publicURLPrefix");
- oap.setPublicURLPrefix(publicURLPrefix);
- oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
-
- // get the type of the online application
- String oaType = oAElem.getAttribute("type");
- oap.setOaType(oaType);
- String slVersion = "1.1";
- if ("businessService".equalsIgnoreCase(oaType)) {
- if (authComponent==null) {
- Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\"");
- throw new ConfigurationException("config.02", null);
- }
- Element identificationNumberElem =
- (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH);
- if (identificationNumberElem==null) {
- Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
- throw new ConfigurationException("config.02", null);
- }
- Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes());
- if (identificationNumberChild == null) {
- Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
- throw new ConfigurationException("config.02", null);
- }
- if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) {
- oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
- } else {
- // If we have business service and want to dealt with GDA, the security layer can be advised to calulate
- // the Health Professional Identifier HPI instead of the wbPK
- Logger.info("OA uses HPI for Identification");
- oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
- }
-
- // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file
- Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2");
- slVersion = "1.2";
-
- } else {
-
- if (authComponent!=null) {
- slVersion = authComponent.getAttribute("slVersion");
- }
-
- }
- oap.setSlVersion(slVersion);
- //Check if there is an Auth-Block to read from configuration
-
- if (authComponent!=null)
- {
- oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl")));
- oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
- oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
- oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
- oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
- oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));
- // load OA specific transforms if present
- String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);
- try {
- oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames));
- } catch (Exception ex) {
- Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms.");
- }
- Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
- oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
- verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));
- }
- OA_set.add(oap);
- }
- OAAuthParameter[] result =
- new OAAuthParameter[OA_set.size()];
- OA_set.toArray(result);
-
- return result;
-
- }
-
- /**
- * Builds the URL for a BKUSelectionTemplate or a Template. The method selects
- * the uri string from the MOA ID configuration file via the given xpath expression
- * and returns either this string or the default value.
- *
- * @param oaAuthComponent The AuthComponent element to get the template from.
- * @param xpathExpr The xpath expression for selecting the template uri.
- * @param defaultURL The default template url.
- * @return The template url. This may either the via xpath selected uri
- * or, if no template is specified within the online appliacation,
- * the default url. Both may be <code>null</code>.
- */
- protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) {
- String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL);
- if (templateURL != null) {
- templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
- }
- return templateURL;
- }
-
-
- /**
- * Method buildConnectionParameter: internal Method for creating a
- * ConnectionParameter object with all data found in the incoming element
- * @param root This Element contains the ConnectionParameter
- * @return ConnectionParameter
- */
- protected ConnectionParameter buildConnectionParameter(Element root)
- {
- ConnectionParameter result = new ConnectionParameter();
- result.setAcceptedServerCertificates(
- XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
-
- result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
- result.getAcceptedServerCertificates(), rootConfigFileDir_));
-
- result.setUrl(
- XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
- result.setClientKeyStore(
- XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
-
- result.setClientKeyStore(FileUtils.makeAbsoluteURL(
- result.getClientKeyStore(), rootConfigFileDir_));
-
- result.setClientKeyStorePassword(
- XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
-
- if ((result.getAcceptedServerCertificates()==null)
- && (result.getUrl()=="")
- && (result.getClientKeyStore()==null)
- && (result.getClientKeyStorePassword()==""))
- return null;
-
- return result;
- }
-
-
- /**
- * Build the mapping of generic configuration properties.
- *
- * @return a {@link Map} of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map buildGenericConfiguration() {
-
- Map genericConfiguration = new HashMap();
- NodeIterator gcIter =
- XPathUtils.selectNodeIterator(
- configElem_,
- GENERIC_CONFIGURATION_XPATH);
- Element gcElem;
-
- while ((gcElem = (Element) gcIter.nextNode()) != null) {
- String gcName = gcElem.getAttribute("name");
- String gcValue = gcElem.getAttribute("value");
-
- genericConfiguration.put(gcName, gcValue);
- }
-
- return genericConfiguration;
- }
-
-
- /**
- * Returns the default chaining mode from the configuration.
- *
- * @return The default chaining mode.
- */
- public String getDefaultChainingMode() {
- String defaultChaining =
- XPathUtils.getAttributeValue(
- configElem_,
- CHAINING_MODES_DEFAULT_XPATH,
- CM_CHAINING);
-
- return translateChainingMode(defaultChaining);
-
- }
- /**
- * Build the chaining modes for all configured trust anchors.
- *
- * @return The mapping from trust anchors to chaining modes.
- */
- public Map buildChainingModes() {
- Map chainingModes = new HashMap();
- NodeIterator trustIter =
- XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH);
- Element trustAnchorElem;
-
- while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
- IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
- String mode = trustAnchorElem.getAttribute("mode");
-
- if (issuerAndSerial != null) {
- chainingModes.put(issuerAndSerial, translateChainingMode(mode));
- }
- }
-
- return chainingModes;
- }
-
- /**
- * Build an <code>IssuerAndSerial</code> from the DOM representation.
- *
- * @param root The root element (being of type <code>dsig:
- * X509IssuerSerialType</code>.
- * @return The issuer and serial number contained in the <code>root</code>
- * element or <code>null</code> if could not be built for any reason.
- */
- protected IssuerAndSerial buildIssuerAndSerial(Element root) {
- String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
- String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);
-
- if (issuer != null && serial != null) {
- try {
- RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
- Principal issuerDN = nameParser.parse();
-
- return new IssuerAndSerial(issuerDN, new BigInteger(serial));
- } catch (RFC2253NameParserException e) {
- warn("config.09", new Object[] { issuer, serial }, e);
- return null;
- } catch (NumberFormatException e) {
- warn("config.09", new Object[] { issuer, serial }, e);
- return null;
- }
- }
- return null;
- }
-
- /**
- * Translate the chaining mode from the configuration file to one used in the
- * IAIK MOA API.
- *
- * @param chainingMode The chaining mode from the configuration.
- * @return The chaining mode as provided by the <code>ChainingModes</code>
- * interface.
- * @see iaik.pki.pathvalidation.ChainingModes
- */
- protected String translateChainingMode(String chainingMode) {
- if (chainingMode.equals(CM_CHAINING)) {
- return ChainingModes.CHAIN_MODE;
- } else if (chainingMode.equals(CM_PKIX)) {
- return ChainingModes.PKIX_MODE;
- } else {
- return ChainingModes.CHAIN_MODE;
- }
- }
-
- /**
- * Builds the IdentityLinkDomainIdentifier as needed for providing it to the
- * SecurityLayer for computation of the wbPK.
- * <p>e.g.:<br>
- * input element:
- * <br>
- * <code>&lt;pr:Firmenbuchnummer Identifier="FN"&gt;000468 i&lt;/pr:Firmenbuchnummer&gt;</code>
- * <p>
- * return value: <code>urn:publicid:gv.at+wbpk+FN468i</code>
- *
- * @param number The element holding the identification number of the business
- * company.
- * @return The domain identifier
- */
- protected String buildIdentityLinkDomainIdentifier(Element number) {
- if (number == null) {
- return null;
- }
- String identificationNumber = number.getFirstChild().getNodeValue();
- String identifier = number.getAttribute("Identifier");
- // remove all blanks
- identificationNumber = StringUtils.removeBlanks(identificationNumber);
- if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) {
- // delete zeros from the beginning of the number
- identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber);
- // remove hyphens
- identificationNumber = StringUtils.removeToken(identificationNumber, "-");
- }
- StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK);
- identityLinkDomainIdentifier.append("+");
- if (!identificationNumber.startsWith(identifier)) {
- identityLinkDomainIdentifier.append(identifier);
- }
- identityLinkDomainIdentifier.append("+");
- identityLinkDomainIdentifier.append(identificationNumber);
- return identityLinkDomainIdentifier.toString();
- }
-
- /**
- * Builds the parameters for verifying additional infoboxes (additional to the
- * IdentityLink infobox).
- *
- * @param verifyInfoboxesElem The <code>VerifyInfoboxes</code> element from the
- * config file. This maybe the global element or the
- * elment from an Online application.
- * @param defaultVerifyInfoboxParameters Default parameters to be used, if no
- * <code>VerifyInfoboxes</code> element is present.
- * This only applies to parameters
- * of an specific online application and is set to
- * <code>null</code> when building the global parameters.
- * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
- * the identity link signer certificate. Needed for
- * checking if this ID is not used for validating other
- * infoboxes.
- *
- * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters}
- * object needed for verifying additional infoboxes.
- *
- * @throws ConfigurationException If the trust profile for validating the identity link
- * signer certificate is used for validating another infobox.
- */
- public VerifyInfoboxParameters buildVerifyInfoboxParameters(
- Node verifyInfoboxesElem,
- VerifyInfoboxParameters defaultVerifyInfoboxParameters,
- String moaSpIdentityLinkTrustProfileID)
- throws ConfigurationException
- {
-
- if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) {
- return null;
- }
- Vector identifiers = new Vector();
- List defaultIdentifiers = null;
- Map defaultInfoboxParameters = null;
- if (defaultVerifyInfoboxParameters != null) {
- defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers();
- defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
- }
- Hashtable infoboxParameters = new Hashtable();
- if (verifyInfoboxesElem != null) {
- // get the DefaultTrustProfileID
- String defaultTrustProfileID = null;
- Node defaultTrustProfileNode =
- XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH);
- if (defaultTrustProfileNode != null) {
- Node trustProfileIDNode =
- XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH);
- defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue();
- if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
- throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
- }
- }
- // get the Infoboxes
- NodeList infoboxes =
- XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH);
- for (int i=0; i<infoboxes.getLength(); i++) {
- Element infoBoxElem = (Element)infoboxes.item(i);
- // get the identifier of the infobox
- String identifier = infoBoxElem.getAttribute("Identifier");
- identifiers.add(identifier);
- VerifyInfoboxParameter verifyInfoboxParameter = new VerifyInfoboxParameter(identifier);
- verifyInfoboxParameter.setFriendlyName(identifier);
- // get the attributes
- // (1) required: override global value in any case
- verifyInfoboxParameter.setRequired(BoolUtils.valueOf(
- infoBoxElem.getAttribute("required")));
- // (2) provideStammzahl: override global value in any case
- verifyInfoboxParameter.setProvideStammzahl(BoolUtils.valueOf(
- infoBoxElem.getAttribute("provideStammzahl")));
- // (3) proviedIdentityLink: override global value in any case
- verifyInfoboxParameter.setProvideIdentityLink(BoolUtils.valueOf(
- infoBoxElem.getAttribute("provideIdentityLink")));
- // set default trustprofileID
- if (defaultTrustProfileID != null) {
- verifyInfoboxParameter.setTrustProfileID(defaultTrustProfileID);
- }
- // get the parameter elements
- boolean localValidatorClass = false;
- boolean localFriendlyName = false;
- List params = DOMUtils.getChildElements(infoBoxElem);
- Iterator it = params.iterator();
- while (it.hasNext()) {
- Element paramElem = (Element)it.next();
- String paramName = paramElem.getLocalName();
- if (paramName.equals("FriendlyName")) {
- verifyInfoboxParameter.setFriendlyName(paramElem.getFirstChild().getNodeValue());
- localFriendlyName = true;
- } else if (paramName.equals("TrustProfileID")) {
- String trustProfileID = paramElem.getFirstChild().getNodeValue();
- if (trustProfileID != null) {
- if (trustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
- throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
- }
- verifyInfoboxParameter.setTrustProfileID(trustProfileID);
- }
- } else if (paramName.equals("ValidatorClass")) {
- String validatorClassName = paramElem.getFirstChild().getNodeValue();
- if (validatorClassName != null) {
- verifyInfoboxParameter.setValidatorClassName(validatorClassName);
- localValidatorClass = true;
- }
- } else if (paramName.equals("SchemaLocations")) {
- List schemaElems = DOMUtils.getChildElements(paramElem);
- List schemaLocations = new Vector(schemaElems.size());
- Iterator schemaIterator = schemaElems.iterator();
- while (schemaIterator.hasNext()) {
- Element schemaElem = (Element)schemaIterator.next();
- String namespace = schemaElem.getAttribute("namespace");
- String schemaLocation = schemaElem.getAttribute("schemaLocation");
- // avoid adding the same schema twice
- Iterator schemaLocationIterator = schemaLocations.iterator();
- boolean add = true;
- while (schemaLocationIterator.hasNext()) {
- String existingNamespace = ((Schema)schemaLocationIterator.next()).getNamespace();
- if (namespace.equals(existingNamespace)) {
- Logger.warn("Multiple schemas specified for namespace \"" + namespace +
- "\"; only using the first one.");
- add = false;
- break;
- }
- }
- if (add) {
- schemaLocations.add(new SchemaImpl(namespace, schemaLocation));
- }
- }
- verifyInfoboxParameter.setSchemaLocations(schemaLocations);
- } else if (paramName.equals("ApplicationSpecificParameters")) {
- verifyInfoboxParameter.setApplicationSpecificParams(paramElem);
- }
- }
- // use default values for those parameters not yet set by local configuration
- if (defaultInfoboxParameters != null) {
- Object defaultVerifyIP = defaultInfoboxParameters.get(identifier);
- if (defaultVerifyIP != null) {
- VerifyInfoboxParameter defaultVerifyInfoboxParameter =
- (VerifyInfoboxParameter)defaultVerifyIP;
- // if no friendly is set, use default
- if (!localFriendlyName) {
- verifyInfoboxParameter.setFriendlyName(
- defaultVerifyInfoboxParameter.getFriendlyName());
- }
- // if no TrustProfileID is set, use default, if available
- if (verifyInfoboxParameter.getTrustProfileID() == null) {
- verifyInfoboxParameter.setTrustProfileID(
- defaultVerifyInfoboxParameter.getTrustProfileID());
- }
- // if no local validator class is set, use default
- if (!localValidatorClass) {
- verifyInfoboxParameter.setValidatorClassName(
- defaultVerifyInfoboxParameter.getValidatorClassName());
- }
- // if no schema locations set, use default
- if (verifyInfoboxParameter.getSchemaLocations() == null) {
- verifyInfoboxParameter.setSchemaLocations(
- defaultVerifyInfoboxParameter.getSchemaLocations());
- }
- // if no application specific parameters set, use default
- if (verifyInfoboxParameter.getApplicationSpecificParams() == null) {
- verifyInfoboxParameter.setApplicationSpecificParams(
- defaultVerifyInfoboxParameter.getApplicationSpecificParams());
- }
- }
- }
- infoboxParameters.put(identifier, verifyInfoboxParameter);
- }
- // add the infobox identifiers not present within the local configuration to the
- // identifier list
- if (defaultIdentifiers != null) {
- Iterator identifierIterator = defaultIdentifiers.iterator();
- while (identifierIterator.hasNext()) {
- String defaultIdentifier = (String)identifierIterator.next();
- if (!identifiers.contains(defaultIdentifier)) {
- identifiers.add(defaultIdentifier);
- }
- }
- }
- return new VerifyInfoboxParameters(identifiers, infoboxParameters);
- } else {
- return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters);
- }
- }
-
- /**
- * Method warn.
- * @param messageId to identify a country-specific message
- * @param parameters for the logger
- */
- //
- // various utility methods
- //
-
- protected static void warn(String messageId, Object[] parameters) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
- }
-
- /**
- * Method warn.
- * @param messageId to identify a country-specific message
- * @param args for the logger
- * @param t as throwabl
- */
- protected static void warn(String messageId, Object[] args, Throwable t) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
deleted file mode 100644
index 2ebec0398..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception signalling an error in the configuration.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class ConfigurationException extends MOAIDException {
-
- /**
- * Create a <code>MOAConfigurationException</code>.
- */
- public ConfigurationException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Create a <code>MOAConfigurationException</code>.
- */
- public ConfigurationException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
-
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
deleted file mode 100644
index e65c47bad..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-import java.math.BigInteger;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-
-/**
- * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>,
- * providing functions common to both of them.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationProvider {
-
- /**
- * Constructor
- */
- public ConfigurationProvider() {
- super();
- }
-
- /**
- * The name of the system property which contains the file name of the
- * configuration file.
- */
- public static final String CONFIG_PROPERTY_NAME =
- "moa.id.configuration";
-
- /**
- * The name of the generic configuration property giving the certstore directory path.
- */
- public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
- "DirectoryCertStoreParameters.RootDir";
-
- /**
- * The name of the generic configuration property switching the ssl revocation checking on/off
- */
- public static final String TRUST_MANAGER_REVOCATION_CHECKING =
- "TrustManager.RevocationChecking";
-
-
- /**
- * A <code>Map</code> which contains generic configuration information. Maps a
- * configuration name (a <code>String</code>) to a configuration value (also a
- * <code>String</code>).
- */
- protected Map genericConfiguration;
-
- /** The default chaining mode. */
- protected String defaultChainingMode;
-
- /**
- * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
- * chaining mode (a <code>String</code>) mapping.
- */
- protected Map chainingModes;
-
- /**
- * the URL for the trusted CA Certificates
- */
- protected String trustedCACertificates;
-
- /**
- * main configuration file directory name used to configure MOA-ID
- */
- protected String rootConfigFileDir;
-
- /**
- * Returns the main configuration file directory used to configure MOA-ID
- *
- * @return the directory
- */
- public String getRootConfigFileDir() {
- return rootConfigFileDir;
- }
-
- /**
- * Returns the mapping of generic configuration properties.
- *
- * @return The mapping of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map getGenericConfiguration() {
- return genericConfiguration;
- }
-
- /**
- * Returns the value of a parameter from the generic configuration section.
- *
- * @return the parameter value; <code>null</code> if no such parameter
- */
- public String getGenericConfigurationParameter(String parameter) {
- if (! genericConfiguration.containsKey(parameter))
- return null;
- return (String)genericConfiguration.get(parameter);
- }
-
- /**
- * Return the chaining mode for a given trust anchor.
- *
- * @param trustAnchor The trust anchor for which the chaining mode should be
- * returned.
- * @return The chaining mode for the given trust anchor. If the trust anchor
- * has not been configured separately, the system default will be returned.
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- Principal issuer = trustAnchor.getIssuerDN();
- BigInteger serial = trustAnchor.getSerialNumber();
- IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-
- String mode = (String) chainingModes.get(issuerAndSerial);
- return mode != null ? mode : defaultChainingMode;
- }
-
- /**
- * Returns the trustedCACertificates.
- * @return String
- */
- public String getTrustedCACertificates() {
-
- return trustedCACertificates;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
deleted file mode 100644
index 30b09cfe0..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ /dev/null
@@ -1,106 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-/**
- * This bean class is used to store data for various connectionParameter
- * within the MOA-ID configuration
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class ConnectionParameter {
-
- /**
- * Server URL
- */
- private String url;
- /**
- * File URL for a directory containing PKCS#12 server SSL certificates.
- * From these certificates, a X509 trust store will be assembled for use
- * by a JSSE <code>TrustManager</code>.
- * This field will only be used in case of an HTTPS URL.
- */
- private String acceptedServerCertificates;
- /**
- * File URL of a X509 key store containing the private key to be used
- * for an HTTPS connection when the server requires client authentication.
- * This field will only be used in case of an HTTPS URL.
- */
- private String clientKeyStore;
- /**
- * Password protecting the client key store.
- */
- private String clientKeyStorePassword;
-
- /**
- * Checks whether the URL scheme is <code>"https"</code>.
- * @return true in case of an URL starting with <code>"https"</code>
- */
- public boolean isHTTPSURL() {
- return getUrl().indexOf("https") == 0;
- }
-
- /**
- * Returns the url.
- * @return String
- */
- public String getUrl() {
- return url;
- }
-
- /**
- * Returns the acceptedServerCertificates.
- * @return String
- */
- public String getAcceptedServerCertificates() {
- return acceptedServerCertificates;
- }
-
- /**
- * Sets the acceptedServerCertificates.
- * @param acceptedServerCertificates The acceptedServerCertificates to set
- */
- public void setAcceptedServerCertificates(String acceptedServerCertificates) {
- this.acceptedServerCertificates = acceptedServerCertificates;
- }
-
- /**
- * Sets the url.
- * @param url The url to set
- */
- public void setUrl(String url) {
- this.url = url;
- }
-
- /**
- * Returns the clientKeyStore.
- * @return String
- */
- public String getClientKeyStore() {
- return clientKeyStore;
- }
-
- /**
- * Returns the clientKeyStorePassword.
- * @return String
- */
- public String getClientKeyStorePassword() {
- return clientKeyStorePassword;
- }
-
- /**
- * Sets the clientKeyStore.
- * @param clientKeyStore The clientKeyStore to set
- */
- public void setClientKeyStore(String clientKeyStore) {
- this.clientKeyStore = clientKeyStore;
- }
-
- /**
- * Sets the clientKeyStorePassword.
- * @param clientKeyStorePassword The clientKeyStorePassword to set
- */
- public void setClientKeyStorePassword(String clientKeyStorePassword) {
- this.clientKeyStorePassword = clientKeyStorePassword;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/OAParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/OAParameter.java
deleted file mode 100644
index 19a27b463..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/OAParameter.java
+++ /dev/null
@@ -1,76 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-/**
- * Configuration parameters belonging to an online application,
- * to be used within both, the MOA ID Auth and the
- * MOA ID PROXY component.
- *
- * @author Harald Bratko
- */
-public class OAParameter {
-
- /**
- * type of the online application (maybe "PublicService" or "BusinessService")
- */
- private String oaType;
-
- /**
- * specifies whether the online application is a business application or not
- * (<code>true</code> if value of {@link #oaType} is "businessService"
- */
- private boolean businessService;
-
- /**
- * public URL prefix of the online application
- */
- private String publicURLPrefix;
-
- /**
- * Returns the type of the online application.
- * @return the type of the online application.
- */
- public String getOaType() {
- return oaType;
- }
-
- /**
- * Returns <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>.
- * @return <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>
- */
- public boolean getBusinessService() {
- return this.businessService;
- }
-
- /**
- * Returns the publicURLPrefix.
- * @return String
- */
- public String getPublicURLPrefix() {
- return publicURLPrefix;
- }
-
- /**
- *
- * Sets the type of the online application.
- * If the type is "businessService" the value of <code>businessService</code>
- * ({@link #getBusinessService()}) is also set to <code>true</code>
- * @param oaType The type of the online application.
- */
- public void setOaType(String oaType) {
- this.oaType = oaType;
- if ("businessService".equalsIgnoreCase(oaType)) {
- this.businessService = true;
- }
- }
-
- /**
- * Sets the publicURLPrefix.
- * @param publicURLPrefix The publicURLPrefix to set
- */
- public void setPublicURLPrefix(String publicURLPrefix) {
- this.publicURLPrefix = publicURLPrefix;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
deleted file mode 100644
index b4af6592c..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ /dev/null
@@ -1,414 +0,0 @@
-package at.gv.egovernment.moa.id.config.auth;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * A class providing access to the Auth Part of the MOA-ID configuration data.
- *
- * <p>Configuration data is read from an XML file, whose location is given by
- * the <code>moa.id.configuration</code> system property.</p>
- * <p>This class implements the Singleton pattern. The <code>reload()</code>
- * method can be used to update the configuration data. Therefore, it is not
- * guaranteed that consecutive calls to <code>getInstance()</code> will return
- * the same <code>AuthConfigurationProvider</code> all the time. During the
- * processing of a web service request, the current
- * <code>TransactionContext</code> should be used to obtain the
- * <code>AuthConfigurationProvider</code> local to that request.</p>
- *
- * @author Patrick Peck
- * @author Stefan Knirsch
- *
- * @version $Id$
- */
-public class AuthConfigurationProvider extends ConfigurationProvider {
-
- /** DEFAULT_ENCODING is "UTF-8" */
- private static final String DEFAULT_ENCODING="UTF-8";
- /**
- * The name of the generic configuration property giving the authentication session time out.
- */
- public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
- "AuthenticationSession.TimeOut";
- /**
- * The name of the generic configuration property giving the authentication data time out.
- */
- public static final String AUTH_DATA_TIMEOUT_PROPERTY =
- "AuthenticationData.TimeOut";
-
- /**
- * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code>
- */
- public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
- "HTMLComplete";
-
- /**
- * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code>
- */
- public static final String BKU_SELECTION_TYPE_HTMLSELECT =
- "HTMLSelect";
-
- /**
- * The name of the generic configuration property allowing https connection to
- * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
- */
- public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
- "FrontendServlets.EnableHTTPConnection";
-
- /**
- * The name of the generic configuration property allowing to set a individual
- * DATA URL used to communicate with the BKU (SecurityLayer)
- */
- public static final String INDIVIDUAL_DATA_URL_PREFIX =
- "FrontendServlets.DataURLPrefix";
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static AuthConfigurationProvider instance;
-
- //
- // configuration data
- //
-
- /**
- * configuration files containing transformations for rendering in the
- * secure viewer of the security layer implementation;
- * multiple files can be given for different mime types
- */
- private String[] transformsInfoFileNames;
-
- /**
- * transformations for rendering in the secure viewer of the security layer implementation,
- * read from {@link transformsInfoFileNames};
- * multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
-
- /**
- * parameters for connection to MOA SP component
- */
- private ConnectionParameter moaSpConnectionParameter;
- /**
- * trust profile ID to be used for verifying the identity link signature via MOA ID SP
- */
- private String moaSpIdentityLinkTrustProfileID;
- /**
- * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String moaSpAuthBlockTrustProfileID;
- /**
- * transformations to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
- /**
- * X509 SubjectNames which will be trusted
- */
- private List identityLinkX509SubjectNames;
- /**
- * default parameters for verifying additional infoboxes.
- */
- private VerifyInfoboxParameters defaultVerifyInfoboxParameters;
-
- /**
- * configuration parameters for online applications
- */
- private OAAuthParameter[] onlineApplicationAuthParameters;
- /**
- * the Selection Type of the bku Selection Element
- */
- private String bKUSelectionType;
- /**
- * is the bku Selection Element present?
- */
- private boolean bKUSelectable;
- /**
- * the bku Selection Connection Parameters
- */
- private ConnectionParameter bKUConnectionParameter;
-
- /**
- * Return the single instance of configuration data.
- *
- * @return AuthConfigurationProvider The current configuration data.
- * @throws ConfigurationException
- */
- public static synchronized AuthConfigurationProvider getInstance()
- throws ConfigurationException {
-
- if (instance == null) {
- reload();
- }
- return instance;
- }
-
- /**
- * Reload the configuration data and set it if successful.
- *
- * @return AuthConfigurationProvider The loaded configuration data.
- * @throws ConfigurationException Failure to load the configuration data.
- */
- public static synchronized AuthConfigurationProvider reload()
- throws ConfigurationException {
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
- if (fileName == null) {
- throw new ConfigurationException("config.01", null);
- }
- Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
-
- instance = new AuthConfigurationProvider(fileName);
- return instance;
- }
-
- /**
- * Constructor for AuthConfigurationProvider.
- * @param fileName
- * @throws ConfigurationException
- */
- public AuthConfigurationProvider(String fileName)
- throws ConfigurationException {
-
- load(fileName);
- }
-
- /**
- * Load the configuration data from XML file with the given name and build
- * the internal data structures representing the MOA ID configuration.
- *
- * @param fileName The name of the XML file to load.
- * @throws ConfigurationException The MOA configuration could not be
- * read/built.
- */
- private void load(String fileName) throws ConfigurationException {
- InputStream stream = null;
- Element configElem;
- ConfigurationBuilder builder;
-
- try {
- // load the main config file
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseXmlValidating(stream);
- } catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- } catch (IOException e) {
- }
- }
- try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
- // build the internal datastructures
- builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
- bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
- bKUSelectable = (bKUConnectionParameter!=null);
- bKUSelectionType = builder.buildAuthBKUSelectionType();
- genericConfiguration = builder.buildGenericConfiguration();
- transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
- transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
- moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
- moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
- moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
- moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
- defaultVerifyInfoboxParameters = null;
- Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
- if (defaultVerifyInfoboxParamtersElem != null) {
- defaultVerifyInfoboxParameters =
- builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
- }
- onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
- identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
-
- } catch (Throwable t) {
- throw new ConfigurationException("config.02", null, t);
- }
- }
-
- /**
- * Loads the <code>transformsInfos</code> from files.
- * @throws Exception on any exception thrown
- */
-// private void loadTransformsInfos() throws Exception {
-//
-// transformsInfos = new String[transformsInfoFileNames.length];
-// for (int i = 0; i < transformsInfoFileNames.length; i++) {
-// String fileURL = transformsInfoFileNames[i];
-//
-// //if fileURL is relative to rootConfigFileDir make it absolute
-// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
-// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
-// transformsInfos[i] = transformsInfo;
-// }
-// }
-
- /**
- * Loads the <code>transformsInfos</code> from files.
- * @throws Exception on any exception thrown
- */
- private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
-
- String[] transformsInfos = new String[transformsInfoFileNames.length];
- for (int i = 0; i < transformsInfoFileNames.length; i++) {
- String fileURL = transformsInfoFileNames[i];
-
- //if fileURL is relative to rootConfigFileDir make it absolute
- fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
- String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
- transformsInfos[i] = transformsInfo;
- }
- return transformsInfos;
- }
- /**
- * Return a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @return String[] of filenames to the Security Layer Transforms Information
- */
- public String[] getTransformsInfoFileNames() {
- return transformsInfoFileNames;
- }
-
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for theauthentication component of the online
- * application
- */
- public OAAuthParameter[] getOnlineApplicationParameters() {
- return onlineApplicationAuthParameters;
- }
-
- /**
- * Provides configuration information regarding the online application behind
- * the given URL, relevant to the MOA-ID Auth component.
- *
- * @param oaURL URL requested for an online application
- * @return an <code>OAAuthParameter</code>, or <code>null</code>
- * if none is applicable
- */
- public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
- OAAuthParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAAuthParameter oaParam = oaParams[i];
- if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
- return oaParam;
- }
- return null;
- }
-
- /**
- * Return a string with a url-reference to the VerifyAuthBlock trust
- * profile id within the moa-sp part of the authentication component
- *
- * @return String with a url-reference to the VerifyAuthBlock trust profile ID
- */
- public String getMoaSpAuthBlockTrustProfileID() {
- return moaSpAuthBlockTrustProfileID;
- }
-
- /**
- * Return a string array with references to all verify transform info
- * IDs within the moa-sp part of the authentication component
- * @return A string array containing all urls to the
- * verify transform info IDs
- */
- public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
- return moaSpAuthBlockVerifyTransformsInfoIDs;
- }
-
- /**
- * Return a ConnectionParameter bean containing all information
- * of the authentication component moa-sp element
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter getMoaSpConnectionParameter() {
- return moaSpConnectionParameter;
- }
-
- /**
- * Return a string with a url-reference to the VerifyIdentityLink trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyIdentityLink trust profile ID
- */
- public String getMoaSpIdentityLinkTrustProfileID() {
- return moaSpIdentityLinkTrustProfileID;
- }
- /**
- * Returns the transformsInfos.
- * @return String[]
- */
- public String[] getTransformsInfos() {
- return transformsInfos;
- }
-
- /**
- * Returns the identityLinkX509SubjectNames.
- * @return List
- */
- public List getIdentityLinkX509SubjectNames() {
- return identityLinkX509SubjectNames;
- }
-
- /**
- * Returns the bKUConnectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getBKUConnectionParameter() {
- return bKUConnectionParameter;
- }
-
- /**
- * Returns the bKUSelectable.
- * @return boolean
- */
- public boolean isBKUSelectable() {
- return bKUSelectable;
- }
-
- /**
- * Returns the bKUSelectionType.
- * @return String
- */
- public String getBKUSelectionType() {
- return bKUSelectionType;
- }
-
- /**
- * Returns the defaultVerifyInfoboxParameters.
- *
- * @return The defaultVerifyInfoboxParameters.
- */
- public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() {
- return defaultVerifyInfoboxParameters;
- }
-
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
deleted file mode 100644
index ba3b61f9d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ /dev/null
@@ -1,268 +0,0 @@
-package at.gv.egovernment.moa.id.config.auth;
-
-import at.gv.egovernment.moa.id.config.OAParameter;
-
-/**
- * Configuration parameters belonging to an online application,
- * to use with the MOA ID Auth component.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-/**
- *
- *
- * @author Harald Bratko
- */
-public class OAAuthParameter extends OAParameter {
- /**
- * Sercurity Layer version
- */
- private String slVersion;
- /**
- * true, if the Security Layer version is version 1.2, otherwise false
- */
- private boolean slVersion12;
- /**
- * identityLinkDomainIdentifier
- * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
- * <br>
- * only used within a business application context for providing it to the
- * security layer as input for wbPK computation
- */
- private String identityLinkDomainIdentifier;
- /**
- * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
- */
- private String keyBoxIdentifier;
- /**
- * transformations for rendering in the secure viewer of the security layer
- * implementation; multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
- /**
- * determines whether "Stammzahl" is to be included in the authentication data
- */
- private boolean provideStammzahl;
- /**
- * determines whether AUTH block is to be included in the authentication data
- */
- private boolean provideAuthBlock;
- /**
- * determines whether identity link is to be included in the authentication data
- */
- private boolean provideIdentityLink;
- /**
- * determines whether the certificate is to be included in the authentication data
- */
- private boolean provideCertificate;
- /**
- * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
- */
- private String bkuSelectionTemplateURL;
- /**
- * template for web page "Anmeldung mit B&uuml;rgerkarte"
- */
- private String templateURL;
- /**
- * Parameters for verifying infoboxes.
- */
- private VerifyInfoboxParameters verifyInfoboxParameters;
-
- /**
- * Returns <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>.
- * @return <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>
- */
- public boolean getSlVersion12() {
- return slVersion12;
- }
-
- /**
- * Returns the security layer version.
- * @return the security layer version.
- */
- public String getSlVersion() {
- return slVersion;
- }
-
- /**
- * Returns the identityLinkDomainIdentifier.
- * @return the identityLinkDomainIdentifier.
- */
- public String getIdentityLinkDomainIdentifier() {
- return identityLinkDomainIdentifier;
- }
-
- /**
- * Returns the transformsInfos.
- * @return the transformsInfos.
- */
- public String[] getTransformsInfos() {
- return transformsInfos;
- }
-
- /**
- * Returns the provideAuthBlock.
- * @return String
- */
- public boolean getProvideAuthBlock() {
- return provideAuthBlock;
- }
-
- /**
- * Returns the provideIdentityLink.
- * @return String
- */
- public boolean getProvideIdentityLink() {
- return provideIdentityLink;
- }
-
- /**
- * Returns the provideStammzahl.
- * @return String
- */
- public boolean getProvideStammzahl() {
- return provideStammzahl;
- }
-
- /**
- * Returns <code>true</code> if the certificate should be provided within the
- * authentication data, otherwise <code>false</code>.
- * @return <code>true</code> if the certificate should be provided,
- * otherwise <code>false</code>
- */
- public boolean getProvideCertifcate() {
- return provideCertificate;
- }
-
- /**
- * Returns the key box identifier.
- * @return String
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
-
- /**
- * Returns the BkuSelectionTemplate url.
- * @return The BkuSelectionTemplate url or <code>null</code> if no url for
- * a BkuSelectionTemplate is set.
- */
- public String getBkuSelectionTemplateURL() {
- return bkuSelectionTemplateURL;
- }
-
- /**
- * Returns the TemplateURL url.
- * @return The TemplateURL url or <code>null</code> if no url for
- * a Template is set.
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
- /**
- * Returns the parameters for verifying additional infoboxes.
- *
- * @return The parameters for verifying additional infoboxes.
- * Maybe <code>null</code>.
- */
- public VerifyInfoboxParameters getVerifyInfoboxParameters() {
- return verifyInfoboxParameters;
- }
-
- /**
- * Sets the security layer version.
- * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
- * to <code>true</code> if the Security Layer version is 1.2.
- * @param slVersion The security layer version to be used.
- */
- public void setSlVersion(String slVersion) {
- this.slVersion = slVersion;
- if ("1.2".equals(slVersion)) {
- this.slVersion12 = true;
- }
- }
- /**
- * Sets the IdentityLinkDomainIdentifier.
- * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
- */
- public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
- this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
- }
- /**
- * Sets the transformsInfos.
- * @param transformsInfos The transformsInfos to be used.
- */
- public void setTransformsInfos(String[] transformsInfos) {
- this.transformsInfos = transformsInfos;
- }
- /**
- * Sets the provideAuthBlock.
- * @param provideAuthBlock The provideAuthBlock to set
- */
- public void setProvideAuthBlock(boolean provideAuthBlock) {
- this.provideAuthBlock = provideAuthBlock;
- }
-
- /**
- * Sets the provideIdentityLink.
- * @param provideIdentityLink The provideIdentityLink to set
- */
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- this.provideIdentityLink = provideIdentityLink;
- }
-
- /**
- * Sets the provideStammzahl.
- * @param provideStammzahl The provideStammzahl to set
- */
- public void setProvideStammzahl(boolean provideStammzahl) {
- this.provideStammzahl = provideStammzahl;
- }
-
- /**
- * Sets the provideCertificate variable.
- * @param provideCertificate The provideCertificate value to set
- */
- public void setProvideCertificate(boolean provideCertificate) {
- this.provideCertificate = provideCertificate;
- }
-
- /**
- * Sets the key box identifier.
- * @param keyBoxIdentifier to set
- */
- public void setKeyBoxIdentier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
-
- /**
- * Sets the BkuSelectionTemplate url.
- * @param bkuSelectionTemplateURL The url string specifying the location
- * of a BkuSelectionTemplate.
- */
- public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
- this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
- }
-
- /**
- * Sets the Template url.
- * @param templateURL The url string specifying the location
- * of a Template.
- */
- public void setTemplateURL(String templateURL) {
- this.templateURL = templateURL;
- }
-
- /**
- * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
- *
- * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
- */
- public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
- this.verifyInfoboxParameters = verifyInfoboxParameters;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
deleted file mode 100644
index fbd42f975..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
+++ /dev/null
@@ -1,360 +0,0 @@
-package at.gv.egovernment.moa.id.config.auth;
-
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.Schema;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * This class is a container for parameters that maybe needed for verifying an infobox.
- *
- * @author Harald Bratko
- */
-public class VerifyInfoboxParameter {
-
- /**
- * The default package name (first part) of a infobox validator class.
- */
- public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator.";
-
- /**
- * The identifier of the infobox to be verified. This identifier must exactly the
- * identifier of the infobox returned by BKU.
- */
- protected String identifier_;
-
- /**
- * The friendly name of the infobox.
- * This name is used within browser messages, thus it should be the german equivalent of
- * the {@link #identifier_ infobox identifier} (e.g. &quot;<code>Stellvertretungen</code>&quot;
- * for &quot;<code>Mandates</code>&quot; or &quot;<code>GDAToken</code>&quot; for
- * &quot;<code>EHSPToken</code>&quot;.
- * <br>If not specified within the config file the {@link #identifier_ infobox identifier}
- * will be used.
- */
- protected String friendlyName_;
-
- /**
- * The Id of the TrustProfile to be used for validating certificates.
- */
- protected String trustProfileID_;
-
- /**
- * The full name of the class to be used for verifying the infobox.
- */
- protected String validatorClassName_;
-
- /**
- * Schema location URIs that may be needed by the
- * validator to parse infobox tokens.
- * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
- * specifying the location of an XML schema.
- */
- protected List schemaLocations_;
-
- /**
- * Application specific parameters that may be needed for verifying an infobox.
- */
- protected Element applicationSpecificParams_;
-
- /**
- * Specifies if the infobox is be required to be returned by the BKU.
- */
- protected boolean required_;
-
- /**
- * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
- * application or not.
- */
- protected boolean provideStammzahl_;
-
- /**
- * Specifies whether the <code>identity link</code> should be passed to the verifying
- * application or not.
- */
- protected boolean provideIdentityLink_;
-
- /**
- * Initializes this VerifiyInfoboxParamater with the given identifier and a default
- * validator class name.
- *
- * @param identifier The identifier of the infobox to be verified.
- */
- public VerifyInfoboxParameter(String identifier) {
- identifier_ = identifier;
- StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK);
- sb.append(identifier.toLowerCase());
- sb.append(".");
- sb.append(identifier.substring(0, 1).toUpperCase());
- sb.append(identifier.substring(1));
- sb.append("Validator");
- validatorClassName_ = sb.toString();
- }
-
- /**
- * Returns application specific parameters.
- * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_}
- *
- * @see #applicationSpecificParams_
- *
- * @return Application specific parameters.
- */
- public Element getApplicationSpecificParams() {
- return applicationSpecificParams_;
- }
-
- /**
- * Sets the application specific parameters.
- *
- * @see #applicationSpecificParams_
- *
- * @param applicationSpecificParams The application specific parameters to set.
- */
- public void setApplicationSpecificParams(Element applicationSpecificParams) {
- applicationSpecificParams_ = applicationSpecificParams;
- }
-
- /**
- * Returns the friendly name.
- *
- * @see #friendlyName_
- *
- * @return The friendly name.
- */
- public String getFriendlyName() {
- return friendlyName_;
- }
-
- /**
- * Sets the friendly name.
- *
- * @param friendlyName The friendly name to set.
- */
- public void setFriendlyName(String friendlyName) {
- friendlyName_ = friendlyName;
- }
-
- /**
- * Returns the infobox identifier.
- *
- * @see #identifier_
- *
- * @return The infobox identifier.
- */
- public String getIdentifier() {
- return identifier_;
- }
-
- /**
- * Sets the the infobox identifier.
- *
- * @see #identifier_
- *
- * @param identifier The infobox identifier to set.
- */
- public void setIdentifier(String identifier) {
- identifier_ = identifier;
- }
-
- /**
- * Specifies whether the identity link should be passed to the verifying application
- * or not.
- *
- * @return <code>True</code> if the identity link should be passed to the verifying
- * application, otherwise <code>false</code>.
- */
- public boolean getProvideIdentityLink() {
- return provideIdentityLink_;
- }
-
- /**
- * Sets the {@link #provideIdentityLink_} parameter.
- *
- * @param provideIdentityLink <code>True</code> if the identity link should be passed to
- * the verifying application, otherwise <code>false</code>.
- */
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- provideIdentityLink_ = provideIdentityLink;
- }
-
- /**
- * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
- * application or not.
- *
- * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the
- * verifying application, otherwise <code>false</code>.
- */
- public boolean getProvideStammzahl() {
- return provideStammzahl_;
- }
-
- /**
- * Sets the {@link #provideStammzahl_} parameter.
- *
- * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be
- * passed to the verifying application, otherwise <code>false</code>.
- */
- public void setProvideStammzahl(boolean provideStammzahl) {
- provideStammzahl_ = provideStammzahl;
- }
-
- /**
- * Specifies whether the infobox is required or not.
- *
- * @return <code>True</code> if the infobox is required to be returned by the BKU,
- * otherwise <code>false</code>.
- */
- public boolean isRequired() {
- return required_;
- }
-
- /**
- * Sets the {@link #required_} parameter.
- *
- * @param required <code>True</code> if the infobox is required to be returned by the
- * BKU, otherwise <code>false</code>.
- */
- public void setRequired(boolean required) {
- required_ = required;
- }
-
- /**
- * Schema location URIs that may be needed by the
- * validator to parse infobox tokens.
- * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
- * specifying the location of an XML schema.
- *
- * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects
- * each of them specifying the location of an XML schema.
- */
- public List getSchemaLocations() {
- return schemaLocations_;
- }
-
- /**
- * Sets the schema locations.
- *
- * @see #schemaLocations_
- *
- * @param schemaLocations The schema location list to be set.
- */
- public void setSchemaLocations(List schemaLocations) {
- schemaLocations_ = schemaLocations;
- }
-
- /**
- * Returns the ID of the trust profile to be used for verifying certificates.
- *
- * @return The ID of the trust profile to be used for verifying certificates.
- * Maybe <code>null</code>.
- */
- public String getTrustProfileID() {
- return trustProfileID_;
- }
-
- /**
- * Sets the ID of the trust profile to be used for verifying certificates.
- *
- * @param trustProfileID The ID of the trust profile to be used for verifying certificates.
- */
- public void setTrustProfileID(String trustProfileID) {
- trustProfileID_ = trustProfileID;
- }
-
- /**
- * Returns the name of the class to be used for verifying this infobox.
- *
- * @return The name of the class to be used for verifying this infobox.
- */
- public String getValidatorClassName() {
- return validatorClassName_;
- }
-
- /**
- * Sets the name of the class to be used for verifying this infobox.
- *
- * @param validatorClassName The name of the class to be used for verifying this infobox.
- */
- public void setValidatorClassName(String validatorClassName) {
- validatorClassName_ = validatorClassName;
- }
-
- /**
- * Get a string representation of this object.
- * This method is for debugging purposes only.
- *
- * @return A string representation of this object.
- */
- public String toString() {
-
- StringBuffer buffer = new StringBuffer(1024);
-
- buffer.append(" <Infobox Identifier=\"");
- buffer.append(identifier_);
- buffer.append("\" required=\"");
- buffer.append(required_);
- buffer.append("\" provideStammzahl=\"");
- buffer.append(provideStammzahl_);
- buffer.append("\" provideIdentityLink=\"");
- buffer.append(provideIdentityLink_);
- buffer.append("\">");
- buffer.append("\n");
- if (friendlyName_ != null) {
- buffer.append(" <FriendlyName>");
- buffer.append(friendlyName_);
- buffer.append("</FriendlyName>");
- buffer.append("\n");
- }
- if (trustProfileID_ != null) {
- buffer.append(" <TrustProfileID>");
- buffer.append(trustProfileID_);
- buffer.append("</TrustProfileID>");
- buffer.append("\n");
- }
- if (validatorClassName_ != null) {
- buffer.append(" <ValidatorClass>");
- buffer.append(validatorClassName_);
- buffer.append("</ValidatorClass>");
- buffer.append("\n");
- }
- if (schemaLocations_ != null) {
- buffer.append(" <SchemaLocations>");
- buffer.append("\n");
- Iterator it = schemaLocations_.iterator();
- while (it.hasNext()) {
- buffer.append(" <Schema namespace=\"");
- Schema schema = (Schema)it.next();
- buffer.append(schema.getNamespace());
- buffer.append("\" schemaLocation=\"");
- buffer.append(schema.getSchemaLocation());
- buffer.append("\"/>\n");
- }
- buffer.append(" </SchemaLocations>");
- buffer.append("\n");
- }
- if (applicationSpecificParams_ != null) {
- try {
- String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_);
- buffer.append(" ");
- buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams));
- buffer.append("\n");
- } catch (TransformerException e) {
- // do nothing
- } catch (IOException e) {
- // do nothing
- }
- }
- buffer.append(" </Infobox>");
-
-
- return buffer.toString() ;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
deleted file mode 100644
index 15c0c328c..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package at.gv.egovernment.moa.id.config.auth;
-
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-/**
- * This class contains the parameters for verifying all the infoboxes configured for an
- * online application.
- *
- * @author Harald Bratko
- */
-public class VerifyInfoboxParameters {
-
- /**
- * A map of {@link VerifyInfoboxParameter} objects.
- * Each of these objects contains parameters that maybe needed for validating an
- * infobox.
- */
- protected Map infoboxParameters_;
-
- /**
- * A list of the identifiers of the infoboxes supported by this
- * VerifyInfoboxParameters;
- */
- protected List identifiers_;
-
- /**
- * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate
- * in the context of the actual online application.
- * The string will be added as value of the <code>PushInfobox</code> parameter in the
- * HTML form used for reading the infoboxes from the BKU.
- */
- protected String pushInfobox_;
-
- /**
- * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_}
- * map.
- */
- public VerifyInfoboxParameters() {
- infoboxParameters_ = new Hashtable();
- pushInfobox_ = "";
- }
-
- /**
- * Initializes this VerifyInfoboxParameters with the given
- * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string
- * from the keys of the given map.
- */
- public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) {
- identifiers_ = identifiers;
- infoboxParameters_ = infoboxParameters;
- // build the pushInfobox string
- if ((identifiers != null) && (!identifiers.isEmpty())) {
- StringBuffer identifiersSB = new StringBuffer();
- int identifiersNum = identifiers.size();
- int i = 1;
- Iterator it = identifiers.iterator();
- while (it.hasNext()) {
- identifiersSB.append((String)it.next());
- if (i != identifiersNum) {
- identifiersSB.append(",");
- }
- i++;
- }
- pushInfobox_ = identifiersSB.toString();
- } else {
- pushInfobox_ = "";
- }
- }
-
- /**
- * Returns the (comma separated) identifiers of the infoboxes configured for the actual
- * online application.
- *
- * @see #pushInfobox_
- *
- * @return The (comma separated) identifiers of the infoboxes configured for the actual
- * online application.
- */
- public String getPushInfobox() {
- return pushInfobox_;
- }
-
- /**
- * Sets the {@link #pushInfobox_} string.
- *
- * @param pushInfobox The pushInfobox string to be set.
- */
- public void setPushInfobox(String pushInfobox) {
- pushInfobox_ = pushInfobox;
- }
-
- /**
- * Returns map of {@link VerifyInfoboxParameter} objects.
- * Each of these objects contains parameters that maybe needed for validating an
- * infobox.
- *
- * @return The map of {@link VerifyInfoboxParameter} objects.
- */
- public Map getInfoboxParameters() {
- return infoboxParameters_;
- }
-
- /**
- * Sets the map of {@link VerifyInfoboxParameter} objects.
- *
- * @see #infoboxParameters_
- *
- * @param infoboxParameters The infoboxParameters to set.
- */
- public void setInfoboxParameters(Map infoboxParameters) {
- infoboxParameters_ = infoboxParameters;
- }
-
- /**
- * Returns the identifiers of the supported infoboxes.
- *
- * @return The identifiers.
- */
- public List getIdentifiers() {
- return identifiers_;
- }
-
- /**
- * Sets the identifiers.
- *
- * @param identifiers The identifiers to set.
- */
- public void setIdentifiers(List identifiers) {
- identifiers_ = identifiers;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
deleted file mode 100644
index d25cb3b2b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
+++ /dev/null
@@ -1,173 +0,0 @@
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
- * These include the login type (stateful or stateless), the HTTP authentication type,
- * and information needed to add authentication parameters or headers for a URL connection
- * to the remote online application.
- * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code>
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class OAConfiguration {
-
- /** Constant for an login method */
- public static final String LOGINTYPE_STATEFUL = "stateful";
- /** Constant for an login method */
- public static final String LOGINTYPE_STATELESS = "stateless";
-
- /** Constant for an auth method */
- public static final String BASIC_AUTH = "basic";
- /** Constant for an auth method */
- public static final String HEADER_AUTH = "header";
- /** Constant for an auth method */
- public static final String PARAM_AUTH = "param";
-
-
- /** Constant for binding */
- public static final String BINDUNG_USERNAME = "userName";
- /** Constant for binding */
- public static final String BINDUNG_FULL = "full";
- /** Constant for binding */
- public static final String BINDUNG_NONE = "none";
- /** Constant for binding */
- public static final String BINDUNG_NOMATCH = "noMatch";
-
- /** login type: stateful or stateless */
- String loginType;
- /** authentication type: basic, header, or param */
- String authType;
- /**
- * mapping of parameter names to AuthenticationData field names
- * in case of authentication type <code>"header-auth"</code>
- */
- Map paramAuthMapping;
- /**
- * mapping of parameter names to AuthenticationData field names
- * in case of authentication type <code>"param-auth"</code>
- */
- Map headerAuthMapping;
- /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */
- String basicAuthUserIDMapping;
- /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */
- String basicAuthPasswordMapping;
- /** Binding for basic authentication */
- String binding;
-
- /**
- * Returns the basicAuthPasswordMapping.
- * @return String
- */
- public String getBasicAuthPasswordMapping() {
- return basicAuthPasswordMapping;
- }
-
- /**
- * Returns the basicAuthUserIDMapping.
- * @return String
- */
- public String getBasicAuthUserIDMapping() {
- return basicAuthUserIDMapping;
- }
-
- /**
- * Returns the headerAuthMapping.
- * @return HashMap
- */
- public Map getHeaderAuthMapping() {
- return headerAuthMapping;
- }
-
- /**
- * Returns the loginType.
- * @return String
- */
- public String getLoginType() {
- return loginType;
- }
-
- /**
- * Returns the paramAuthMapping.
- * @return HashMap
- */
- public Map getParamAuthMapping() {
- return paramAuthMapping;
- }
-
- /**
- * Returns the binding.
- * @return String
- */
- public String getBinding() {
- return binding;
- }
-
- /**
- * Sets the basicAuthPasswordMapping.
- * @param basicAuthPassword The basicAuthPasswordMapping to set
- */
- public void setBasicAuthPasswordMapping(String basicAuthPassword) {
- this.basicAuthPasswordMapping = basicAuthPassword;
- }
-
- /**
- * Sets the basicAuthUserIDMapping.
- * @param basicAuthUserID The basicAuthUserIDMapping to set
- */
- public void setBasicAuthUserIDMapping(String basicAuthUserID) {
- this.basicAuthUserIDMapping = basicAuthUserID;
- }
-
- /**
- * Sets the headerAuthMapping.
- * @param headerAuth The headerAuthMapping to set
- */
- public void setHeaderAuthMapping(HashMap headerAuth) {
- this.headerAuthMapping = headerAuth;
- }
-
- /**
- * Sets the loginType.
- * @param loginType The loginType to set
- */
- public void setLoginType(String loginType) {
- this.loginType = loginType;
- }
-
- /**
- * Sets the paramAuthMapping.
- * @param paramAuth The paramAuthMapping to set
- */
- public void setParamAuthMapping(HashMap paramAuth) {
- this.paramAuthMapping = paramAuth;
- }
-
- /**
- * Returns the authType.
- * @return String
- */
- public String getAuthType() {
- return authType;
- }
-
- /**
- * Sets the authType.
- * @param authLoginType The authType to set
- */
- public void setAuthType(String authLoginType) {
- this.authType = authLoginType;
- }
-
- /**
- * Sets the binding.
- * @param binding The binding to be set.
- */
- public void setBinding (String binding) {
- this.binding = binding;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
deleted file mode 100644
index 83ab73dcd..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ /dev/null
@@ -1,184 +0,0 @@
-package at.gv.egovernment.moa.id.config.proxy;
-
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.OAParameter;
-
-/**
- * Configuration parameters belonging to an online application,
- * to use with the MOA ID Proxy component.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class OAProxyParameter extends OAParameter {
-
-// /**
-// * public URL prefix of the online application
-// */
-// private String publicURLPrefix;
- /**
- * URL of online application configuration file;
- * defaults to relative URL <code>/moaconfig.xml</code>
- */
- private String configFileURL;
- /**
- * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface
- * to be used for authenticating the online application;
- * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver}
- */
- private String loginParameterResolverImpl;
-
- /**
- * Configuration Parameter of LoginParameterResolver
- */
- private String loginParameterResolverConfiguration;
-
- /**
- * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface
- * to be used for connecting to the online application;
- * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder}
- */
- private String connectionBuilderImpl;
- /**
- * session time out to be used in case of a stateless online application
- */
- private int sessionTimeOut;
- /**
- * parameters regarding the connection from the proxy to the online application
- */
- private ConnectionParameter connectionParameter;
- /**
- * parameters for logging into the online application
- */
- private OAConfiguration oaConfiguration;
-
-
- /**
- * Returns the configFileURL.
- * @return String
- */
- public String getConfigFileURL() {
- return configFileURL;
- }
-
- /**
- * Returns the sessionTimeOut.
- * @return int
- */
- public int getSessionTimeOut() {
- return sessionTimeOut;
- }
-
- /**
- * Returns the connectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getConnectionParameter() {
- return connectionParameter;
- }
-
- /**
- * Sets the configFileURL for the proxy.
- * @param oaProxyConfigFileURL The configFileURL to set
- */
- public void setConfigFileURL(String oaProxyConfigFileURL) {
- this.configFileURL = oaProxyConfigFileURL;
- }
-
- /**
- * Sets the sessionTimeOut for the proxy.
- * @param oaProxySessionTimeOut The sessionTimeOut to set
- */
- public void setSessionTimeOut(int oaProxySessionTimeOut) {
- this.sessionTimeOut = oaProxySessionTimeOut;
- }
-
- /**
- * Sets the connectionParameter for the proxy.
- * @param proxyConnectionParameter The connectionParameter to set
- */
- public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) {
- this.connectionParameter = proxyConnectionParameter;
- }
-
-// /**
-// * Returns the publicURLPrefix.
-// * @return String
-// */
-// public String getPublicURLPrefix() {
-// return publicURLPrefix;
-// }
-//
-// /**
-// * Sets the publicURLPrefix.
-// * @param publicURLPrefix The publicURLPrefix to set
-// */
-// public void setPublicURLPrefix(String url) {
-// this.publicURLPrefix = url;
-// }
-
- /**
- * Returns the connectionBuilderImpl.
- * @return String
- */
- public String getConnectionBuilderImpl() {
- return connectionBuilderImpl;
- }
-
- /**
- * Returns the loginParameterResolverImpl.
- * @return String
- */
- public String getLoginParameterResolverImpl() {
- return loginParameterResolverImpl;
- }
-
- /**
- * Returns the loginParameterResolverConfiguration.
- * @return String
- */
- public String getLoginParameterResolverConfiguration() {
- return loginParameterResolverConfiguration;
- }
-
- /**
- * Sets the connectionBuilderImpl for the proxy.
- * @param connectionBuilderImpl The connectionBuilderImpl to set
- */
- public void setConnectionBuilderImpl(String connectionBuilderImpl) {
- this.connectionBuilderImpl = connectionBuilderImpl;
- }
-
- /**
- * Sets the loginParameterResolverImpl for the proxy.
- * @param loginParameterResolverImpl The loginParameterResolverImpl to set
- */
- public void setLoginParameterResolverImpl(String loginParameterResolverImpl) {
- this.loginParameterResolverImpl = loginParameterResolverImpl;
- }
-
- /**
- * Sets the loginParameterResolverConfiguration for the proxy.
- * @param loginParameterResolverConfiguration The loginParameterResolverImpl to set
- */
- public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) {
- this.loginParameterResolverConfiguration = loginParameterResolverConfiguration;
- }
-
- /**
- * Returns the oaConfiguration.
- * @return OAConfiguration
- */
- public OAConfiguration getOaConfiguration() {
- return oaConfiguration;
- }
-
- /**
- * Sets the oaConfiguration.
- * @param oaConfiguration The oaConfiguration to set
- */
- public void setOaConfiguration(OAConfiguration oaConfiguration) {
- this.oaConfiguration = oaConfiguration;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
deleted file mode 100644
index f578ea634..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ /dev/null
@@ -1,268 +0,0 @@
-// Copyright (C) 2002 IAIK
-// http://jce.iaik.tugraz.at
-//
-// Copyright (C) 2007 Stiftung Secure Information and
-// Communication Technologies SIC
-// http://www.sic.st
-//
-// All rights reserved.
-//
-// This source is provided for inspection purposes and recompilation only,
-// unless specified differently in a contract with IAIK. This source has to
-// be kept in strict confidence and must not be disclosed to any third party
-// under any circumstances. Redistribution in source and binary forms, with
-// or without modification, are <not> permitted in any case!
-//
-// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-// SUCH DAMAGE.
-
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.io.ByteArrayInputStream;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Builds the configuration for MOA-ID Proxy.
- */
-public class ProxyConfigurationBuilder extends ConfigurationBuilder {
-
- /**
- * Default online application configuration file name
- * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>).
- */
- public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
-
- /** an XPATH-Expression */
- private static final String PROXY_AUTH_XPATH =
- ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
- /** an XPATH-Expression */
- protected static final String ROOTOA = "/" + CONF + "Configuration/";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
- /** an XPATH-Expression */
- private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
- /** an XPATH-Expression */
- private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
- /** an XPATH-Expression */
- protected static final String OACONF_LOGIN_TYPE_XPATH =
- ROOTOA + CONF + "LoginType";
- /** an XPATH-Expression */
- protected static final String OACONF_BINDING_TYPE_XPATH =
- ROOTOA + CONF + "Binding";
- /** an XPATH-Expression */
- protected static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
- ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
- /** an XPATH-Expression */
- protected static final String OACONF_USER_ID_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
- /** an XPATH-Expression */
- protected static final String OACONF_PASSWORD_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
- /** an XPATH-Expression */
- protected static final String OACONF_HEADER_AUTH_HEADER_XPATH =
- ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
-
- /**
- * Creates a new <code>MOAConfigurationProvider</code>.
- *
- * @param configElem The root element of the MOA-ID configuration.
- */
- public ProxyConfigurationBuilder(Element configElem, String rootConfigDir) {
- super(configElem, rootConfigDir);
- }
-
- /**
- * Method buildOAConfiguration.
- *
- * Build an {@link OAConfiguration} Object from the given configuration DOM element
- *
- * @param root
- * @return OAConfiguration
- * @throws ConfigurationException
- */
- public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
-
- OAConfiguration oaConfiguration = new OAConfiguration();
-
- //The LoginType hast to be "stateless" or "stateful" to be valid
-
- oaConfiguration.setLoginType(
- XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
-
- oaConfiguration.setBinding(
- XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator paramAuthIter =
- XPathUtils.selectNodeIterator(
- root,
- OACONF_PARAM_AUTH_PARAMETER_XPATH);
- Element paramAuthElem;
- HashMap paramAuthMap = new HashMap();
- while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
- String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
- String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
- if (paramAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- paramAuthMap.put(name, value);
- }
- oaConfiguration.setParamAuthMapping(paramAuthMap);
- // Try to build the BasicAuthParameters
- oaConfiguration.setBasicAuthUserIDMapping(
- XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
- oaConfiguration.setBasicAuthPasswordMapping(
- XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
-
- Element headerAuthElem;
- HashMap headerAuthMap = new HashMap();
- while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
- String name =
- XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
- String value =
- XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
- // Contains Key (Neue Config-Exception: doppelte werte)
- if (headerAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- headerAuthMap.put(name, value);
- }
- oaConfiguration.setHeaderAuthMapping(headerAuthMap);
-
- if (paramAuthMap.size() == 0) {
- if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
- oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
-
- return oaConfiguration;
- }
-
-
- /**
- * Build an array of OnlineApplication Parameter Beans containing information
- * about the proxy component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the proxy component of the online
- * application
- */
- public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
-
- List oA_list = new ArrayList();
- NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
-
- for (int i = 0; i < OAIter.getLength(); i++) {
- Element oAElem = (Element) OAIter.item(i);
-
- Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
- if (proxyComponentElem != null) {
- OAProxyParameter oap = new OAProxyParameter();
-
- oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
- oap.setOaType(oAElem.getAttribute("type"));
- oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
- oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_));
- // default session time out: 3600 sec = 1 h
- oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
- oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
- oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
- oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_));
- oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
-
- ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
- oap.setConnectionParameter(conPara);
-
- OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
- oap.setOaConfiguration(oaConf);
-
- oA_list.add(oap);
- }
- }
- OAProxyParameter[] result =
- new OAProxyParameter[oA_list.size()];
- oA_list.toArray(result);
-
- return result;
-
- }
-
- /**
- * Reads the configuration file of the online application, and creates a DOM tree from it.
- * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given,
- * uses default configuration file location.
- *
- * @param oap configuration data of online application, meant for use by MOA-ID-PROXY
- * @return Element DOM tree root element
- * @throws ConfigurationException on any exception thrown
- */
- private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
- {
- try {
- String configFileURL = oap.getConfigFileURL();
- if (configFileURL == null) {
- // use default config file URL, when config file URL is not given
- configFileURL = oap.getConnectionParameter().getUrl();
- if (configFileURL.charAt(configFileURL.length() - 1) != '/')
- configFileURL += "/";
- configFileURL += DEFAULT_OA_CONFIG_FILENAME;
- }
- Logger.info("Loading MOA-OA configuration " + configFileURL);
- Element configElem = DOMUtils.parseXmlValidating(
- new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
- return configElem;
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
- }
- }
-
- /**
- * Build a bean containing all information about the ProxyComponent
- * @return The ConnectionParameter for the Proxy Component
- */
- public ConnectionParameter buildAuthComponentConnectionParameter()
- {
-
- Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH);
- if (connectionParameter==null) return null;
- return buildConnectionParameter(connectionParameter);
-
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
deleted file mode 100644
index 572ce5708..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ /dev/null
@@ -1,188 +0,0 @@
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.MalformedURLException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * A class providing access to the Proxy Part of the MOA-ID configuration data.
- *
- * <p>Configuration data is read from an XML file, whose location is given by
- * the <code>moa.id.configuration</code> system property.</p>
- * <p>This class implements the Singleton pattern. The <code>reload()</code>
- * method can be used to update the configuration data. Therefore, it is not
- * guaranteed that consecutive calls to <code>getInstance()</code> will return
- * the same <code>ProxyConfigurationProvider</code> all the time. During the
- * processing of a web service request, the current
- * <code>TransactionContext</code> should be used to obtain the
- * <code>ProxyConfigurationProvider</code> local to that request.</p>
- *
- * @author Stefan Knirsch
- */
-public class ProxyConfigurationProvider extends ConfigurationProvider {
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static ProxyConfigurationProvider instance;
-
-
- //
- // configuration data
- //
- /**
- * connection parameters for connection to MOA ID Auth component
- */
- private ConnectionParameter authComponentConnectionParameter;
- /**
- * configuration parameters for online applications
- */
- private OAProxyParameter[] onlineApplicationProxyParameter;
-
- /**
- * Return the single instance of configuration data.
- *
- * @return ProxyConfigurationProvider The current configuration data.
- * @throws ConfigurationException
- */
- public static synchronized ProxyConfigurationProvider getInstance()
- throws ConfigurationException {
-
- if (instance == null) {
- reload();
- }
- return instance;
- }
-
- /**
- * Reload the configuration data and set it if successful.
- *
- * @return ProxyConfigurationProvider The loaded configuration data.
- * @throws ConfigurationException Failure to load the configuration data.
- */
- public static synchronized ProxyConfigurationProvider reload()
- throws ConfigurationException {
- String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
- if (fileName == null) {
- throw new ConfigurationException("config.01", null);
- }
- Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
-
- instance = new ProxyConfigurationProvider(fileName);
- return instance;
- }
-
- /**
- * Constructor for ProxyConfigurationProvider.
- */
- public ProxyConfigurationProvider(String fileName)
- throws ConfigurationException {
-
- load(fileName);
- }
-
- /**
- * Load the configuration data from XML file with the given name and build
- * the internal data structures representing the MOA configuration.
- *
- * @param fileName The name of the XML file to load.
- * @throws ConfigurationException The MOA configuration could not be
- * read/built.
- */
- private void load(String fileName) throws ConfigurationException {
- FileInputStream stream = null;
- Element configElem;
- ProxyConfigurationBuilder builder;
-
- try {
- // load the main config file
- stream = new FileInputStream(fileName);
- configElem = DOMUtils.parseXmlValidating(stream);
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- }
- catch (IOException e) {
- }
- }
- try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
- // build the internal datastructures
- builder = new ProxyConfigurationBuilder(configElem, rootConfigFileDir);
- authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
-
- onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
- for(int i = 0; i < onlineApplicationProxyParameter.length; i++) {
- onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir));
- }
-
- genericConfiguration = builder.buildGenericConfiguration();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
-
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.02", null, t);
- }
- }
-
- /**
- * Return a bean containing all information about the ProxyComponent
- * @return The ConnectionParameter for the Proxy Component
- */
- public ConnectionParameter getAuthComponentConnectionParameter() {
- return authComponentConnectionParameter;
- }
-
- /**
- * Build an array of OnlineApplication Parameter Beans containing all
- * information about the proxy component of the online application
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the proxy component of the online
- * application
- */
- public OAProxyParameter[] getOnlineApplicationParameters() {
- return onlineApplicationProxyParameter;
- }
- /**
- * Provides configuration information regarding the online application behind
- * the given URL, relevant to the MOA-ID Proxy component.
- *
- * @param oaURL URL requested for an online application
- * @return an <code>OAProxyParameter</code>, or <code>null</code>
- * if none is applicable
- */
- public OAProxyParameter getOnlineApplicationParameter(String oaURL) {
- OAProxyParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAProxyParameter oaParam = oaParams[i];
- if (oaURL.startsWith(oaParam.getPublicURLPrefix()))
- return oaParam;
- }
- return null;
- }
-
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
deleted file mode 100644
index 4fc35c1e6..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ /dev/null
@@ -1,394 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Date;
-
-/**
- * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-
-public class AuthenticationData {
- /**
- * major version number of the SAML assertion
- */
- private int majorVersion;
- /**
- * minor version number of the SAML assertion
- */
- private int minorVersion;
- /**
- * identifier for this assertion
- */
- private String assertionID;
- /**
- * URL of the MOA-ID Auth component issueing this assertion
- */
- private String issuer;
- /**
- * time instant of issue of this assertion
- */
- private String issueInstant;
- /**
- * user identification value (Stammzahl); <code>null</code>,
- * if the authentication module is configured not to return this data
- */
- private String identificationValue;
- /**
- * user identification type
- */
- private String identificationType;
- /**
- * application specific user identifier (bPK)
- */
- private String bPK;
- /**
- * private sector-specific personal identifier (wbPK)
- */
- private String wbPK;
- /**
- * given name of the user
- */
- private String givenName;
- /**
- * family name of the user
- */
- private String familyName;
- /**
- * date of birth of the user
- */
- private String dateOfBirth;
- /**
- * says whether the certificate is a qualified certificate or not
- */
- private boolean qualifiedCertificate;
- /**
- * says whether the certificate is a public authority or not
- */
- private boolean publicAuthority;
- /**
- * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
- */
- private String publicAuthorityCode;
- /**
- * The base64 encoded signer certificate.
- */
- private String signerCertificate;
- /**
- * URL of the BKU
- */
- private String bkuURL;
- /**
- * the corresponding <code>lt;saml:Assertion&gt;</code>
- */
- private String samlAssertion;
- /**
- * creation timestamp
- */
- Date timestamp;
-
- /**
- * Constructor for AuthenticationData.
- */
- public AuthenticationData() {
- timestamp = new Date();
- }
-
- /**
- * Returns the minorVersion.
- * @return int
- */
- public int getMinorVersion() {
- return minorVersion;
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return String
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the bPK.
- * @return String
- */
- public String getBPK() {
- return bPK;
- }
-
- /**
- * Returns the wbPK.
- * @return String the wbPK.
- */
- public String getWBPK() {
- return wbPK;
- }
-
- /**
- * Sets the minorVersion.
- * @param minorVersion The minorVersion to set
- */
- public void setMinorVersion(int minorVersion) {
- this.minorVersion = minorVersion;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityIdentification The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityIdentification) {
- this.publicAuthorityCode = publicAuthorityIdentification;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the bPK.
- * @param bPK The bPK to set
- */
- public void setBPK(String bPK) {
- this.bPK = bPK;
- }
-
- /**
- * Sets the wbPK.
- * @param wbPK The wbPK to set
- */
- public void setWBPK(String wbPK) {
- this.wbPK = wbPK;
- }
-
- /**
- * Returns the assertionID.
- * @return String
- */
- public String getAssertionID() {
- return assertionID;
- }
-
- /**
- * Returns the dateOfBirth.
- * @return String
- */
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Returns the identificationValue.
- * @return String
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Returns the identificationType
- * @return String
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Returns the issueInstant.
- * @return String
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Returns the issuer.
- * @return String
- */
- public String getIssuer() {
- return issuer;
- }
-
- /**
- * Returns the majorVersion.
- * @return int
- */
- public int getMajorVersion() {
- return majorVersion;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Returns the signer certificate.
- * @return String
- */
- public String getSignerCertificate() {
- return signerCertificate;
- }
-
- /**
- * Sets the assertionID.
- * @param assertionID The assertionID to set
- */
- public void setAssertionID(String assertionID) {
- this.assertionID = assertionID;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the identificationType.
- * @param identificationType The identificationType to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Sets the issueInstant.
- * @param issueInstant The issueInstant to set
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
- /**
- * Sets the issuer.
- * @param issuer The issuer to set
- */
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
-
- /**
- * Sets the majorVersion.
- * @param majorVersion The majorVersion to set
- */
- public void setMajorVersion(int majorVersion) {
- this.majorVersion = majorVersion;
- }
-
- /**
- * Sets the bkuURL
- * @param url The BKU URL to set
- */
- public void setBkuURL(String url) {
- this.bkuURL = url;
- }
-
- /**
- * Sets the signer certificate
- * @param signerCertificate The signer certificate
- */
- public void setSignerCertificate(String signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
- /**
- * Returns the samlAssertion.
- * @return String
- */
- public String getSamlAssertion() {
- return samlAssertion;
- }
-
- /**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(String samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Returns the timestamp.
- * @return Date
- */
- public Date getTimestamp() {
- return timestamp;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java b/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java
deleted file mode 100644
index 6ed133c5a..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.StringTokenizer;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * The Cookie-class provides methods to save and return cookies for
- * each single session
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class Cookie {
- /** A HahsMap containing all our cookies */
- HashMap cookies = new HashMap();
- /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication
- * to send them back to the client/browser as soon as possible */
- HashMap cookies401 = new HashMap();
-
- /**
- * Adds a Cookie from a response with response-code 401 to the cookie-pool
- * for sending it back to the browser / client
- * @param cookieString The complete 'Set-Cookie' - String
- */
- public void add401(String cookieString)
- {
- cookies401.put(getKey(cookieString),cookieString);
- }
-
- /**
- * Get the HashMap containing all cookies to be sent to the browser / client
- * @return HashMap with all cookies
- */
- public HashMap get401()
- {
- return cookies401;
- }
-
- /**
- * Clear the 401 cookie-pool
- */
- public void clear401()
- {
- cookies401.clear();
- }
-
- /**
- * Set a cookie that comes from the Online-Application
- * and save it in our "normal" cookie-pool
- * @param value The complete "Set-Cookie" - String from the Online-Application
- */
- public void setCookie(String value) {
- cookies.put(getKey(value), getValue(value));
- }
-
- /**
- * Method saveOldCookies.
- * @param value The complete "Set-Cookie" - String from the Online-Application
- */
- public void saveOldCookies(String value) {
- StringTokenizer st = new StringTokenizer(value,";");
- while (st.hasMoreTokens())
- {
- // We have to trim because the Tokenizer returns cookies including spaces at the beginning
- StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"=");
- String cookieKey = st2.nextToken().trim();
- if (st2.hasMoreTokens())
- {
- String cookieValue = st2.nextToken().trim();
- if (!cookies.containsKey(cookieKey))
- cookies.put(cookieKey , cookieValue);
- }
- }
- Logger.debug("Found these cookies: " + getCookies());
- }
-
- /**
- * Get a String containing all cookies saved in that session seperated by '; '
- * to be sent back to the Online-Application
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookies() {
- String result = "";
- if (cookies.size()==0)
- return null;
- Iterator i = cookies.keySet().iterator();
- while (i.hasNext()) {
- String key = (String) i.next();
- result += key + "=" + (String)cookies.get(key) + "; ";
- }
- return result.substring(0, result.length() - 2);
- }
-
- /**
- * Returns the key of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns CookieA
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the key of a key-value-pair of a cookie
- */
- private String getKey(String input) {
- return input.substring(0, input.indexOf("="));
- }
-
- /**
- * Returns the value of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns 1234
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the value of a key-value-pair of a cookie
- */
- private String getValue(String input) {
- if (input.indexOf(";") == -1)
- return input.substring(input.indexOf("=") + 1, input.getBytes().length);
- return input.substring(input.indexOf("=") + 1, input.indexOf(";"));
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java b/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java
deleted file mode 100644
index 1762a52b7..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-import java.util.HashMap;
-
-/**
- * The CookieManager is a singleton to manage a Cookie-Object for
- * each session
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class CookieManager {
- /** the singleton instance of the CookieManager */
- private static CookieManager instance;
- /** a HashMap to bind a Cookie-object to every single session*/
- private static HashMap cookies = new HashMap();
-
- /**
- * Create a singleton of the CookieManager
- * @return CookieManager
- */
- public static CookieManager getInstance()
- {
- if(instance==null) instance=new CookieManager();
- return instance;
- }
-
- /**
- * Save a cookie to a specified session-id
- * @param id The session id
- * @param cookie_string The complete 'Set-Cookie' String from the OnlineApplication
- */
- public void saveCookie(String id, String cookie_string)
- {
- getCookieWithID(id).setCookie(cookie_string);
- }
-
- /**
- * Method saveOldCookies.
- * @param id
- * @param cookie_string
- */
- public void saveOldCookies(String id,String cookie_string)
- {
- getCookieWithID(id).saveOldCookies(cookie_string);
- }
-
- /**
- * Get a Cookie-Object for a specified session-id
- * @param id The session id
- * @return Cookie object containing all saved cookies for this session
- */
- public Cookie getCookieWithID(String id)
- {
- Cookie c = null;
- if(cookies.containsKey(id))
- c = (Cookie)cookies.get(id);
- else
- {
- c = new Cookie();
- cookies.put(id,c);
- }
- return c;
- }
-
-
- /**
- * Get a String containing all cookies of a specified session-id
- * saved in that session seperated by '; ' to be sent back to
- * the Online-Application
- * @param id the session-id
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookie(String id)
- {
- Cookie result = (Cookie)cookies.get((String)id);
- if (result==null)
- return null;
- return result.getCookies();
-
- }
-
- /**
- * Adds a Cookie for a special session from a response with
- * response-code 401 to the cookie-pool for sending it back
- * to the browser / client
- * @param id The session-id
- * @param value The complete 'Set-Cookie' - String
- */
- public void add401(String id,String value)
- {
- getCookieWithID(id).add401(value);
- }
-
- /**
- * Clear the 401 cookie-pool of a session
- * @param id the session-id
- */
- public void clear401(String id)
- {
- getCookieWithID(id).clear401();
- }
-
- /**
- * Get the HashMap containing all cookies of a session to be sent to the browser / client
- * @param id the session-id
- * @return HashMap with all cookies
- */
- public HashMap get401(String id)
- {
- return getCookieWithID(id).get401();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
deleted file mode 100644
index a47dd8b29..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
+++ /dev/null
@@ -1,111 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-import java.math.BigInteger;
-import java.security.Principal;
-
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
-/**
- * A class containing the issuer and serial number of a certificate, which can
- * be used to uniquely identify the certificate.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class IssuerAndSerial {
- /** store the issuer as String*/
- private String issuerDN;
- /** store the serial as BigInteger*/
- private BigInteger serial;
-
- /**
- * Create an <code>IssuerAndSerial</code> object.
- *
- * The name of the issuer is converted to RFC2253. If it cannot be parsed, the
- * DN contained in the <code>issuer</code> is set.
- *
- * @param issuer The isser of a certificate.
- * @param serial The serial number of the certificate.
- */
- public IssuerAndSerial(Principal issuer, BigInteger serial) {
- RFC2253NameParser parser = new RFC2253NameParser(issuer.getName());
-
- try {
- this.issuerDN = ((Name) parser.parse()).getRFC2253String();
- } catch (RFC2253NameParserException e) {
- this.issuerDN = issuer.getName();
- }
- this.serial = serial;
- }
-
- /**
- * Create an <code>IssuerAndSerial</code> object.
- *
- * @param issuerDN The issuer distinguished name. Should be an RFC2253 name.
- * @param serial The serial number of the certificate.
- */
- public IssuerAndSerial(String issuerDN, BigInteger serial) {
- this.issuerDN = issuerDN;
- this.serial = serial;
- }
-
- /**
- * Return the issuer DN in RFC2253 format.
- *
- * @return The issuer part of this object.
- */
- public String getIssuerDN() {
- return issuerDN;
- }
-
- /**
- * Return the serial number.
- *
- * @return The serial number of this object.
- */
- public BigInteger getSerial() {
- return serial;
- }
-
- /**
- * Compare this <code>IssuerAndSerial</code> to another object.
- *
- * @return <code>true</code>, if <code>other</code> is an
- * <code>IssuerAndSerial</code> object and the <code>issuer</code> and
- * <code>serial</code> fields are both equal. <code>false</code> otherwise.
- * @see java.lang.Object#equals(java.lang.Object)
- */
- public boolean equals(Object other) {
- if (other instanceof IssuerAndSerial) {
- IssuerAndSerial ias = (IssuerAndSerial) other;
- return getIssuerDN().equals(ias.getIssuerDN())
- && getSerial().equals(ias.getSerial());
- }
- return false;
- }
-
- /**
- * Return the hash code of this <code>IssuerAndSerial</code>.
- *
- * @return The hash code of this <code>IssuerAndSerial</code>.
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- return issuerDN.hashCode() ^ serial.hashCode();
- }
-
- /**
- * Return a <code>String</code> representation of this
- * <code>IssuerAndSerial</code> object.
- *
- * @return The <code>String</code> representation.
- * @see java.lang.Object#toString()
- */
- public String toString() {
- return ("(IssuerAndSerial - Issuer<" + getIssuerDN())
- + ("> Serial<" + serial.toString() + ">)");
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java
deleted file mode 100644
index ed61827b6..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-/**
- * Data contained in a <code>&lt;samlp:Status&gt;</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLStatus {
-
- /** main status code */
- private String statusCode;
- /** sub status code */
- private String subStatusCode;
- /** status message */
- private String statusMessage;
-
- /**
- * @return status code
- */
- public String getStatusCode() {
- return statusCode;
- }
-
- /**
- * @return status message
- */
- public String getStatusMessage() {
- return statusMessage;
- }
-
- /**
- * @return enclosed sub-status code
- */
- public String getSubStatusCode() {
- return subStatusCode;
- }
-
- /**
- * @param string the status code
- */
- public void setStatusCode(String string) {
- statusCode = string;
- }
-
- /**
- * @param string the status message
- */
- public void setStatusMessage(String string) {
- statusMessage = string;
- }
-
- /**
- * @param string the enclosed sub-status code
- */
- public void setSubStatusCode(String string) {
- subStatusCode = string;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
deleted file mode 100644
index c338e96fc..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ /dev/null
@@ -1,96 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import java.io.File;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-import at.gv.egovernment.moa.util.FileUtils;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.certstore.CertStoreParameters;
-import iaik.pki.store.certstore.CertStoreTypes;
-import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CertStoreConfigurationImpl extends ObservableImpl
- implements CertStoreConfiguration, DirectoryCertStoreParameters {
- /** identifies the rootDirectory */
- private String rootDirectory;
- /** ConfigurationProvider */
- private ConfigurationProvider conf;
- /** Array for storing all CertStoreParameters */
- private CertStoreParameters[] parameters;
-
- /**
- * Create a new <code>CertStoreConfigurationImpl</code>.
- *
- * @param conf The MOA configuration from which the configuration data is
- * @throws ConfigurationException an any config-error
- * being read.
- */
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf=conf;
- String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY;
- String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName);
- if (certStoreRootDirParam == null)
- throw new ConfigurationException(
- "config.08", new Object[] {paramName});
-
- rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
- if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
- File f = new File(rootDirectory);
- if (!f.isDirectory())
- throw new ConfigurationException(
- "config.05", new Object[] {paramName});
-
- parameters = new CertStoreParameters[] { this };
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
- */
- public CertStoreParameters[] getParameters() {
- return parameters;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
- */
- public String getRootDirectory() {
- return rootDirectory;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
- */
- public boolean createNew() {
- return false;
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#getId()
- */
- public String getId() {
- return "MOA ID Directory CertStore";
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
- */
- public boolean isReadOnly() {
- return false;
- }
-
- /**
- * @return <code>CertStoreTypes.DIRECTORY</code>
- * @see iaik.pki.store.certstore.CertStoreParameters#getType()
- */
- public String getType() {
- return CertStoreTypes.DIRECTORY;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
deleted file mode 100644
index 3cd02a2b5..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.logging.LogConfigurationException;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.Properties;
-
-/**
- * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class LoggerConfigImpl implements iaik.logging.LoggerConfig {
-
- /** logging properties **/
- private Properties loggingProperties;
-
- /**
- * Constructor
- */
- public LoggerConfigImpl(String propertyFileURL) throws IOException {
- InputStream in = new URL(propertyFileURL).openStream();
- loggingProperties = new Properties();
- loggingProperties.load(in);
- in.close();
- }
-
- /**
- * @see iaik.logging.LoggerConfig#getFactory()
- */
- public String getFactory() {
- return "iaik.logging.impl.Log4jFactory";
- }
-
- /**
- * @see iaik.logging.LoggerConfig#getProperties()
- */
- public Properties getProperties() throws LogConfigurationException {
- return loggingProperties;
- }
-
- /**
- * @see iaik.logging.LoggerConfig#getNodeId()
- */
- public String getNodeId() {
- return "iaik";
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
deleted file mode 100644
index b41de3c44..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.pathvalidation.ValidationConfiguration;
-import iaik.pki.revocation.RevocationConfiguration;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.revocation.archive.ArchiveConfiguration;
-
-/**
- * Implementation of interface <code>PKIConfiguration</code> needed to
- * initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIConfigurationImpl implements PKIConfiguration {
- /** The configuration for the CertStore */
- private CertStoreConfiguration certStoreConfiguration;
- /** The configuration for the RevocationChecks */
- private RevocationConfiguration revocationConfiguration;
- /** The configuration for the Validation */
- private ValidationConfiguration validationConfiguration;
-
- /**
- * Constructor
- * @param conf the Configuration for the PKIConfig
- * @throws ConfigurationException for any config error
- */
- public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
-
- certStoreConfiguration = new CertStoreConfigurationImpl(conf);
- revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(conf);
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
- */
- public CertStoreConfiguration getCertStoreConfiguration() {
- return certStoreConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
- */
- public RevocationConfiguration getRevocationConfiguration() {
- return revocationConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
- */
- public ArchiveConfiguration getArchiveConfiguration() {
- return null;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
- */
- public ValidationConfiguration getValidationConfiguration() {
- return validationConfiguration;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
deleted file mode 100644
index fff75775d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.revocation.RevocationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
- */
- public Set getAlternativeDistributionPoints(
- X509Certificate arg0,
- X509Certificate arg1,
- Date arg2) {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
- */
- public boolean archiveRevocationInfo(String arg0, String arg1) {
- return false;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
deleted file mode 100644
index c500e2e8e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.pathvalidation.ValidationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ValidationConfigurationImpl extends ObservableImpl
- implements ValidationConfiguration {
- /** The ConfigurationProvider for the validation*/
- private ConfigurationProvider conf;
-
- /**
- * Constructor
- * @param conf with the configuration
- */
- public ValidationConfigurationImpl(ConfigurationProvider conf) {
- this.conf = conf;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- String chainingMode = conf.getChainingMode(trustAnchor);
- return chainingMode;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
- */
- public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
- return null;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
- */
- public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
- return null;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
deleted file mode 100644
index 3c37706e1..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ /dev/null
@@ -1,186 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.pki;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Set;
-
-import iaik.pki.PKIProfile;
-import iaik.pki.pathvalidation.ValidationProfile;
-import iaik.pki.revocation.RevocationProfile;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.pki.store.truststore.TrustStoreProfile;
-import iaik.pki.store.truststore.TrustStoreTypes;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of the <code>PKIProfile</code> interface and subinterfaces
- * providing information needed for certificate path validation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIProfileImpl extends ObservableImpl
- implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
- /**
- * URI to the truststore
- */
- private String trustStoreURI;
-
- /**
- * revocation checking;
- */
- private boolean revocationChecking;
-
- /**
- * The trust profile identifier.
- */
- private String id;
-
-
- /**
- * Create a new <code>PKIProfileImpl</code>.
- *
- * @param trustStoreURI trust store URI
- */
- public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
- this.trustStoreURI = trustStoreURI;
- this.revocationChecking = revocationChecking;
- String id = String.valueOf(System.currentTimeMillis());
- setId("id-" + id);
- }
-
- /**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getRevocationProfile()
- */
- public RevocationProfile getRevocationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getTrustStoreProfile()
- */
- public TrustStoreProfile getTrustStoreProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getValidationProfile()
- */
- public ValidationProfile getValidationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
- */
- public boolean useAuthorityInfoAccess() {
- return true;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
- */
- public long getMaxRevocationAge(String arg0) {
- return 0;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
- */
- public String getOCSPRequestHashAlgorithm() {
- return null;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
- */
- public String[] getPreferredServiceOrder(X509Certificate arg0) {
- return new String[] {RevocationSourceTypes.CRL};
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
- */
- public String getType() {
- return TrustStoreTypes.DIRECTORY;
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
- */
- public String getURI() {
- return trustStoreURI;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
- */
- public boolean getInitialAnyPolicyInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
- */
- public boolean getInitialExplicitPolicy() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
- */
- public boolean getInitialPolicyMappingInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
- */
- public Set getInitialPolicySet() {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
- */
- public boolean getNameConstraintsProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
- */
- public boolean getPolicyProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
- */
- public boolean getRevocationChecking() {
- return this.revocationChecking;
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
- */
- public String getId() {
- return id;
- }
- /**
- * Sets the trust profile identifier.
- * @param id The id to set.
- */
- public void setId(String id) {
- this.id = id;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
deleted file mode 100644
index 9da006d35..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.pki.jsse;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-/**
- * <code>TrustManager</code> implementation featuring CRL checking (inherited from
- * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDTrustManager extends IAIKX509TrustManager {
-
- /** an x509Certificate array containing all accepted server certificates*/
- private X509Certificate[] acceptedServerCertificates;
-
- /**
- * Constructor
- * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
- * @throws GeneralSecurityException occurs on security errors
- * @throws IOException occurs on IO errors
- */
- public MOAIDTrustManager(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- if (acceptedServerCertificateStoreURL != null)
- buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
- else
- acceptedServerCertificates = null;
- }
-
-
- /**
- * Initializes the LoggingContextManager logging context.
- * Fixes a bug occuring in the case MOA-SP is called by API.
- * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
- * This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
- public static void initializeLoggingContext() {
- if (LoggingContextManager.getInstance().getLoggingContext() == null)
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext(Thread.currentThread().getName()));
- }
-
-
- /**
- * Builds an Array of accepted server certificates from an URL,
- * and stores it in <code>acceptedServerCertificates</code>.
- * @param acceptedServerCertificateStoreURL file URL pointing to the directory
- * containing accepted server X509 certificates
- * @throws GeneralSecurityException on security errors
- * @throws IOException on any IO errors
- */
- private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- List certList = new ArrayList();
- URL storeURL = new URL(acceptedServerCertificateStoreURL);
- File storeDir = new File(storeURL.getFile());
- // list certificate files in directory
- File[] certFiles = storeDir.listFiles();
- for (int i = 0; i < certFiles.length; i++) {
- // for each: create an X509Certificate and store it in list
- File certFile = certFiles[i];
- FileInputStream fis = new FileInputStream(certFile.getPath());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
- fis.close();
- certList.add(cert);
- }
- // store acceptedServerCertificates
- acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
- }
-
- /**
- * Does additional server-end-SSL-certificate checking.
- * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
- */
- public boolean isServerTrusted(X509Certificate[] certChain) {
- boolean trusted = super.isServerTrusted(certChain);
- if (! trusted || acceptedServerCertificates == null)
- return trusted;
- else {
- // check server-end-SSL-certificate with acceptedServerCertificates
- X509Certificate serverCert = certChain[0];
- for (int i = 0; i < acceptedServerCertificates.length; i++) {
- X509Certificate acceptedServerCert = acceptedServerCertificates[i];
- if (serverCert.equals(acceptedServerCert))
- return true;
- }
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
- return false;
- }
- }
- /**
- * In rare cases, this method is being called although it should not be.
- * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
- */
- public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
- {
- return true;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
deleted file mode 100644
index 8f36ac5c0..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.servertools.observer;
-
-import iaik.pki.store.observer.NotificationData;
-import iaik.pki.store.observer.Observable;
-import iaik.pki.store.observer.Observer;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-
-/**
- * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ObservableImpl implements Observable {
- /** a List for all observers */
- private List observers = new ArrayList();
-
- /**
- * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
- */
- public void addObserver(Observer observer) {
- observers.add(observer);
- }
-
- /**
- * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
- */
- public boolean removeObserver(Observer observer) {
- return observers.remove(observer);
- }
-
- /**
- * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
- */
- public void notify(NotificationData data) {
- Iterator iter = observers.iterator();
- for (iter = observers.iterator(); iter.hasNext();) {
- Observer observer = (Observer) iter.next();
- observer.notify(data);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
deleted file mode 100644
index 731212ef8..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.util.Vector;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * Builder for {@link java.net.URLConnection} objects used to forward requests
- * to the remote online application.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-
-public interface ConnectionBuilder {
-
- /**
- * Builds an HttpURLConnection to a {@link java.net.URL} which is derived
- * from an {@link HttpServletRequest} URL, by substitution of a
- * public URL prefix for the real URL prefix.<br>
- * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but
- * it has not yet been connected to by {@link java.net.URLConnection#connect}.<br>
- * The field settings of the HttpURLConnection are:
- * <ul>
- * <li><code>allowUserInteraction = false</code></li>
- * <li><code>doInput = true</code></li>
- * <li><code>doOutput = true</code></li>
- * <li><code>requestMethod = request.getMethod()</code></li>
- * <li><code>useCaches = false</code></li>
- * </ul>
- *
- * @param request the incoming request which shall be forwarded
- * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix
- * @param realURLPrefix the URL prefix to substitute the public URL prefix
- * @param sslSocketFactory factory to be used for creating an SSL socket in case
- * of a URL for scheme <code>"https:"</code>;
- * <br>if <code>null</code>, the default SSL socket factory would be used
- * @param parameters parameters to be forwarded
- * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to
- * the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code>
- * @throws IOException if an I/O exception occurs during opening the connection
- * @see java.net.URL#openConnection()
- * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest request,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Vector parameters) throws IOException;
-
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param con the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(HttpURLConnection con);
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
deleted file mode 100644
index ff7787839..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-
-/**
- * Factory delivering a {@link ConnectionBuilder} implementation for
- * an online application, initialized from configuration data.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConnectionBuilderFactory {
-
- /** default connection builder to be used for online application
- * where no special implementation of the <code>ConnectionBuilder</code>
- * interface is configured
- */
- private static ConnectionBuilder defaultConnectionBuilder;
- /** mapping from online application public URL prefix to an implementation
- * of the <code>ConnectionBuilder</code> interface to be used;
- * if no mapping is given for an online application, the
- * <code>DefaultConnectionBuilder</code> will be used */
- private static Map connectionBuilderMap;
-
- /**
- * Initializes the <code>ConnectionBuilder</code> map from the configuration data.
- * @throws ConfigurationException when the configuration cannot be read,
- * or when a class name configured cannot be instantiated
- */
- public static void initialize() throws ConfigurationException {
- defaultConnectionBuilder = new DefaultConnectionBuilder();
- connectionBuilderMap = new HashMap();
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
- String publicURLPrefix = oaParam.getPublicURLPrefix();
- String className = oaParam.getConnectionBuilderImpl();
- if (className != null) {
- try {
- ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance();
- connectionBuilderMap.put(publicURLPrefix, cb);
- }
- catch (Throwable ex) {
- throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
- }
- }
- }
- }
-
- /**
- * Gets the <code>ConnectionBuilder</code> implementation to be used for the given
- * online application.
- * @param publicURLPrefix public URL prefix of the online application
- * @return <code>ConnectionBuilder</code> implementation
- */
- public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) {
- ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix);
- if (cb == null)
- return defaultConnectionBuilder;
- else
- return cb;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
deleted file mode 100644
index 151b1cec3..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ /dev/null
@@ -1,149 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder;
-import java.util.Iterator;
-import java.util.Vector;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * Defaultimplementierung von <code>ConnectionBuilder</code>.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DefaultConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
-
- /**
- * Constructor for DefaultConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public DefaultConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest req,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Vector parameters)
- throws IOException {
-
- String requestedURL = req.getRequestURL().toString();
- // check whether requested URL starts with publicURLPrefix
-
- //Temporary allow http:// urls instead of the https:// in publicURLPrefix
- //if (req.getSession().getAttribute("authorizationkey")==null) {
- // if (! requestedURL.startsWith(publicURLPrefix))
- // throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- // "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
- //}
-
- // in case of GET request, append query string to requested URL;
- // otherwise, HttpURLConnection would perform a POST request
- if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
- requestedURL = appendQueryString(requestedURL, parameters);
- }
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
- URL url = new URL(realURLString);
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
-
- HttpURLConnection conn = (HttpURLConnection)url.openConnection();
- conn.setRequestMethod(req.getMethod());
- conn.setDoInput(true);
- conn.setDoOutput(true);
- //conn.setUseCaches(false);
- //conn.setAllowUserInteraction(true);
- conn.setInstanceFollowRedirects(false);
- if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
- HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
- httpsConn.setSSLSocketFactory(sslSocketFactory);
- if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
- }
- return conn;
- }
-
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param conn the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(HttpURLConnection conn) {
- conn.disconnect();
- }
-
-
- /**
- * @param requestedURL
- * @param parameters
- * @return
- */
- private String appendQueryString(String requestedURL, Vector parameters) {
- String newURL = requestedURL;
- String parameter[] = new String[2];
- String paramValue ="";
- String paramName ="";
- String paramString ="";
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- try {
- parameter = (String[]) iter.next();
- //next two lines work not with OWA-SSL-Login-form
- paramName = URLEncoder.encode((String) parameter[0], "UTF-8");
- paramValue = URLEncoder.encode((String) parameter[1], "UTF-8");
-
- } catch (UnsupportedEncodingException e) {
- //UTF-8 should be supported
- }
- paramString = "&" + paramName + "=" + paramValue + paramString;
- }
- if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1);
- return newURL;
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
- private class HostnameNonVerifier implements HostnameVerifier {
-
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
deleted file mode 100644
index 3df76656b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ /dev/null
@@ -1,142 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * Implementation of interface <code>LoginParameterResolver</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DefaultLoginParameterResolver implements LoginParameterResolver {
-
- /**
- * Constructor
- */
- public DefaultLoginParameterResolver() {
- }
-
- /**
- * Configuration mehtod (not used)
- */
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
- }
-
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) {
-
- Map result = new HashMap();
-
- if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) {
- String useridPredicate = oaConf.getBasicAuthUserIDMapping();
- String userid = resolveValue(useridPredicate, authData, clientIPAddress);
- String passwordPredicate = oaConf.getBasicAuthPasswordMapping();
- String password = resolveValue(passwordPredicate, authData, clientIPAddress);
-
- try {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes());
- result.put("Authorization", "Basic " + credentials);
- }
- catch (IOException ignore) {
- }
- }
- else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) {
- for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) {
- String key = (String) iter.next();
- String predicate = (String) oaConf.getHeaderAuthMapping().get(key);
- String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- result.put(key, resolvedValue);
- }
- }
-
- return result;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) {
-
- Map result = new HashMap();
-
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
- for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
- String key = (String) iter.next();
- String predicate = (String) oaConf.getParamAuthMapping().get(key);
- String resolvedValue;
- try {
- resolvedValue =
- URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1");
- } catch (UnsupportedEncodingException e) {
- //ISO-8859-1 is supported
- resolvedValue = null;
- }
- result.put(key, resolvedValue);
- }
- }
-
- return result;
- }
-
- /**
- * Resolves a login header or parameter value.
- * @param predicate header or parameter predicate name from online application configuration
- * @param authData authentication data for current login
- * @param clientIPAddress client IP address
- * @return header or parameter value resolved; <code>null</code> if unknown name is given
- */
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
- if (predicate.equals(MOAGivenName))
- return authData.getGivenName();
- if (predicate.equals(MOAFamilyName))
- return authData.getFamilyName();
- if (predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
- if (predicate.equals(MOABPK))
- return authData.getBPK();
- if (predicate.equals(MOAWBPK))
- return authData.getWBPK();
- if (predicate.equals(MOAPublicAuthority))
- if (authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if (predicate.equals(MOABKZ))
- return authData.getPublicAuthorityCode();
- if (predicate.equals(MOAQualifiedCertificate))
- if (authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if (predicate.equals(MOAStammzahl))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if (predicate.equals(MOAIPAddress))
- return clientIPAddress;
- else return null;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
deleted file mode 100644
index 909e2d51e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ /dev/null
@@ -1,249 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.HttpURLConnection;
-
-import com.ibm.webdav.HTTPHeaders;
-import com.ibm.webdav.protocol.URLStreamHandlerFactory;
-import com.ibm.webdav.protocol.http.WebDAVURLConnection;
-import java.util.StringTokenizer;
-import java.net.URL;
-import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder;
-import java.net.URLStreamHandler;
-import java.util.Iterator;
-import java.util.Vector;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * Defaultimplementierung von <code>ConnectionBuilder</code>.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ElakConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
-
- /** a boolean to indicat if webdav protocol handler was already set */
- private static boolean webdavPHSet = false;
-
- /**
- * The system property name used to register a protocol handler.
- */
- public final static String PROTOCOL_HANDLER_PROPERTY_NAME = "java.protocol.handler.pkgs";
-
- /**
- * The package providing the ldap protocol handler.
- */
- public final static String WEBDAV_PROTOCOL_HANDLER = "com.ibm.webdav.protocol";
-
- /**
- * The pipe character used to sepearte different protocol handlers.
- */
- public final static char PIPE_CHAR = '|';
-
-
-
-
-
- /**
- * Constructor for ElakConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public ElakConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest req,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Vector parameters)
- throws IOException {
-
- String requestedURL = req.getRequestURL().toString();
- // check whether requested URL starts with publicURLPrefix
- if (! requestedURL.startsWith(publicURLPrefix))
- throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
-
-
-
- // in case of GET request, append query string to requested URL;
- // otherwise, HttpURLConnection would perform a POST request
- //FIXME right parameters
- /*
- if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
- requestedURL = appendQueryString(requestedURL, parameters);
- }
- */
- //TODO RSCH check functionality
- if (null != req.getQueryString() && 0 != req.getQueryString().length() ) {
- String query = req.getQueryString();
- requestedURL = requestedURL + "?" + query;
-
- String parameter[] = new String[2];
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
- if(query.indexOf(parameter[0]) >= 0) iter.remove();
- }
- }
-
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
-
-
- Logger.info("Registering WebDAV protocol handler");
- String protocolHandlers = System.getProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME);
- if (protocolHandlers == null) {
- protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER;
- System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
- } else {
- // check, if WEBDAV protocol handler is already configured
- boolean isConfigured = false;
- StringTokenizer tokenizer = new StringTokenizer(protocolHandlers, "| ");
- while (tokenizer.hasMoreTokens()) {
- String protocolHandler = tokenizer.nextToken();
- if (protocolHandler.equals(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER)) {
- isConfigured = true;
- break;
- }
- }
- // if it has not been configured yet, configure it
- if (!isConfigured) {
- protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ElakConnectionBuilder.PIPE_CHAR + protocolHandlers;
- System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
- }
- }
- Logger.info("Registered protocol handlers: " + protocolHandlers);
- Class webdavSH = null;
- try
- {
- webdavSH = Class.forName(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ".http.Handler");
- }
- catch (ClassNotFoundException e)
- {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- URLStreamHandler urlStreamHandler = null;
- try
- {
- urlStreamHandler = (URLStreamHandler) webdavSH.newInstance();
- }
- catch (InstantiationException e1)
- {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
- catch (IllegalAccessException e1)
- {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
- //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler);
- //WebDAVURLConnection webDavTest = (WebDAVURLConnection) testURL.openConnection();
-
-
- URL testURL = new URL(realURLString);
- Logger.debug("TEST URL ist von der Klasse: " + testURL.getClass().getName());
-
- //URL url = new URL(realURLString);
- URL testURL2 = new URL(realURLString);
-
- URL url = new URL("http", "localhost", 82, realURLString.substring("http://localhost:82".length()), urlStreamHandler);
-
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
- WebDAVURLConnection webDavConn = (WebDAVURLConnection) url.openConnection();
- HttpURLConnection conn = (HttpURLConnection)webDavConn;
- webDavConn.setRequestMethod(req.getMethod());
- webDavConn.setDoInput(true);
- webDavConn.setDoOutput(true);
- //conn.setUseCaches(false);
- webDavConn.setAllowUserInteraction(true);
- webDavConn.setInstanceFollowRedirects(false);
- if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
- HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
- httpsConn.setSSLSocketFactory(sslSocketFactory);
- if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
- }
- return conn;
- }
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param conn the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(HttpURLConnection conn) {
- conn.disconnect();
- }
-
- /**
- * @param requestedURL
- * @param parameters
- * @return
- */
- private String appendQueryString(String requestedURL, Vector parameters) {
- String newURL = requestedURL;
- String parameter[] = new String[2];
- String paramValue ="";
- String paramName ="";
- String paramString ="";
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- try {
- parameter = (String[]) iter.next();
- //Following two lines do not work with OWA-SSL-Login-form
- paramName = URLEncoder.encode((String) parameter[0], "UTF-8");
- paramValue = URLEncoder.encode((String) parameter[1], "UTF-8");
-
- } catch (UnsupportedEncodingException e) {
- //UTF-8 should be supported
- }
- paramString = "&" + paramName + "=" + paramValue + paramString;
- }
- if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1);
- return newURL;
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
- private class HostnameNonVerifier implements HostnameVerifier {
-
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
deleted file mode 100644
index f934ab80b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ /dev/null
@@ -1,211 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.net.URL;
-import java.net.URLStreamHandler;
-import java.util.Iterator;
-import java.util.Vector;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import HTTPClient.HttpURLConnection;
-import HTTPClient.HTTPConnection;
-
-
-/**
- * Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>.
- * uses the HTTP(s)Client from Ronald Tschalär.
- * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/
- *
- * @author pdanner
- */
-public class EnhancedConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
- /** Name of the Parameter for the Target */
- private static final String PARAM_TARGET = "Target";
- /** Name of the Parameter for the SAMLArtifact */
- private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
- /** Name of the Attribute for marking the session as authenticated*/
- private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
-
- static {
- HTTPConnection.setDefaultTimeout(0);
- try {
- HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.AuthorizationModule"));
- HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RedirectionModule"));
- HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.CookieModule"));
- //HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RetryModule"));
- } catch (ClassNotFoundException e) {
-
- }
- }
-
- /**
- * Constructor for OWAConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public EnhancedConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public java.net.HttpURLConnection buildConnection(HttpServletRequest req, String publicURLPrefix, String realURLPrefix, SSLSocketFactory sslSocketFactory, Vector parameters) throws IOException {
-
- String requestedURL = req.getRequestURL().toString();
- // check whether requested URL starts with publicURLPrefix
-
- if (! requestedURL.startsWith(publicURLPrefix.substring(0,5)))
- throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
-
- String query = req.getQueryString();
- if (req.getSession().getAttribute(ATT_AUTHDATAFETCHED)!=null) {
- query = removeParameter(query, PARAM_SAMLARTIFACT);
- query = removeParameter(query, PARAM_TARGET);
- req.getSession().removeAttribute(ATT_AUTHDATAFETCHED);
- }
- if (null != query && 0 != query.length() ) {
- requestedURL = requestedURL + "?" + query;
-
- String parameter[] = new String[2];
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
- if(query.indexOf(parameter[0]) >= 0) iter.remove();
- }
- }
-
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
-
- // build real URL in online application
- URLStreamHandler urlStreamHandler = null;
-
- //URL url = new URL(realURLString);
- if (realURLString.startsWith("https")) {
- urlStreamHandler = new HTTPClient.https.Handler();
- } else{
- urlStreamHandler = new HTTPClient.http.Handler();
- }
- URL url = new URL(null, realURLString, urlStreamHandler);
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
-
- HttpURLConnection conn = (HttpURLConnection)url.openConnection();
-
- conn.setRequestMethod(req.getMethod());
- conn.setDoInput(true);
- conn.setDoOutput(true);
- //conn.setUseCaches(false);
- //conn.setAllowUserInteraction(true);
- conn.setInstanceFollowRedirects(false);
-
- if (realURLString.startsWith("https") && sslSocketFactory != null) {
- conn.setSSLSocketFactory(sslSocketFactory);
- //Not available in HTTPClient
- //if (cbDisableHostnameVerification)
- // conn.setHostnameVerifier(new HostnameNonVerifier());
- }
-
- return conn;
-
- }
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param conn the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(java.net.HttpURLConnection conn) {
- // In HTTPClient there must not be an diconnect!
- // conn.disconnect();
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
- private class HostnameNonVerifier implements HostnameVerifier {
-
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-
- /**
- * Removes parameters from the query-URL recursively
- *
- * @param query the query from which the parameter is to be removed
- * @param parameter the parameter to be removed
- * @return the parameterclean query
- */
- private String removeParameter(String query, String parameter) {
- return removeParameter(query, parameter, true);
- }
-
- /**
- * Removes one parameter from the query-URL recursively
- *
- * @param query the query from which the parameter is to be removed
- * @param parameter the parameter to be removed
- * @param remove. Boolean value wether a parameter was removed in last call or not. In initial call set to true to check for new occurrences
- * @return the parameterclean query
- */
- private String removeParameter(String query, String parameter, boolean remove) {
- String result = query;
- if (remove && query!=null && !query.equals("") && parameter!=null && !parameter.equals("")) {
- String param = parameter;
- int capEnd=0;
- if (!param.endsWith("=")) param=param+"=";
- if (query.startsWith(param)) {
- //remove leading
- result="";
- } else {
- if (!param.startsWith("&")) param="&"+param;
- capEnd = query.indexOf(param);
- if (capEnd!=-1) {
- //leading part
- result=query.substring(0, capEnd);
- }
- }
- if (capEnd!=-1) {
- //trailing part
- capEnd += param.length();
- int capBegin = -1;
- if (capEnd <query.length()) capBegin = query.indexOf("&", capEnd);
- if (capBegin!=-1) {
- if (capBegin<query.length()) {
- result=result + query.substring(capBegin);
- if (result.startsWith("&")) result = result.substring(1); //if now is leading part
- }
- }
- }
- result = removeParameter(result, parameter, !query.equals(result));
- }
- return result;
- }
-
- }
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
deleted file mode 100644
index b47389950..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-
-/**
- * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
- * to the remote online application.
- * Utilizes {@link OAConfiguration} and {@link AuthenticationData}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public interface LoginParameterResolver {
-
- /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
- * naming predicates used by the <code>LoginParameterResolver</code>. */
- public static final String MOAGivenName = "MOAGivenName";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAFamilyName = "MOAFamilyName";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOADateOfBirth = "MOADateOfBirth";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOABPK = "MOABPK";
- /** Constant used in <code>MOAIDConfiguration-1.3.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAWBPK = "MOAWBPK";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAPublicAuthority = "MOAPublicAuthority";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOABKZ = "MOABKZ";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAStammzahl = "MOAStammzahl";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAIdentificationValueType = "MOAIdentificationValueType";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAIPAddress = "MOAIPAddress";
-
- /**
- * Returns authentication headers to be added to a URLConnection.
- *
- * @param oaConf configuration data
- * @param authData authentication data
- * @param clientIPAddress client IP address
- * @param businessService boolean value for recognizing (w)bPK-mode
- * @param publicURLPrefix to distinguish different online applications
- * @return A map, the keys being header names and values being corresponding header values.
- * <br>In case of authentication type <code>"basic-auth"</code>, header fields
- * <code>username</code> and <code>password</code>.
- * <br>In case of authentication type <code>"header-auth"</code>, header fields
- * derived from parameter mapping and authentication data provided.
- * <br>Otherwise, an empty map.
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
-
- /**
- * Returns request parameters to be added to a URLConnection.
- *
- * @param oaConf configuration data
- * @param authData authentication data
- * @param clientIPAddress client IP address
- * @param businessService boolean value for recognizing (w)bPK-mode
- * @param publicURLPrefix to distinguish different online applications
- * @return A map, the keys being parameter names and values being corresponding parameter values.
- * <br>In case of authentication type <code>"param-auth"</code>, parameters
- * derived from parameter mapping and authentication data provided.
- * <br>Otherwise, an empty map.
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
-
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException;
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
deleted file mode 100644
index 3aa2368bf..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class LoginParameterResolverException extends MOAIDException {
-
- /**
- * Constructor for LoginParameterResolverException.
- * @param messageId
- * @param parameters
- */
- public LoginParameterResolverException(
- String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for LoginParameterResolverException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public LoginParameterResolverException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
deleted file mode 100644
index 8edd23438..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-
-/**
- * Factory delivering a {@link LoginParameterResolver} implementation for
- * an online application, initialized from configuration data.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class LoginParameterResolverFactory {
-
- /** default login parameter resolver to be used for online application
- * where no special implementation of the <code>LoginParameterResolver</code>
- * interface is configured
- */
- private static LoginParameterResolver defaultLoginParameterResolver;
- /** mapping from online application public URL prefix to an implementation
- * of the <code>LoginParameterResolver</code> interface to be used;
- * if no mapping is given for an online application, the
- * <code>DefaultLoginParameterResolver</code> will be used */
- private static Map loginParameterResolverMap;
-
- /**
- * Initializes the <code>LoginParameterResolver</code> map from the configuration data.
- * @throws ConfigurationException when the configuration cannot be read,
- * or when a class name configured cannot be instantiated
- */
- public static void initialize() throws ConfigurationException {
- defaultLoginParameterResolver = new DefaultLoginParameterResolver();
- loginParameterResolverMap = new HashMap();
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
- String publicURLPrefix = oaParam.getPublicURLPrefix();
- String className = oaParam.getLoginParameterResolverImpl();
- String configuration = oaParam.getLoginParameterResolverConfiguration();
- if (className != null) {
- try {
- Class lprClass = Class.forName(className);
- LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
-
- Class[] argumentTypes = { String.class, Boolean.class };
- Method confMethod = lprClass.getMethod( "configure", argumentTypes );
-
- Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) };
- confMethod.invoke( lpr, arguments );
-
- loginParameterResolverMap.put(publicURLPrefix, lpr);
- }
- catch (InvocationTargetException lpex) {
- throw new ConfigurationException("config.11", new Object[] {className}, lpex);
- }
- catch (Throwable ex) {
- throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
- }
- }
- }
- }
-
- /**
- * Gets the <code>LoginParameterResolver</code> implementation to be used for the given
- * online application.
- * @param publicURLPrefix public URL prefix of the online application
- * @return <code>LoginParameterResolver</code> implementation
- */
- public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) {
- LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix);
- if (lpr == null)
- return defaultLoginParameterResolver;
- else
- return lpr;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
deleted file mode 100644
index 3f615b01c..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ /dev/null
@@ -1,95 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import iaik.pki.PKIException;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
-import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Web application initializer
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDProxyInitializer {
-
- /**
- * Initializes the web application components which need initialization:
- * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
- */
- public static void initialize()
- throws ConfigurationException, IOException, GeneralSecurityException, PKIException {
-
- Logger.setHierarchy("moa.id.proxy");
-
- // Restricts TLS cipher suites
- System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
-
- // load some jsse classes so that the integrity of the jars can be verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction with
- // iaik-jce (on jdk1.3)
- ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader();
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- }
- catch (ClassNotFoundException e) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
- }
-
- // Initializes the SSLSocketFactory store
- SSLUtils.initialize();
-
- // Initializes IAIKX509TrustManager logging
- String log4jConfigURL = System.getProperty("log4j.configuration");
- if (log4jConfigURL != null) {
- IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
- }
-
- // Loads the configuration
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload();
-
- // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service,
- // using configuration data
- ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
- if (connParamAuth!=null) {
- if (connParamAuth.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- AxisSecureSocketFactory.initialize(ssf);
- }
- } else {
- throw new ConfigurationException("config.16", null);
- }
-
- // Initializes the Axis secure socket factories for use in calling the online applications,
- // using configuration data
- OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAProxyParameter oaParam = oaParams[i];
- ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- if (oaConnParam.isHTTPSURL())
- SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
- }
-
- // Initializes the ConnectionBuilderFactory from configuration data
- ConnectionBuilderFactory.initialize();
-
- // Initializes the LoginParameterResolverFactory from configuration data
- LoginParameterResolverFactory.initialize();
-
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
deleted file mode 100644
index 849160a7b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- * Reason for this exception: the dedicated LoginParameterResolver does
- * not allow access to the desired ressource.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class NotAllowedException extends MOAIDException {
-
- /**
- * Constructor for NotAllowedException.
- * @param messageId
- * @param parameters
- */
- public NotAllowedException(
- String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for NotAllowedException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public NotAllowedException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
deleted file mode 100644
index 9bfd9de9b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ /dev/null
@@ -1,678 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import iaik.security.provider.IAIK;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * XMLLoginParameterResolver an implementation of implementation of interface
- * <code>LoginParameterResolver</code>
- * This implementation used to map identities stored in an XML file to parameters
- * which are given to OAs.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver {
-
- //file which is parsed and interpreted for paremeter resolving.
- private String identityFile;
-
- private Cipher blowfishCipher;
- private Key key;
- /**
- * inner class used to store mapped parameters
- */
- class LPRParams {
-
- /**
- * getter method for parameter Enabled.
- * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
- */
- public boolean getEnabled() {
- return enabled.booleanValue();
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- public String getUN() {
- return UN;
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- //TODO XMLLPR decrypt
- public String getPlainUN() {
- //Security.addProvider();
-
-
- return UN;
- }
-
-
- /**
- * getter method for parameter PW (password)
- * @return Parameter PW or <code>null</code> not set.
- */
- public String getPW() {
- return PW;
- }
-
- /**
- * getter method for generic parameter Param1
- * @return Parameter Param1 or <code>null</code> not set.
- */
- public String getParam1() {
- return Param1;
- }
-
- /**
- * getter method for generic parameter Param2
- * @return Parameter Param2 or <code>null</code> not set.
- */
- public String getParam2() {
- return Param2;
- }
-
- /**
- * getter method for generic parameter Param3
- * @return Parameter Param3 or <code>null</code> not set.
- */
- public String getParam3() {
- return Param3;
- }
-
- /**
- * Returns a string representation of LPRParams
- *
- * @return a <code>String</code> representation of this object.
- * @see XMLLoginParameterResolver.LPRParams
- */
- public String toString() {
- return "Enabled: "
- + enabled.toString()
- + "UN: '"
- + UN
- + "' PW: '"
- + PW
- + "' Param1: '"
- + Param1
- + "' Param2: '"
- + Param2
- + "' Param3: '"
- + Param3
- + "'\n";
- }
-
- //private member variables used to store the parameters
- private Boolean enabled = null;
- private String UN = null;
- private String PW = null;
- private String Param1 = null;
- private String Param2 = null;
- private String Param3 = null;
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
- * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
- * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
- this.enabled = new Boolean(enabled);
- this.UN = UN;
- this.PW = PW;
- this.Param1 = Param1;
- this.Param2 = Param2;
- this.Param3 = Param3;
- }
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW) {
- this(enabled, UN, PW, null, null, null);
- }
- }
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object.
- **/
- public XMLLoginParameterResolverEncryptedData() {
- bPKMap = new HashMap();
- namedMap = new HashMap();
- }
-
- /**
- * configuration method
- * @param configuration enabled enable user mapping to parameter set for the parameter set.
- */
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
- File idFile;
- Element rootElement;
-
- Security.addProvider(new IAIK());
- try {
- blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK");
-
- } catch (NoSuchPaddingException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()});
- } catch (NoSuchProviderException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()});
- } catch (NoSuchAlgorithmException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()});
- }
-
- String plaintext = "start";
- String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim");
- String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim");
- Logger.debug("plaintext: " + plaintext);
- Logger.debug("encrypted: " + encrypted);
- Logger.debug("decrypted: " + decrypted);
-
- //make file name absolut (if it is relative to main config file)
- //TODO MOAID XMLLPR check
- String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
- String rootConfigFileDir = new File(moaIDConfigFileName).getParent();
- this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir);
-
- if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
- }
- try {
- rootElement = readXMLFile(identityFile);
- } catch (IOException lex) {
- Logger.error(lex.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
-
- } catch (SAXException sex) {
- Logger.error(sex.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() });
- } catch (ParserConfigurationException e) {
- // TODO XMLPR Auto-generated catch block
- Logger.error(e.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() });
- }
- buildInfo(rootElement, businessService.booleanValue());
- isConfigured = true;
- }
-
- /**
- * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext
- * @param plaintext
- * @param bPK
- * @param masterSecret
- * @return encrypted data (blowfish encrypted, base64 encoded)
- * @throws LoginParameterResolverException
- */
- public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException
- {
- try {
- String keyString = bPK + masterSecret;
- key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
- IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
-
- blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param);
- byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8"));
- return Base64Utils.encode(cipherText);
- } catch (UnsupportedEncodingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidKeyException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (BadPaddingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalBlockSizeException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalStateException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidAlgorithmParameterException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IOException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- }
- }
-
-
- /**
- * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext
- * @param ciphertext (blowfish encrypted, base64encoded)
- * @param bPK
- * @param masterSecret
- * @return decrypted Data (plaintext)
- * @throws LoginParameterResolverException
- */
- public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException
- {
- try {
- String keyString = bPK + masterSecret;
- key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
- IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
- blowfishCipher.init(Cipher.DECRYPT_MODE, key, param);
- byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true));
- return new String(plaintext);
- } catch (UnsupportedEncodingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidKeyException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (BadPaddingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalBlockSizeException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalStateException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidAlgorithmParameterException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IOException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- }
- }
-
-
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
- Map result = new HashMap();
-
- if (!isConfigured) {
- //TODO XMLLPR
- throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" +
- identityFile + "' is not configured!", null);
- }
-
- //get the Identity of the user
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK ="";
- String wType= "";
- if (businessService) {
- bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
- wType = "w";
- } else {
- bPK = resolveValue(MOABPK, authData, clientIPAddress);
- }
- String userid = "";
- String password = "";
- LPRParams params = null;
- boolean userFound = false;
-
- //try (w)bPK and named search
- params = bPKIdentitySearch(bPK, wType);
-
- if (null == params)
- params = namedIdentitySearch(famName, givenName, dateOfBirth);
-
- //if both searches failed, report error.
- if(null == params)
- throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
-
- //HTTP 401 - Basic Authentication
- if (oaConf.getAuthType().equals("basic")) {
- userid = (null != params.getUN()) ? params.getUN() : "";
- password = (null != params.getPW()) ? params.getPW() : "";
-
- try {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8"));
- Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials);
- result.put("Authorization", "Basic " + credentials);
- } catch (IOException ignore) {
- throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"});
- }
- } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication
- String key;
- String resolvedValue;
- //TODO MOAID XMLLPR select value through OA-ConfigFile;
- if(null != params.getUN()) result.put("UN", params.getUN());
- if(null != params.getPW()) result.put("UN", params.getPW());
- if(null != params.getParam1()) result.put("UN", params.getParam1());
- if(null != params.getParam2()) result.put("UN", params.getParam2());
- if(null != params.getParam3()) result.put("UN", params.getParam3());
-
- } else {
- throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"});
- }
-
- return result;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
-
- Map result = new HashMap();
-
- if (!isConfigured) {
- Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured");
- return result;
- }
-
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK ="";
- String wType= "";
- if (businessService) {
- bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
- wType = "w";
- } else {
- bPK = resolveValue(MOABPK, authData, clientIPAddress);
- }
- String userid = "";
- String password = "";
- LPRParams params = null;
-
- //try (w)bPK and named search
- params = bPKIdentitySearch(bPK, wType);
-
- if (null == params)
- params = namedIdentitySearch(famName, givenName, dateOfBirth);
-
- //if both searches failed, report error.
- if(null == params)
- throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
-
- //TODO MOAID XMLLPR URLEncoder.encode
- if (oaConf.getAuthType().equals("param")) {
- try {
- if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1"));
- if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1"));
- if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1"));
- if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1"));
- if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1"));
- } catch (UnsupportedEncodingException e) {
- // ISO-8859-1 is supported
- throw new LoginParameterResolverException("URLEncoder error", null);
- }
- } else {
- throw new LoginParameterResolverException("AuthType not supported", null);
- }
- return result;
- }
-
- /**
- * Resolves a login header or parameter value.
- * @param predicate header or parameter predicate name from online application configuration
- * @param authData authentication data for current login
- * @param clientIPAddress client IP address
- * @return header or parameter value resolved; <code>null</code> if unknown name is given
- */
- private static String resolveValue(
- String predicate,
- AuthenticationData authData,
- String clientIPAddress) {
- if (predicate.equals("MOAGivenName"))
- return authData.getGivenName();
- if (predicate.equals("MOAFamilyName"))
- return authData.getFamilyName();
- if (predicate.equals("MOADateOfBirth"))
- return authData.getDateOfBirth();
- if (predicate.equals("MOABPK"))
- return authData.getBPK();
- if (predicate.equals("MOAWBPK"))
- return authData.getWBPK();
- if (predicate.equals("MOAPublicAuthority"))
- if (authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if (predicate.equals("MOABKZ"))
- return authData.getPublicAuthorityCode();
- if (predicate.equals("MOAQualifiedCertificate"))
- if (authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if (predicate.equals("MOAStammzahl"))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if (predicate.equals("MOAIPAddress"))
- return clientIPAddress;
- else
- return null;
- }
-
- /**
- * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element.
- * @param fileName of the configuration file.
- */
- private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException {
- Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName);
-
- InputStream stream = null;
- Element configElem;
-
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return configElem;
- }
-
- /**
- * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file.
- * @param root document root element.
- */
- private void buildInfo(Element root, boolean businessService) {
- NodeList idList = root.getElementsByTagName(XSD_IDELEM);
- NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM);
- String wType ="";
- if (businessService) wType = "w";
- for (int i = 0; i < idList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName());
-
- for (int i = 0; i < paramList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName());
-
- for (int i = 0; i < idList.getLength(); i++) {
- Element tmpElem = (Element) idList.item(i);
- NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM);
- for (int j = 0; j < tmpList.getLength(); j++)
- Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName());
-
- //Search for NamedIdentity Elements
- if (1 == tmpList.getLength()) {
- tmpElem = (Element) tmpList.item(0);
- String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," +
- tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," +
- tmpElem.getAttribute(XSD_BIRTHDATEATTR);
- boolean tmpBool = false;
- if (tmpElem.getFirstChild() != null
- && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- //TODO XMLLPR remove
- Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element) paramList.item(i);
- Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
- " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
- " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
- " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
- " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
- tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
- tmpElem.getAttribute(XSD_PARAM3ATTR)) );
- } else {
-
- //(w)bPKIdentity Elements
- if (businessService) {
- tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM);
- } else {
- tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM);
- }
- if (1 == tmpList.getLength()) {
- tmpElem = (Element) tmpList.item(0);
- String tmpStr = "";
- if (businessService) {
- tmpStr = tmpElem.getAttribute(XSD_WBPKATTR);
- } else {
- tmpStr = tmpElem.getAttribute(XSD_BPKATTR);
- }
- boolean tmpBool = false;
- if (tmpElem.getFirstChild() != null
- && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element) paramList.item(i);
- Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
- " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
- " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
- " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
- " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
- tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
- tmpElem.getAttribute(XSD_PARAM3ATTR)) );
- } else {
- if (businessService) {
- Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found");
- } else {
- Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found");
- }
- }
- }
- }
-
- Logger.debug("namedMap:" + namedMap.toString());
- Logger.debug(wType + "bPKMap:" + bPKMap.toString());
- }
-
-
-
-
- /**
- * searches for a given bPK and returns the appropriate LPRParams structure
- * @param bPK search argument
- * @return LPRParams if bPK could be found in internal mappings or null otherwise.
- */
- LPRParams bPKIdentitySearch(String bPK, String wType) {
- //search for mapping with (w)bPK of the user
- Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK);
- LPRParams params = (LPRParams) bPKMap.get(bPK);
- if (null == params) {
- Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!");
- return null;
- } else if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
- }
- Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled");
- return null;
- }
-
- /**
- * searches for a given namedIdentity and returns the appropriate LPRParams structure
- * @param surName surname search argument
- * @param givenName givenname search argument
- * @param dateOfBirth dateofbirth search argument
- * @return LPRParams if (w)bPK could be found in internal mappings or null otherwise.
- */
- LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) {
- Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth);
- //try first a search with surname, givenname and birthdate
- LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth);
- if (null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!");
- //try a search with surname, givenname only
- params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR);
- if(null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!");
- return null;
- }
- }
-
- if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
- }
- Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled");
- return null;
- }
-
- //public static final String XSD_MAPPING = "Mapping";
- //public static final String XSD_DOCELEM = "MOAIdentities";
- public static final String XSD_IDELEM = "Identity";
- public static final String XSD_NAMEDIDELEM = "NamedIdentity";
- public static final String XSD_BPKIDELEM = "bPKIdentity";
- public static final String XSD_WBPKIDELEM = "wbPKIdentity";
- public static final String XSD_PARAMELEM = "Parameters";
- public static final String XSD_SURNAMEATTR = "SurName";
- public static final String XSD_GIVENNAMEATTR = "GivenName";
- public static final String XSD_BIRTHDATEATTR = "BirthDate";
- public static final String XSD_BIRTHDATEBLANKATTR = "any";
- public static final String XSD_BPKATTR = "bPK";
- public static final String XSD_WBPKATTR = "wbPK";
- public static final String XSD_UNATTR = "UN";
- public static final String XSD_PWATTR = "PW";
- public static final String XSD_PARAM1ATTR = "Param1";
- public static final String XSD_PARAM2ATTR = "Param2";
- public static final String XSD_PARAM3ATTR = "Param3";
- private Map bPKMap;
- private Map namedMap;
- private boolean isConfigured = false;
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
deleted file mode 100644
index aedafdf85..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ /dev/null
@@ -1,422 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import java.io.IOException;
-import java.util.*;
-import org.apache.xerces.parsers.DOMParser;
-import org.w3c.dom.*;
-
-// Referenced classes of package at.gv.egovernment.moa.id.proxy:
-//
-// TODO MOA-ID test full functionality
-
-public class XMLLoginParameterResolverPlainData
- implements LoginParameterResolver
-{
- private String configuration;
-
- /**
- * inner class used to store mapped parameters
- */
- class LPRParams {
-
- /**
- * getter method for parameter Enabled.
- * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
- */
- public boolean getEnabled() {
- return enabled.booleanValue();
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- public String getUN() {
- return UN;
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- public String getPlainUN() {
- return UN;
- }
-
-
- /**
- * getter method for parameter PW (password)
- * @return Parameter PW or <code>null</code> not set.
- */
- public String getPW() {
- return PW;
- }
-
- /**
- * getter method for generic parameter Param1
- * @return Parameter Param1 or <code>null</code> not set.
- */
- public String getParam1() {
- return Param1;
- }
-
- /**
- * getter method for generic parameter Param2
- * @return Parameter Param2 or <code>null</code> not set.
- */
- public String getParam2() {
- return Param2;
- }
-
- /**
- * getter method for generic parameter Param3
- * @return Parameter Param3 or <code>null</code> not set.
- */
- public String getParam3() {
- return Param3;
- }
-
- /**
- * Returns a string representation of LPRParams
- *
- * @return a <code>String</code> representation of this object.
- * @see XMLLoginParameterResolver.LPRParams
- */
- public String toString() {
- return "Enabled: "
- + enabled.toString()
- + "UN: '"
- + UN
- + "' PW: '"
- + PW
- + "' Param1: '"
- + Param1
- + "' Param2: '"
- + Param2
- + "' Param3: '"
- + Param3
- + "'\n";
- }
-
- //private member variables used to store the parameters
- private Boolean enabled = null;
- private String UN = null;
- private String PW = null;
- private String Param1 = null;
- private String Param2 = null;
- private String Param3 = null;
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
- * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
- * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
- this.enabled = new Boolean(enabled);
- this.UN = UN;
- this.PW = PW;
- this.Param1 = Param1;
- this.Param2 = Param2;
- this.Param3 = Param3;
- }
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW) {
- this(enabled, UN, PW, null, null, null);
- }
- }
-
- //TODO document
- public XMLLoginParameterResolverPlainData()
- {
- bPKMap = new HashMap();
- namedMap = new HashMap();
-
- }
-
- //TODO document
- public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
- {
- Map result = new HashMap();
- if(oaConf.getAuthType().equals("basic"))
- {
- String famName = resolveValue(MOAFamilyName, authData, clientIPAddress);
- String givenName = resolveValue(MOAGivenName, authData, clientIPAddress);
- String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress);
- String bPK ="";
- String wType= "";
- if (businessService) {
- bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
- wType = "w";
- } else {
- bPK = resolveValue(MOABPK, authData, clientIPAddress);
- }
- String userid = "";
- String password = "";
- String param1 = "";
- String param2 = "";
- String param3 = "";
-
- LPRParams params = null;
- boolean userFound = false;
-
- //first step: search for (w)bPK entry in user list
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK);
- params = (LPRParams)bPKMap.get(bPK);
- if(params == null)
- Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!");
- else
- if(params.getEnabled())
- { //if user is enabled: get related parameters
- Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- } else
- {
- Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled");
- }
- if(!userFound) //secound step: search for name entry in user list
- {
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth);
- params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth);
- if(params == null) {
- Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!");
- //try also with wildcard ("*") birthdate
- params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*");
- if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!");
- }
-
- if(null != params && params.getEnabled())
- {
- Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- }
- }
- if(!userFound) //third step: search for default user in user list
- {
- //third step: search for (w)bPK for the default user entry in user list
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for default user");
- params = (LPRParams)bPKMap.get("default");
- if(params == null)
- Logger.debug("XMLLoginParameterResolverPlainData: params for default user not found in file!");
- else
- if(params.getEnabled())
- { //if user is enabled: get related parameters
- Logger.debug("XMLLoginParameterResolverPlainData: default user found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- } else
- {
- Logger.info("XMLLoginParameterResolverPlainData: default user found in list; user is NOT enabled");
- }
- }
-
- if(!userFound) //if user is not found then throw NotAllowedException exception
- {
- //TODO MOA-ID proove this with testcases!
- Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login");
- throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { });
- }
- try //if user was found: generate Authorization header entry with associated credemtials
- {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes());
- Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials);
- result.put("Authorization", "Basic " + credentials);
- }
- catch(IOException ignore) { }
- } else
- if(oaConf.getAuthType().equals("header"))
- {
- String key;
- String resolvedValue;
- for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
- {
- key = (String)iter.next();
- String predicate = (String)oaConf.getHeaderAuthMapping().get(key);
- resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- }
-
- }
- return result;
- }
-
- public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
- {
- Map result = new HashMap();
- if(oaConf.getAuthType().equals("param"))
- {
- String key;
- String resolvedValue;
- for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
- {
- key = (String)iter.next();
- String predicate = (String)oaConf.getParamAuthMapping().get(key);
- resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- }
-
- }
- return result;
- }
-
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress)
- {
- if(predicate.equals(MOAGivenName))
- return authData.getGivenName();
- if(predicate.equals(MOAFamilyName))
- return authData.getFamilyName();
- if(predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
- if(predicate.equals(MOABPK))
- return authData.getBPK();
- if(predicate.equals(MOAWBPK))
- return authData.getWBPK();
- if(predicate.equals(MOAPublicAuthority))
- if(authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if(predicate.equals(MOABKZ))
- return authData.getPublicAuthorityCode();
- if(predicate.equals(MOAQualifiedCertificate))
- if(authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if(predicate.equals(MOAStammzahl))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if(predicate.equals(MOAIPAddress))
- return clientIPAddress;
- else
- return null;
- }
-
- private Document readXMLFile(String fileName) throws LoginParameterResolverException
- {
- Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName);
- DOMParser parser = new DOMParser();
- try
- {
- parser.setFeature("http://xml.org/sax/features/validation", true);
- parser.setFeature("http://apache.org/xml/features/validation/schema", true);
- parser.parse(fileName);
- return parser.getDocument();
- }
- catch(Exception e)
- {
- String msg = e.toString();
- throw new LoginParameterResolverException("proxy.13", new Object[] {"<noURL>: XMLLoginParameterResolverPlainData: Error parsing file " + fileName, "detail problem: " + msg});
- }
- }
-
- private void buildInfo(Document doc, boolean businessService)
- {
- Element root = doc.getDocumentElement();
- NodeList idList = root.getElementsByTagName("Identity");
- NodeList paramList = root.getElementsByTagName("Parameters");
- String wType ="";
- if (businessService) wType = "w";
- for(int i = 0; i < idList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName());
-
- for(int i = 0; i < paramList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName());
-
- for(int i = 0; i < idList.getLength(); i++)
- {
- Element tmpElem = (Element)idList.item(i);
- NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity");
- for(int j = 0; j < tmpList.getLength(); j++)
- Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName());
-
- if(1 == tmpList.getLength())
- {
- tmpElem = (Element)tmpList.item(0);
- String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName") + "," + tmpElem.getAttribute("BirthDate");
- boolean tmpBool = false;
- if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element)paramList.item(i);
- Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW"));
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
- } else
- {
- tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity");
- if(1 == tmpList.getLength())
- {
- tmpElem = (Element)tmpList.item(0);
- String tmpStr = tmpElem.getAttribute(wType + "bPK");
- boolean tmpBool = false;
- if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element)paramList.item(i);
- Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1"));
- bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
- } else
- {
- Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found");
- }
- }
- }
-
- Logger.debug("namedMap:" + namedMap.toString());
- Logger.debug(wType + "bPKMap:" + bPKMap.toString());
- }
-
- //public static final String XSD_DOCELEM = "MOAIdentities";
- //public static final String XSD_IDELEM = "Identity";
- //public static final String XSD_NAMEDIDELEM = "NamedIdentity";
- //public static final String XSD_BPKIDELEM = "bPKIdentity";
- //public static final String XSD_PARAMELEM = "Parameters";
- //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration";
- private Map bPKMap;
- private Map namedMap;
-
-
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
- Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration);
- this.configuration = configuration;
- String fileName = configuration;
- if(fileName == null) {
- fileName = "file:conf/moa-id/Identities.xml";
- Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName);
- }
- Document doc = readXMLFile(fileName);
- buildInfo(doc, businessService.booleanValue() );
- }
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
deleted file mode 100644
index e0e1fde4a..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
+++ /dev/null
@@ -1,55 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.builder;
-
-import java.text.MessageFormat;
-import java.util.Calendar;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-
-/**
- * Builder for the <code>&lt;samlp:Request&gt;</code> used for querying
- * the authentication data <code>&lt;saml:Assertion&gt;</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLRequestBuilder implements Constants {
- /** samlp-Request template */
- private static final String REQUEST =
- "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"{0}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{1}\">" +
- "<samlp:AssertionArtifact>{2}</samlp:AssertionArtifact>" +
- "</samlp:Request>";
-
- /**
- * Constructor for SAMLRequestBuilder.
- */
- public SAMLRequestBuilder() {
- super();
- }
-
- /**
- * Builds the <code>&lt;samlp:Request&gt;</code>.
- * @param requestID request ID
- * @param samlArtifactBase64 SAML artifact, encoded BASE64
- * @return the DOM element
- */
- public Element build(String requestID, String samlArtifactBase64) throws BuildException {
- try {
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
- String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
- Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return requestElem;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"samlp:Request", ex.toString()},
- ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
deleted file mode 100644
index f7e5299ab..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ /dev/null
@@ -1,143 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.invoke;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
-
-import org.apache.axis.message.SOAPBodyElement;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.SAMLStatus;
-import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
-import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
-import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
-import at.gv.egovernment.moa.id.util.Random;
-
-/**
- * Invoker of
- * <ul>
- * <li>either the GetAuthenticationData web service of MOA-ID Auth</li>
- * <li>or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},</li>
- * </ul>
- * depending of the configuration.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class GetAuthenticationDataInvoker {
- /** Create a new QName object for the webservice endpoint */
- private static final QName SERVICE_QNAME = new QName("GetAuthenticationData");
-
- /** invoked object for API call of MOA-ID Auth */
- private static Object apiServer = null;
- /** invoked method for API call of MOA-ID Auth */
- private static Method apiMethod = null;
-
- /**
- * Invokes the service passing domain model objects.
- * @param samlArtifact SAML artifact
- * @return AuthenticationData object
- * @throws ServiceException on any exception thrown
- */
- /**
- * Get authentication data from the MOA-ID Auth component,
- * either via API call or via web service call.
- * @param samlArtifact SAML artifact to be used as a parameter
- * @return AuthenticationData
- */
- public AuthenticationData getAuthenticationData(String samlArtifact)
- throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
-
- ConnectionParameter authConnParam =
- ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
- if (authConnParam == null) {
- try {
- if (apiServer == null) {
- Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
- Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
- apiServer = getInstanceMethod.invoke(null, (Object[]) null);
- apiMethod = serverClass.getMethod(
- "getAuthenticationData", new Class[] {String.class});
- }
- AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
- return authData;
- }
- catch (InvocationTargetException ex) {
- Throwable targetEx = ex.getTargetException();
- if (targetEx instanceof AuthenticationException)
- throw (AuthenticationException) targetEx;
- else
- throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
- }
- catch (Throwable ex) {
- throw new ProxyException("proxy.09", new Object[] {ex.toString()});
- }
- }
- else {
- Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact);
- Element samlpResponse = getAuthenticationData(samlpRequest);
- SAMLResponseParser srp = new SAMLResponseParser(samlpResponse);
- SAMLStatus status = srp.parseStatusCode();
- if (! "samlp:Success".equals(status.getStatusCode())) {
- // on error status throw exception
- String code = status.getStatusCode();
- if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
- code += "(" + status.getSubStatusCode() + ")";
- throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
- }
- return srp.parseAuthenticationData();
- }
- }
-
- /**
- * Invokes the service passing DOM elements.
- * @param request request DOM element
- * @return response DOM element
- * @throws ServiceException on any exception thrown
- */
- public Element getAuthenticationData(Element request) throws ServiceException {
- try {
- Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME);
- Call call = service.createCall();
- SOAPBodyElement body =
- new SOAPBodyElement(request);
- SOAPBodyElement[] params = new SOAPBodyElement[] {body};
- Vector responses;
- SOAPBodyElement response;
-
- String endPoint;
- ConnectionParameter authConnParam =
- ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
-
- //If the ConnectionParameter do NOT exist, we throw an exception ....
- if (authConnParam!=null) {
- endPoint = authConnParam.getUrl();
- call.setTargetEndpointAddress(endPoint);
- responses = (Vector) call.invoke(SERVICE_QNAME, params);
- response = (SOAPBodyElement) responses.get(0);
- return response.getAsDOM();
- }
- else
- {
- throw new ServiceException("service.01", null);
- }
- }
- catch (Exception ex) {
- throw new ServiceException("service.00", new Object[] {ex.toString()}, ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
deleted file mode 100644
index 6bf5da02b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ /dev/null
@@ -1,158 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.parser;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parser for the <code>&lt;saml:Assertion&gt;</code> returned by the
- * <code>GetAuthenticationData</code> web service.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationDataAssertionParser implements Constants {
-
- /** Prefix for SAML-Xpath-expressions */
- private static String SAML = SAML_PREFIX + ":";
- /** Prefix for PersonData-Xpath-expressions */
- private static String PR = PD_PREFIX + ":";
- /** Prefix for Attribute MajorVersion in an Xpath-expression */
- private static String MAJOR_VERSION_XPATH =
- "@MajorVersion";
- /** Prefix for Attribute MinorVersion in an Xpath-expression */
- private static String MINOR_VERSION_XPATH =
- "@MinorVersion";
- /** Prefix for Attribute AssertionID in an Xpath-expression */
- private static String ASSERTION_ID_XPATH =
- "@AssertionID";
- /** Prefix for Attribute Issuer in an Xpath-expression */
- private static String ISSUER_XPATH =
- "@Issuer";
- /** Prefix for Attribute IssueInstant in an Xpath-expression */
- private static String ISSUE_INSTANT_XPATH =
- "@IssueInstant";
- /** Prefix for Element AttributeStatement in an Xpath-expression */
- private static String ATTRIBUTESTATEMENT_XPATH =
- SAML + "AttributeStatement/";
- /** Prefix for Element NameIdentifier in an Xpath-expression */
- private static String PK_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Subject/" +
- SAML + "NameIdentifier";
- private static String NAME_QUALIFIER_XPATH =
- PK_XPATH + "/@NameQualifier";
- /** Prefix for Element Person in an Xpath-expression */
- private static String PERSONDATA_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"PersonData\"]/" +
- SAML + "AttributeValue/" +
- PR + "Person/";
- /** Prefix for Element Value in an Xpath-expression */
- private static String IDENTIFICATION_VALUE_XPATH =
- PERSONDATA_XPATH +
- PR + "Identification/" +
- PR + "Value";
- private static String IDENTIFICATION_TYPE_XPATH =
- PERSONDATA_XPATH +
- PR + "Identification/" +
- PR + "Type";
- /** Prefix for Element GivenName in an Xpath-expression */
- private static String GIVEN_NAME_XPATH =
- PERSONDATA_XPATH +
- PR + "Name/" +
- PR + "GivenName";
- /** Prefix for Element FamilyName in an Xpath-expression */
- private static String FAMILY_NAME_XPATH =
- PERSONDATA_XPATH +
- PR + "Name/" +
- PR + "FamilyName";
- /** Prefix for Element DateOfBirth in an Xpath-expression */
- private static String DATE_OF_BIRTH_XPATH =
- PERSONDATA_XPATH +
- PR + "DateOfBirth";
- /** Prefix for Element AttributeValue in an Xpath-expression */
- private static String IS_QUALIFIED_CERT_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" +
- SAML + "AttributeValue";
- /** Prefix for Element AttributeValue in an Xpath-expression */
- private static String PUBLIC_AUTHORITY_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" +
- SAML + "AttributeValue";
- /** Element samlAssertion represents the SAML:Assertion */
- private Element samlAssertion;
-
- /**
- * Constructor
- * @param samlAssertion samlpResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
- */
- public AuthenticationDataAssertionParser(Element samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Parses the <code>&lt;saml:Assertion&gt;</code>.
- * @return <code>AuthenticationData</code> object
- * @throws ParseException on any error
- */
- public AuthenticationData parseAuthenticationData()
- throws ParseException {
-
- try {
- AuthenticationData authData = new AuthenticationData();
- //ÄNDERN: NUR der Identification-Teil
- authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
- authData.setMajorVersion(new Integer(
- XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue());
- authData.setMinorVersion(new Integer(
- XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue());
- authData.setAssertionID(
- XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, ""));
- authData.setIssuer(
- XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
- authData.setIssueInstant(
- XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
- String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
- if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
- authData.setBPK(pkValue);
- } else {
- authData.setWBPK(pkValue);
- }
- authData.setIdentificationValue(
- XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
- authData.setIdentificationType(
- XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
- authData.setGivenName(
- XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
- authData.setFamilyName(
- XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, ""));
- authData.setDateOfBirth(
- XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, ""));
- authData.setQualifiedCertificate(BoolUtils.valueOf(
- XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, "")));
- String publicAuthority =
- XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null);
- if (publicAuthority == null) {
- authData.setPublicAuthority(false);
- authData.setPublicAuthorityCode("");
- }
- else {
- authData.setPublicAuthority(true);
- if (! publicAuthority.equalsIgnoreCase("true"))
- authData.setPublicAuthorityCode(publicAuthority);
- }
- return authData;
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
deleted file mode 100644
index 9f77578fd..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.parser;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.SAMLStatus;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parser for the <code>&lt;samlp:Response&gt;</code> returned by the
- * <code>GetAuthenticationData</code> web service.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLResponseParser implements Constants {
- /** Element containing the samlResponse */
- private Element samlResponse;
- /** Xpath prefix for reaching SAMLP Namespaces */
- private static String SAMLP = SAMLP_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static String SAML = SAML_PREFIX + ":";
- /** Xpath prefix for reaching PersonData Namespaces */
- private static String PR = PD_PREFIX + ":";
- /** Xpath expression for reaching the SAMLP:Response element */
- private static final String ROOT =
- "/" + SAMLP + "Response/";
- /** Xpath expression for reaching the SAMLP:Status element */
- private static final String STATUS_XPATH =
- ROOT +
- SAMLP + "Status/";
- /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */
- private static final String STATUSCODE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusCode/@Value";
- /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */
- private static final String SUBSTATUSCODE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusCode/" +
- SAMLP + "StatusCode/@Value";
- /** Xpath expression for reaching the SAMLP:StatusMessage element */
- private static final String STATUSMESSAGE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusMessage";
- /** Xpath expression for reaching the SAML:Assertion element */
- private static String ASSERTION_XPATH =
- ROOT +
- SAML + "Assertion";
-
- /**
- * Constructor
- * @param samlResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
- */
- public SAMLResponseParser(Element samlResponse) {
- this.samlResponse = samlResponse;
- }
-
- /**
- * Parses the <code>&lt;samlp:StatusCode&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
- * @return <code>AuthenticationData</code> object
- * @throws ParseException on any parsing error
- */
- public SAMLStatus parseStatusCode()
- throws ParseException {
-
- SAMLStatus status = new SAMLStatus();
- try {
- status.setStatusCode(
- XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, ""));
- status.setSubStatusCode(
- XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, ""));
- status.setStatusMessage(
- XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, ""));
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- return status;
- }
-
- /**
- * Parses the <code>&lt;saml:Assertion&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
- * @return <code>AuthenticationData</code> object
- * @throws ParseException on any parsing error
- */
- public AuthenticationData parseAuthenticationData()
- throws ParseException {
-
- Element samlAssertion;
- try {
- samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
deleted file mode 100644
index 4ab2e2cf7..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
- /**
- * Handle a HTTP GET request, used to indicated that the MOA
- * configuration needs to be updated (reloaded).
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
- MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
- try {
- MOAIDProxyInitializer.initialize();
-
- String message = msg.getMessage("config.00", new Object[]
- { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
- Logger.info(message);
-
- HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response);
- } catch (Throwable t) {
- String errorMessage = msg.getMessage("config.04", null);
- Logger.error(errorMessage, t);
- HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response);
- }
- }
-
- /**
- * Do the same as <code>doGet</code>.
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
-
-/**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
-public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
-}
-
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
deleted file mode 100644
index 0080c010e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ProxyException extends MOAIDException {
-
- /**
- * Constructor for ProxyException.
- * @param messageId
- * @param parameters
- */
- public ProxyException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ProxyException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ProxyException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
deleted file mode 100644
index 6d215c35e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ /dev/null
@@ -1,879 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.CookieManager;
-import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
-import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
-import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
-import at.gv.egovernment.moa.id.proxy.NotAllowedException;
-import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-
-/**
- * Servlet requested for logging in at an online application,
- * and then for proxying requests to the online application.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ProxyServlet extends HttpServlet {
- /** Name of the Parameter for the Target */
- private static final String PARAM_TARGET = "Target";
- /** Name of the Parameter for the SAMLArtifact */
- private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
-
- /** Name of the Attribute for marking the session as authenticated*/
- private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
- /** Name of the Attribute for the PublicURLPrefix */
- private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix";
- /** Name of the Attribute for the RealURLPrefix */
- private static final String ATT_REAL_URLPREFIX = "RealURLPrefix";
- /** Name of the Attribute for the SSLSocketFactory */
- private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory";
- /** Name of the Attribute for the LoginHeaders */
- private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
- /** Name of the Attribute for the LoginParameters */
- private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
- /** Name of the Attribute for the SAMLARTIFACT */
- private static final String ATT_SAML_ARTIFACT = "SamlArtifact";
- /** Name of the Attribute for the state of the browser request for login dialog*/
- private static final String ATT_BROWSERREQU = "BrowserLoginRequest";
- /** Name of the Attribute for the state of the browser request for login dialog*/
- private static final String ATT_OA_CONF = "oaConf";
- /** Name of the Attribute for the Logintype of the OnlineApplication*/
- private static final String ATT_OA_LOGINTYPE = "LoginType";
- /** Name of the Attribute for the number of the try to login into the OnlineApplication*/
- private static final String ATT_OA_LOGINTRY = "LoginTry";
- /** Maximum permitted login tries */
- private static final int MAX_OA_LOGINTRY = 3;
- /** Name of the Attribute for authorization value for further connections*/
- private static final String ATT_OA_AUTHORIZATION_HEADER = "authorizationkey";
- /** Name of the Attribute for user binding */
- private static final String ATT_OA_USER_BINDING = "UserBinding";
- /** For extended internal debug messages */
- private static final boolean INTERNAL_DEBUG = false;
- /** Message to be given if browser login failed */
- private static final String RET_401_MSG = "<html><head><title>Ein Fehler ist aufgetreten</title></head><body><h1>Fehler bei der Anmeldung</h1><p>Bei der Anmeldung ist ein Fehler aufgetreten.</p><p>Fehler bei der Anmeldung. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.<br><b>Abbruch durch den Benutzer.</b><br></p></body></html>";
-
- /**
- * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
- */
- protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-
- Logger.debug("getRequestURL:" + req.getRequestURL().toString());
- try {
- if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
- // check if SAML Artifact was already used in this session (in case of page reload)
- HttpSession session = req.getSession();
- if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
- if (session.getAttribute(ATT_BROWSERREQU)==null) {
- tunnelRequest(req, resp);
- }else{
- login(req, resp); //login after browser login dialog
- }
- } else
- // it is the first time that the SAML Artifact was used
- login(req, resp);
- }
- else
- tunnelRequest(req, resp);
- }
- catch (MOAIDException ex) {
- handleError(ex.getMessage(), ex, req, resp);
- }
- catch (Throwable ex) {
- handleError(ex.getMessage(), ex, req, resp);
- }
- }
-
- /**
- * Login to online application at first call of servlet for a user session.<br/>
- * <ul>
- * <li>Acquires authentication data from the MOA-ID Auth component.</li>
- * <li>Reads configuration data for the online application.</li>
- * <li>Resolves login parameters.</li>
- * <li>Sets up an SSLSocketFactory in case of a secure connection to the online application.</li>
- * <li>For a stateless online application, stores data in the HttpSession.</li>
- * <li>Tunnels the request to the online application.</li>
- * </ul>
- * @param req
- * @param resp
- * @throws ConfigurationException when wrong configuration is encountered
- * @throws ProxyException when wrong configuration is encountered
- * @throws BuildException while building the request for MOA-ID Auth
- * @throws ServiceException while invoking MOA-ID Auth
- * @throws ParseException while parsing the response from MOA-ID Auth
- */
- private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
-
- HttpSession session = req.getSession();
- String samlArtifact = "";
- Map loginHeaders = null;
- Map loginParameters = null;
- String publicURLPrefix = "";
- String realURLPrefix = "";
- SSLSocketFactory ssf = null;
- String urlRequested = req.getRequestURL().toString();
- OAConfiguration oaConf = null;
- String loginType = "";
- String binding = "";
-
- if (session.getAttribute(ATT_BROWSERREQU)==null) {
-
- samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
- Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
- // String target = req.getParameter(PARAM_TARGET); parameter given but not processed
- // boolean targetprovided = req.getParameter(PARAM_TARGET) != null;
-
- // get authentication data from the MOA-ID Auth component
- AuthenticationData authData;
- try {
- authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
- } catch (ServiceException ex) {
- throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
- } catch (ProxyException ex) {
- throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
- }
- session.setAttribute(ATT_AUTHDATAFETCHED, "true");
-
- // read configuration data
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
- if (oaParam == null) {
- throw new ProxyException("proxy.02", new Object[] { urlRequested });
- }
- publicURLPrefix = oaParam.getPublicURLPrefix();
- Logger.debug("OA: " + publicURLPrefix);
- oaConf = oaParam.getOaConfiguration();
- ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- realURLPrefix = oaConnParam.getUrl();
-
- // resolve login parameters to be forwarded to online application
- LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
- String clientIPAddress = req.getRemoteAddr();
- boolean businessService = oaParam.getBusinessService();
- try {
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
- loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService, publicURLPrefix);
- } else {
- loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService, publicURLPrefix);
- for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
- //extract user-defined bindingValue
- String headerKey = (String) iter.next();
- String headerKeyValue = (String) loginHeaders.get(headerKey);
- if (headerKey.equalsIgnoreCase("binding")) {
- binding = (String) loginHeaders.get(headerKey);
- }
- for (int i = 1; i <= 3; i++) {
- if (headerKey.equalsIgnoreCase("param" + i)) {
- int sep = headerKeyValue.indexOf("=");
- if (sep>-1) {
- if (sep>0) {
- String value = "";
- if (headerKeyValue.length()>sep+1) value = headerKeyValue.substring(sep+1);
- if (loginParameters == null) loginParameters = new HashMap();
- loginParameters.put(headerKeyValue.substring(0,sep) , value);
- }
- } else {
- loginParameters.put(headerKey, "");
- }
- }
- }
- }
- loginHeaders.remove("binding");
- loginHeaders.remove("param1");
- loginHeaders.remove("param2");
- loginHeaders.remove("param3");
- }
- } catch (LoginParameterResolverException ex) {
- throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
- } catch (NotAllowedException e) {
- throw new ProxyException("proxy.15", new Object[] { });
- }
-
- // setup SSLSocketFactory for communication with the online application
- if (oaConnParam.isHTTPSURL()) {
- try {
- ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
- } catch (Throwable ex) {
- throw new ProxyException(
- "proxy.05",
- new Object[] { oaConnParam.getUrl(), ex.toString()},
- ex);
- }
- }
-
- // for stateless online application, store data in HttpSession
- loginType = oaConf.getLoginType();
- if ("".equalsIgnoreCase(binding)) {
- binding = oaConf.getBinding();
- if ("".equalsIgnoreCase(binding)) binding = "full";
- }
- Logger.debug("Login type: " + loginType);
- if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) {
- int sessionTimeOut = oaParam.getSessionTimeOut();
- if (sessionTimeOut == 0)
- sessionTimeOut = 60 * 60; // default 1 h
-
- session.setMaxInactiveInterval(sessionTimeOut);
- session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix);
- session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix);
- session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf);
- session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders);
- session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters);
- session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact);
- session.setAttribute(ATT_OA_CONF, oaConf);
- session.setAttribute(ATT_OA_LOGINTYPE, loginType);
- session.setAttribute(ATT_OA_USER_BINDING, binding);
- session.removeAttribute(ATT_BROWSERREQU);
- session.removeAttribute(ATT_OA_AUTHORIZATION_HEADER);
- session.removeAttribute(ATT_OA_LOGINTRY);
- Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " angelegt");
- }
-
- } else {
- loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
- publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
- realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
- ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
- loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
- loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS);
- samlArtifact = (String) session.getAttribute(ATT_SAML_ARTIFACT);
- oaConf = (OAConfiguration) session.getAttribute(ATT_OA_CONF);
- loginType = (String) session.getAttribute(ATT_OA_LOGINTYPE);
- binding = (String) session.getAttribute(ATT_OA_USER_BINDING);
- session.removeAttribute(ATT_BROWSERREQU);
- Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " aufgenommen");
- }
-
- try {
- int respcode = 0;
-
- // tunnel request to the online application
- respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding);
- if (respcode == 401) {
- if (OAConfiguration.BINDUNG_FULL.equals(binding) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) {
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
- }
- }
- } catch (ProxyException ex) {
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
- } catch (Throwable ex) {
- throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex);
- }
- }
-
- /**
- * Tunnels a request to the stateless online application using data stored in the HTTP session.
- * @param req HTTP request
- * @param resp HTTP response
- * @throws IOException if an I/O error occurs
- */
- private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException {
-
- //Logger.debug("Tunnel request (stateless)");
- HttpSession session = req.getSession(false);
-
- if (session == null)
- throw new ProxyException("proxy.07", null);
- String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
- //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method)
- //additional check if publicURLPrefix is OK, if not throw an Exception
- if (publicURLPrefix == null)
- throw new ProxyException("proxy.07", null);
-
- String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
- SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
- Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
- Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS);
- String binding = (String) session.getAttribute(ATT_OA_USER_BINDING);
- if (publicURLPrefix == null || realURLPrefix == null)
- throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()});
-
- int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding);
- if (respcode == -401) // #tries to login exceeded
- throw new ProxyException("proxy.16", new Object[] {realURLPrefix, Integer.toString(MAX_OA_LOGINTRY)});
- }
-
-/**
- * Tunnels a request to the online application using given URL mapping and SSLSocketFactory.
- * This method returns the ResponseCode of the request to the online application.
- * @param req HTTP request
- * @param resp HTTP response
- * @param loginHeaders header field/values to be inserted for purposes of authentication;
- * may be <code>null</code>
- * @param loginParameters parameter name/values to be inserted for purposes of authentication;
- * may be <code>null</code>
- * @param publicURLPrefix prefix of request URL to be substituted for the <code>realURLPrefix</code>
- * @param realURLPrefix prefix of online application URL to substitute the <code>publicURLPrefix</code>
- * @param ssf SSLSocketFactory to use
- * @throws IOException if an I/O error occurs
- */
-private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf, String binding)
- throws IOException {
-
- String originBinding = binding;
- String browserUserID = "";
- String browserPassword = "";
- //URL url = new URL(realURLPrefix);
- //String realURLHost = url.getHost();
- if (INTERNAL_DEBUG && !binding.equals("")) Logger.debug("Binding: " + binding);
-
- // collect headers from request
- Map headers = new HashMap();
- for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) {
- String headerKey = (String) enu.nextElement();
- String headerKeyValue = req.getHeader(headerKey);
- if (INTERNAL_DEBUG) Logger.debug("Incoming:" + headerKey + "=" + headerKeyValue);
- //Analyze Basic-Auth-Headers from the client
- if (headerKey.equalsIgnoreCase("Authorization")) {
- if (headerKeyValue.substring(0,6).equalsIgnoreCase("Basic ")) {
- String credentials = headerKeyValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils. decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- browserUserID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
- browserPassword = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- //deactivate following line for security
- //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword );
- }
- if (headerKeyValue.substring(0,9).equalsIgnoreCase("Negotiate")) {
- //deactivate following line for security
- //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: Found NTLM Aut.: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword );
- }
- }
- else
- {
- /* Headers MUST NOT be repaced according to our Spec.
- if (headerKey.equalsIgnoreCase("Host")) {
- headerKeyValue = realURLHost;
- //headerKeyValue= realURLPrefix.substring(hoststartpos);
- if (INTERNAL_DEBUG) Logger.debug("replaced:" + headerKey + "=" + headerKeyValue);
- }
- */
- headers.put(headerKey, headerKeyValue);
- }
- }
-
-
- // collect login headers, possibly overwriting headers from request
- String authorizationvalue="";
- if (req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) {
-
- if (OAConfiguration.BINDUNG_NOMATCH.equals(binding)) {
- int loginTry = getLoginTry(req);
- Logger.debug("Binding: mode = " + OAConfiguration.BINDUNG_NOMATCH + "(try #" + Integer.toString(loginTry) + ")");
- if (loginTry==1) {
- binding = OAConfiguration.BINDUNG_FULL;
- } else {
- binding = OAConfiguration.BINDUNG_USERNAME;
- }
- }
-
- /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können:
- //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first
- // full binding will be covered by next block
- if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) {
- //1st try: if we have a password, try this one first
- for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerKeyValue = (String) loginHeaders.get(headerKey);
- if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) {
- String credentials = headerKeyValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils.decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- if (password!=null && !password.equals("")) {
- Logger.debug("Binding: found predefined password. Trying full binding first");
- binding = OAConfiguration.BINDUNG_FULL;
- break;
- }
- }
- }
- }
- */
-
-
-
- //we have a connection with not having logged on
- if (loginHeaders != null && (browserPassword.length()!=0 || browserUserID.length()!=0 || OAConfiguration.BINDUNG_FULL.equals(binding))) {
- for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerKeyValue = (String) loginHeaders.get(headerKey);
- //customize loginheaders if necessary
- if (isBasicAuthenticationHeader(headerKey, headerKeyValue))
- {
- if (OAConfiguration.BINDUNG_FULL.equals(binding)) {
- authorizationvalue = headerKeyValue;
- Logger.debug("Binding: full binding to user established");
- } else {
- String credentials = headerKeyValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils.decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- String userID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
- String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- String userIDPassword = ":";
- if (OAConfiguration.BINDUNG_USERNAME.equals(binding)) {
- Logger.debug("Binding: Access with necessary binding to user");
- userIDPassword = userID + ":" + browserPassword;
- } else if (OAConfiguration.BINDUNG_NONE.equals(binding)) {
- Logger.debug("Binding: Access without binding to user");
- //If first time
- if (browserUserID.length()==0) browserUserID = userID;
- if (browserPassword.length()==0) browserPassword = password;
- userIDPassword = browserUserID + ":" + browserPassword;
- } else {
- userIDPassword = userID + ":" + password;
- }
- credentials = Base64Utils.encode(userIDPassword.getBytes());
- authorizationvalue = "Basic " + credentials;
- headerKeyValue = authorizationvalue;
- }
- }
- headers.put(headerKey, headerKeyValue);
- }
- }
- }else{
- //if OA needs Authorization header in each further request
- authorizationvalue = (String) req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER);
- if (loginHeaders != null) headers.put("Authorization", authorizationvalue);
- }
-
-
- Vector parameters = new Vector();
-
- for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
- String paramName = (String) enu.nextElement();
- if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
- if (INTERNAL_DEBUG) Logger.debug("Req Parameter-put: " + paramName + ":" + req.getParameter(paramName));
- String parameter[] = new String[2];
- parameter[0]= paramName;
- parameter[1]= req.getParameter(paramName);
- parameters.add(parameter);
- }
- }
- // collect login parameters, possibly overwriting parameters from request
- if (loginParameters != null) {
- for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) {
- String paramName = (String) iter.next();
- if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
- if (INTERNAL_DEBUG) Logger.debug("Req Login-Parameter-put: " + paramName + ":" + loginParameters.get(paramName));
- String parameter[] = new String[2];
- parameter[0]= paramName;
- parameter[1]= (String) loginParameters.get(paramName);
- parameters.add(parameter);
- }
- }
- }
-
- ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix);
- HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters);
-
- // set headers as request properties of URLConnection
- for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerValue = (String) headers.get(headerKey);
- String LogStr = "Req header " + headerKey + ": " + headers.get(headerKey);
- if (isBasicAuthenticationHeader(headerKey, headerValue)) {
- String credentials = headerValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils. decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- String uid = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
- String pwd = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- //Sollte AuthorizationInfo vom HTTPClient benutzt werden: cb.addBasicAuthorization(publicURLPrefix, uid, pwd);
- //deactivate following line for security
- //if (INTERNAL_DEBUG && Logger.isDebugEnabled()) LogStr = LogStr + " >UserID:Password< >" + uid + ":" + pwd + "<";
- }
- conn.setRequestProperty(headerKey, headerValue);
- if (INTERNAL_DEBUG) Logger.debug(LogStr);
- }
-
- StringWriter sb = new StringWriter();
-
- // Write out parameters into output stream of URLConnection.
- // On GET request, do not send parameters in any case,
- // otherwise HttpURLConnection would send a POST.
- if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) {
- boolean firstParam = true;
- String parameter[] = new String[2];
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
- String paramName = parameter[0];
- String paramValue = parameter[1];
- if (firstParam)
- firstParam = false;
- else
- sb.write("&");
- sb.write(paramName);
- sb.write("=");
- sb.write(paramValue);
- if (INTERNAL_DEBUG) Logger.debug("Req param " + paramName + ": " + paramValue);
- }
- }
-
- // For WebDAV and POST: copy content
- if (!"get".equalsIgnoreCase(req.getMethod())) {
- if (INTERNAL_DEBUG && !"post".equalsIgnoreCase(req.getMethod())) Logger.debug("---- WEBDAV ---- copying content");
- try {
- OutputStream out = conn.getOutputStream();
- InputStream in = req.getInputStream();
- if (!parameters.isEmpty()) out.write(sb.toString().getBytes()); //Parameter nicht mehr mittels Printwriter schreiben
- copyStream(in, out, null, req.getMethod());
- out.flush();
- out.close();
- } catch (IOException e) {
- if (!"post".equalsIgnoreCase(req.getMethod()))
- Logger.debug("---- WEBDAV ---- streamcopy problem");
- else
- Logger.debug("---- POST ---- streamcopy problem");
- }
- }
-
- // connect
- if (INTERNAL_DEBUG) Logger.debug("Connect Request");
- conn.connect();
- if (INTERNAL_DEBUG) Logger.debug("Connect Response");
-
- // check login tries
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
- int loginTry = getLoginTry(req);
- req.getSession().setAttribute(ATT_OA_LOGINTRY, Integer.toString(loginTry));
- if (loginTry > MAX_OA_LOGINTRY) {
- Logger.debug("Found 401 UNAUTHORIZED, maximum tries exceeded; leaving...");
- cb.disconnect(conn);
- return -401;
- }
- }
-
-
-
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED && OAConfiguration.BINDUNG_FULL.equals(originBinding)) {
- Logger.debug("Found 401 UNAUTHORIZED, leaving...");
- cb.disconnect(conn);
- return conn.getResponseCode();
- }
-
-
- resp.setStatus(conn.getResponseCode());
- resp.setContentType(conn.getContentType());
-
- if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) {
- req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue);
- Logger.debug("Login OK. Saving authorization header to remember in further requests");
- }
-
- // Read response headers
- // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set.
- // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests.
- // See JavaDoc of javax.servlet.http.HttpServlet:
- // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
- Vector respHeaders = new Vector();
-
- boolean chunked = false;
- String contentLengthKey = null;
- String transferEncodingKey = null;
- int i = 1;
- String headerKey;
- String loginType = (String) req.getSession().getAttribute(ATT_OA_LOGINTYPE);
- while ((headerKey = conn.getHeaderFieldKey(i)) != null) {
- String headerValue = conn.getHeaderField(i);
- // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen)
- if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) {
- headerValue = "Basic realm=\"" + publicURLPrefix + "\"";
- if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) {
- headerValue = "Basic realm=\"Bitte Passwort eingeben\"";
- } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) {
- headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\"";
- }
- }
- String respHeader[] = new String[2];
- if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) {
- //alter the unauthorized message with template for login
- //TODO: supply a special login form on unauthorized messages with bindings!=full
- headerValue = Integer.toString(RET_401_MSG.length());
- }
- respHeader[0]= headerKey;
- respHeader[1]= headerValue;
-
- if (!(OAConfiguration.BINDUNG_FULL.equals(originBinding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) {
- respHeaders.add(respHeader);
- if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue);
- } else {
- Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue);
- }
- if (isTransferEncodingChunkedHeader(headerKey, headerValue)) {
- chunked = true;
- transferEncodingKey = headerKey;
- }
- if ("content-length".equalsIgnoreCase(headerKey))
- contentLengthKey = headerKey;
- i++;
- }
- if (chunked && contentLengthKey != null) {
- respHeaders.remove(transferEncodingKey);
- Logger.debug("Resp header " + transferEncodingKey + " REMOVED");
- }
-
- String headerValue;
- String respHeader[] = new String[2];
-
- //write out all Responseheaders
- for (Iterator iter = respHeaders.iterator(); iter.hasNext();) {
- respHeader = (String[]) iter.next();
- headerKey = respHeader[0];
- headerValue = respHeader[1];
- resp.addHeader(headerKey, headerValue);
- }
-
- //Logger.debug(">>>> Copy Content");
- //Logger.debug(" from ()" + conn.getURL());
- //Logger.debug(" to (" + req.getRemoteAddr() + ":"+ ") " +req.getRequestURL());
-
- // read response stream
- Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode());
- // Load content unless the server lets us know that the content is NOT MODIFIED...
- if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED ) {
- BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream());
- //Logger.debug("Got Inputstream");
- BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream());
- //Logger.debug("Got Outputstream");
-
- byte [] buffer = new byte[4096];
- if (respOut != null) {
- int bytesRead;
- while ((bytesRead = respIn.read(buffer)) >= 0) {
- if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(buffer, 0, bytesRead);
- }
- } else {
- while (respIn.read(buffer) >= 0);
- }
-
-
- /*
- int ch;
- StringBuffer strBuf = new StringBuffer("");
- while ((ch = respIn.read()) >= 0) {
- if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(ch);
- strBuf.append((char)ch);
- }
- Logger.debug("Resp Content:");
- if (strBuf.toString().length()>500)
- Logger.debug(strBuf.toString().substring(0,500));
- else
- Logger.debug(strBuf.toString());
- */
-
-
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
- respOut.write(RET_401_MSG.getBytes());
- }
- respOut.flush();
- respOut.close();
- respIn.close();
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
- Logger.debug("Found 401 UNAUTHORIZED...");
- cb.disconnect(conn);
- return conn.getResponseCode();
- }
- } else {
- //if (conn.getResponseCode()==HttpURLConnection.HTTP_NOT_MODIFIED)
- Logger.debug("Found 304 NOT MODIFIED...");
- }
-
- cb.disconnect(conn);
- Logger.debug("Request done");
-
- return conn.getResponseCode();
-}
-
-/**
- * Gets the current amount of the login try at the online application
- *
- * @param req the HttpServletRequest
- * @return the number off the current login try
- */
-private int getLoginTry(HttpServletRequest req) {
- String oa_loginTry = (String) req.getSession().getAttribute(ATT_OA_LOGINTRY);
- int loginTry = 1;
- if (oa_loginTry!=null) loginTry = Integer.parseInt(oa_loginTry)+1;
- return loginTry;
-}
-/**
- * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..."
- *
- * @param headerKey header name
- * @param headerValue header value
- * @return true for a basic authentication header
- */
-private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) {
- if (!"authorization".equalsIgnoreCase(headerKey))
- return false;
- if (headerValue.length() < "basic".length())
- return false;
- String authenticationSchema = headerValue.substring(0, "basic".length());
- return "basic".equalsIgnoreCase(authenticationSchema);
-}
-/**
- * Determines whether a basic authentication header of the kind "Authorization: Basic ..."
- * is included in a HTTP request
- * @param req HTTP request
- * @return true for a basic authentication header provided
- */
-private boolean isBasicAuthenticationHeaderProvided(HttpServletRequest req) {
- for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) {
- String headerKey = (String) enu.nextElement();
- String headerValue = req.getHeader(headerKey);
- if (isBasicAuthenticationHeader(headerKey, headerValue))
- return true;
- }
- return false;
-}
-/**
- * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked"
- *
- * @param headerKey header name
- * @param headerValue header value
- * @return true for a "Transfer-encoding: chunked" header
- */
-private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) {
- if (!"transfer-encoding".equalsIgnoreCase(headerKey))
- return false;
- return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0;
-}
-
-/**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
-public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- try {
- MOAIDProxyInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex);
- throw new ServletException(ex);
- }
-}
-
-/**
- * Handles an error. <br>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request
- * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage error message
- * @param exceptionThrown exception thrown
- * @param req servlet request
- * @param resp servlet response
- */
-protected void handleError(
- String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
-
-
- if(null != errorMessage) {
- Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage );
- }
-
- if (null != exceptionThrown) {
- if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
- Logger.error(errorMessage, exceptionThrown);
- //req.setAttribute("ExceptionThrown", exceptionThrown);
- }
-
- //forward this to errorpage-proxy.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp");
- try {
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
-
-}
-
-
-// * taken from iaik.utils.util.copyStream:
-/**
- * Reads all data (until EOF is reached) from the given source to the
- * destination stream. If the destination stream is null, all data is dropped.
- * It uses the given buffer to read data and forward it. If the buffer is
- * null, this method allocates a buffer.
- *
- * @param source The stream providing the data.
- * @param destination The stream that takes the data. If this is null, all
- * data from source will be read and discarded.
- * @param buffer The buffer to use for forwarding. If it is null, the method
- * allocates a buffer.
- * @exception IOException If reading from the source or writing to the
- * destination fails.
- */
-private static void copyStream(InputStream source, OutputStream destination, byte[] buffer, String method) throws IOException {
- if (source == null) {
- throw new NullPointerException("Argument \"source\" must not be null.");
- }
- if (buffer == null) {
- buffer = new byte[4096];
- }
-
- if (destination != null) {
- int bytesRead;
- while ((bytesRead = source.read(buffer)) >= 0) {
- destination.write(buffer, 0, bytesRead);
- //if (method.equalsIgnoreCase("POST")) Logger.debug(buffer.toString());
- }
- } else {
- while (source.read(buffer) >= 0);
- }
-}
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
deleted file mode 100644
index 954a87e62..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
+++ /dev/null
@@ -1,212 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import java.io.BufferedWriter;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.PrintWriter;
-import java.net.Socket;
-import java.security.GeneralSecurityException;
-import java.util.Hashtable;
-
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.axis.components.net.BooleanHolder;
-import org.apache.axis.components.net.DefaultSocketFactory;
-import org.apache.axis.components.net.SecureSocketFactory;
-import org.apache.axis.components.net.TransportClientProperties;
-import org.apache.axis.components.net.TransportClientPropertiesFactory;
-import org.apache.axis.utils.Messages;
-import org.apache.axis.utils.XMLUtils;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Secure socket factory for Axis webs service clients of the MOA-ID component,
- * which are the MOA-SP calls from MOA-ID Auth,
- * and the MOA-ID Auth calls from MOA-ID Proxy.
- * <br/>Use this initialization code:<br/>
- * <code> // ConnectionParameter connParam = ... get from ConfigurationProvider
- * AxisSecureSocketFactory.initialize(connParam);</code>
- * <br/>See the Apache Axis documentation on how to configure this class
- * as the default secure socket factory to be used by Axis.
- * <br/>
- * This code has been copied from <code>JSSESocketFactory</code>, the
- * method <code>initialize()</code> has been added.
- *
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AxisSecureSocketFactory
- extends DefaultSocketFactory implements SecureSocketFactory {
-
- /** Field sslFactory */
- private static SSLSocketFactory sslFactory;
-
- /**
- * Constructor for AxisSecureSocketFactory.
- * @param attributes ???
- */
- public AxisSecureSocketFactory(Hashtable attributes) {
- super(attributes);
- }
- /**
- * Initializes the factory by setting the connection parameters to be used for
- * setting the secure socket factory, and by setting the system property
- * <code>axis.socketSecureFactory</code>.
- * @param ssf <code>SSLSocketFactory</code> to initialize with
- */
- public static void initialize(SSLSocketFactory ssf)
- throws IOException, GeneralSecurityException {
-
- Logger.debug("Initialize AxisSecureSocketFactory");
- sslFactory = ssf;
- }
-
- /**
- * creates a secure socket
- *
- * @param host
- * @param port
- * @param otherHeaders
- * @param useFullURL
- *
- * @return Socket
- * @throws Exception
- */
- public Socket create(
- String host,
- int port,
- StringBuffer otherHeaders,
- BooleanHolder useFullURL)
- throws Exception {
- if (port == -1) {
- port = 443;
- }
-
- TransportClientProperties tcp =
- TransportClientPropertiesFactory.create("https");
-
- boolean hostInNonProxyList =
- isHostInNonProxyList(host, tcp.getNonProxyHosts());
-
- Socket sslSocket = null;
- if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
- // direct SSL connection
- sslSocket = sslFactory.createSocket(host, port);
- }
- else {
-
- // Default proxy port is 80, even for https
- int tunnelPort =
- (tcp.getProxyPort().length() != 0)
- ? Integer.parseInt(tcp.getProxyPort())
- : 80;
- if (tunnelPort < 0)
- tunnelPort = 80;
-
- // Create the regular socket connection to the proxy
- Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
-
- // The tunnel handshake method (condensed and made reflexive)
- OutputStream tunnelOutputStream = tunnel.getOutputStream();
- PrintWriter out =
- new PrintWriter(
- new BufferedWriter(new OutputStreamWriter(tunnelOutputStream)));
-
- // More secure version... engage later?
- // PasswordAuthentication pa =
- // Authenticator.requestPasswordAuthentication(
- // InetAddress.getByName(tunnelHost),
- // tunnelPort, "SOCK", "Proxy","HTTP");
- // if(pa == null){
- // printDebug("No Authenticator set.");
- // }else{
- // printDebug("Using Authenticator.");
- // tunnelUser = pa.getUserName();
- // tunnelPassword = new String(pa.getPassword());
- // }
- out.print(
- "CONNECT "
- + host
- + ":"
- + port
- + " HTTP/1.0\r\n"
- + "User-Agent: AxisClient");
- if (tcp.getProxyUser().length() != 0
- && tcp.getProxyPassword().length() != 0) {
-
- // add basic authentication header for the proxy
- String encodedPassword =
- XMLUtils.base64encode(
- (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes());
-
- out.print("\nProxy-Authorization: Basic " + encodedPassword);
- }
- out.print("\nContent-Length: 0");
- out.print("\nPragma: no-cache");
- out.print("\r\n\r\n");
- out.flush();
- InputStream tunnelInputStream = tunnel.getInputStream();
-
- if (log.isDebugEnabled()) {
- log.debug(
- Messages.getMessage(
- "isNull00",
- "tunnelInputStream",
- "" + (tunnelInputStream == null)));
- }
- String replyStr = "";
-
- // Make sure to read all the response from the proxy to prevent SSL negotiation failure
- // Response message terminated by two sequential newlines
- int newlinesSeen = 0;
- boolean headerDone = false; /* Done on first newline */
-
- while (newlinesSeen < 2) {
- int i = tunnelInputStream.read();
-
- if (i < 0) {
- throw new IOException("Unexpected EOF from proxy");
- }
- if (i == '\n') {
- headerDone = true;
- ++newlinesSeen;
- }
- else if (i != '\r') {
- newlinesSeen = 0;
- if (!headerDone) {
- replyStr += String.valueOf((char) i);
- }
- }
- }
- if (!replyStr.startsWith("HTTP/1.0 200")
- && !replyStr.startsWith("HTTP/1.1 200")) {
- throw new IOException(
- Messages.getMessage(
- "cantTunnel00",
- new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr }));
- }
-
- // End of condensed reflective tunnel handshake method
- sslSocket = sslFactory.createSocket(tunnel, host, port, true);
- if (log.isDebugEnabled()) {
- log.debug(
- Messages.getMessage(
- "setupTunnel00",
- tcp.getProxyHost(),
- "" + tunnelPort));
- }
- }
-
- ((SSLSocket) sslSocket).startHandshake();
- if (log.isDebugEnabled()) {
- log.debug(Messages.getMessage("createdSSL00"));
- }
- return sslSocket;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id.server/src/at/gv/egovernment/moa/id/util/ECDSAConstants.java
deleted file mode 100644
index c5dad8bc4..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAConstants.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Created on 20.01.2005
- *
- * @author rschamberger
- * $ID$
- */
-package at.gv.egovernment.moa.id.util;
-
-
-/**
- * Class used to define Constants used in Class ECDSAKeyValueConverter
- *
- * * @author rschamberger
- */
-public class ECDSAConstants {
-
- /* ECDSA Namespace
- */
- static String NAMESPACE_ECDSAKEYVALUE_ = "http://www.w3.org/2001/04/xmldsig-more#";
-
- /* Schema instance NS
- */
- static String NAMESPACE_XSI_ = "http://www.w3.org/2001/XMLSchema-instance";
-
- /* ecdsa prefix value
- */
- static String NS_PREFIX_ECDSAKEYVALUE_ = "ecdsa";
-
- /* namespace namespace
- */
- static String NAMESPACE_NAMESPACES_ = "http://www.w3.org/XML/1998/namespace";
-
- /* si prefix value
- */
- static String NS_PREFIX_XSI_ = "si";
-};
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id.server/src/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
deleted file mode 100644
index 6fb78edb7..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ /dev/null
@@ -1,572 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import iaik.security.ecc.ecdsa.ECDSAParameter;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.security.ecc.math.ecgroup.AffineCoordinate;
-import iaik.security.ecc.math.ecgroup.Coordinate;
-import iaik.security.ecc.math.ecgroup.CoordinateTypes;
-import iaik.security.ecc.math.ecgroup.ECGroupFactory;
-import iaik.security.ecc.math.ecgroup.ECPoint;
-import iaik.security.ecc.math.ecgroup.EllipticCurve;
-import iaik.security.ecc.math.field.Field;
-import iaik.security.ecc.math.field.FieldElement;
-import iaik.security.ecc.math.field.PrimeField;
-import iaik.security.ecc.parameter.ECCParameterFactory;
-import iaik.security.ecc.spec.ECCParameterSpec;
-
-import java.math.BigInteger;
-import java.security.PublicKey;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Vector;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-public class ECDSAKeyValueConverter
-{
-
-
- //TODO enhance javadoc
-
- /**
- * converter class which can be used to convert ECDSA keys encoded in XML
- * to a PublicKey data structure
- * @param keyValueElem ECDSAKeyValue Element
- * @return ECPublicKey encoded in PublicKey data structure
- * @throws Exception
- */
- public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception
- {
- String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_;
-
- // Domain parameters
- Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1);
- if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
-
- Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
- ECCParameterSpec eccParameterSpec;
-
- if (namedCurve != null)
- {
- // URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
- String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
- ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
- // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
- eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
- }
- else
- {
- Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1);
- Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1);
- Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1);
- Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1);
-
- // Field parameters
- String fieldParamsTypeStr = fieldParams.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type");
- String ecdsaNSPrefix = getECDSANSPrefix(fieldParams);
- BigInteger p = null;
- int fieldParamsType = 0;
- final int FIELD_TYPE_PRIME = 1;
- final int FIELD_TYPE_TNB = 2;
- final int FIELD_TYPE_PNB = 3;
- int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1;
- if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType"))
- {
- fieldParamsType = FIELD_TYPE_PRIME;
- String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1);
- p = new BigInteger(pStr, 10);
- }
- else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType"))
- {
- fieldParamsType = FIELD_TYPE_TNB;
- String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
- m = Integer.parseInt(mStr);
- String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1);
- k = Integer.parseInt(kStr);
- }
- else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType"))
- {
- fieldParamsType = FIELD_TYPE_PNB;
- String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
- m = Integer.parseInt(mStr);
- String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1);
- k1 = Integer.parseInt(k1Str);
- String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1);
- k2 = Integer.parseInt(k2Str);
- String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1);
- k3 = Integer.parseInt(k3Str);
- }
- else throw new Exception("Unknown field parameters.");
-
- // Curve parameters
- Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1);
- String aStr = aElem.getAttributeNS(null, "Value");
- Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1);
- String bStr = bElem.getAttributeNS(null, "Value");
- String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1);
- BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null;
-
- // Base point parameters
- Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1);
- Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1);
- String basePointXStr = basePointXElem.getAttributeNS(null, "Value");
- Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1);
- String basePointYStr = basePointYElem.getAttributeNS(null, "Value");
- String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1);
- BigInteger order = new BigInteger(orderStr, 10);
- String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
- BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
-
- if (fieldParamsType == FIELD_TYPE_PRIME)
- {
- BigInteger a = new BigInteger(aStr, 10);
- BigInteger b = new BigInteger(bStr, 10);
- BigInteger basePointX = new BigInteger(basePointXStr, 10);
- BigInteger basePointY = new BigInteger(basePointYStr, 10);
- eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
- basePointY, null);
- }
- else
- {
- int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)];
- if (fieldParamsType == FIELD_TYPE_TNB)
- {
- irreducible[m/32] = 1 << m % 32;
- irreducible[k/32] += 1 << k % 32;
- irreducible[0] += 1;
- }
- else
- {
- irreducible[m/32] = 1 << m % 32;
- irreducible[k3/32] += 1 << k3 % 32;
- irreducible[k2/32] += 1 << k2 % 32;
- irreducible[k1/32] += 1 << k1 % 32;
- irreducible[0] += 1;
- }
- eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
- octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
- octetString2IntArray(basePointYStr), null);
- }
- }
-
- // Public key
- Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1);
- Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1);
- String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value");
- Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
- String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
-
- ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
- ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
- EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
- eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
- Field field = eCurve.getField();
-
- // Detect type of public key field elements
- String elementType = publicKeyXElem.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type");
- String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1);
- int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2;
- int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName))
- ? FIELD_TYPE_PRIME
- : FIELD_TYPE_CHAR_TWO;
-
- FieldElement publicKeyPointX, publicKeyPointY;
- if (fieldElemType == FIELD_TYPE_PRIME)
- {
-
-// Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10));
-// publicKeyPointX = field.newElement(xValue);
- PrimeField pf = (PrimeField) field;
- publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10));
-// Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10));
-// publicKeyPointY = field.newElement(yValue);
- publicKeyPointY = pf.newElement(new BigInteger(publicKeyYStr, 10));
- }
- else
- {
- publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr));
- publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr));
- }
-// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
-// publicKeyPointY, field.getONEelement());
- Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
- publicKeyPointY).toProjective();
- ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
- ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
-
- return publicKey;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- /*
- public static Element publicKey2ECDSAKeyValueElement(boolean implParams, String curveOID,
- ECDSAPublicKey publicKey, Document factoryDoc)
- {
- String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_;
- String ecdsaNSP = ECDSAConstants.NS_PREFIX_ECDSAKEYVALUE_;
- String nsNS = ECDSAConstants.NAMESPACE_NAMESPACES_;
- String xsiNS = ECDSAConstants.NAMESPACE_XSI_;
- String xsiNSP = ECDSAConstants.NS_PREFIX_XSI_;
-
- ECDSAParameter params = (ECDSAParameter)publicKey.getParameter();
- EllipticCurve curve = params.getG().getCurve();
- Field field = curve.getField();
- int fieldId = curve.getField().getFieldId();
-
- Element eCDSAKeyValue = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ECDSAKeyValue");
- eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + ecdsaNSP, ecdsaNS);
- eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + xsiNSP, xsiNS);
-
- // Detect field type
- int coeffPositions[] = new int[3];
- int fieldType = 0;
- String fieldElemTypeString = null;
- final int FT_PRIME = 1, FT_TNB = 2, FT_PNB = 3;
- if (fieldId == Field.PRIME_FIELD)
- {
- fieldType = FT_PRIME;
- fieldElemTypeString = ecdsaNSP + ":PrimeFieldElemType";
- }
- else
- {
- // Get irreducible polynomal
- BinaryField binaryField = (BinaryField)field;
- BinaryFieldValue irreducible = binaryField.getIrreducible();
-
- // Get coefficients of irreducible polynomal
- int order = irreducible.getOrder();
- int coeffCount = 2;
- for (int i = 1; i < order - 1; i++)
- {
- if (irreducible.testBit(i))
- {
- coeffPositions[coeffCount - 2] = i;
- coeffCount++;
- if (coeffCount == 5) break;
- }
- }
-
- // Set polynomal type (TNB or
- fieldType = (coeffCount == 3) ? FT_TNB : FT_PNB;
- fieldElemTypeString = ecdsaNSP + ":CharTwoFieldElemType";
- }
-
- if (!implParams)
- {
- Element domainParameters = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":DomainParameters");
- eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
- eCDSAKeyValue.appendChild(domainParameters);
-
- if (curveOID != null)
- {
- // Named curve
- Element namedCurve = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":NamedCurve");
- namedCurve.setAttributeNS(null, "URN", "urn:oid:" + curveOID);
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- domainParameters.appendChild(namedCurve);
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- }
- else
- {
- // Explicit parameters
- Element explicitParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ExplicitParams");
-
- // Field parameters
- Element fieldParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":FieldParams");
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(fieldParams);
-
- if (fieldType == FT_PRIME)
- {
- fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PrimeFieldParamsType");
- Element p = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":P");
- p.appendChild(factoryDoc.createTextNode(curve.getField().getSize().toString(10)));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(p);
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- }
- else if (fieldType == FT_TNB)
- {
- fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":TnBFieldParamsType");
- Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M");
- m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder())));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(m);
-
- Element k = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K");
- k.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0], 10)));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k);
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- }
- else
- {
- fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PnBFieldParamsType");
- Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M");
- m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder())));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(m);
-
- Element k1 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K1");
- k1.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0])));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k1);
-
- Element k2 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K2");
- k2.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[1])));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k2);
-
- Element k3 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K3");
- k3.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[2])));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k3);
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- }
-
- // Curve parameters
- Element curveParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":CurveParams");
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(curveParams);
-
- Element a = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":A");
- a.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- a.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? curve.getA().getValue().toBigInt().toString(10)
- : evenStringLength(curve.getA().getValue().toBigInt().toString(16)));
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
- curveParams.appendChild(a);
-
- Element b = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":B");
- b.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- b.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? curve.getB().getValue().toBigInt().toString(10)
- : evenStringLength(curve.getB().getValue().toBigInt().toString(16)));
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
- curveParams.appendChild(b);
-
- if (params.getS() != null)
- {
- Element seed = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Seed");
- seed.appendChild(factoryDoc.createTextNode(evenStringLength(params.getS().toString(16))));
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
- curveParams.appendChild(seed);
- }
-
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
-
- // Base point params
- Element basePointParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePointParams");
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(basePointParams);
-
- Element basePoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePoint");
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- basePointParams.appendChild(basePoint);
-
- Element x = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X");
- x.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- x.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? params.getG().getCoordinates().getX().getValue().toBigInt().toString(10)
- : evenStringLength(params.getG().getCoordinates().getX().getValue().toBigInt().toString(16)));
- basePoint.appendChild(factoryDoc.createTextNode("\n "));
- basePoint.appendChild(x);
-
- Element y = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y");
- y.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- y.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? params.getG().getCoordinates().getY().getValue().toBigInt().toString(10)
- : evenStringLength(params.getG().getCoordinates().getY().getValue().toBigInt().toString(16)));
- basePoint.appendChild(factoryDoc.createTextNode("\n "));
- basePoint.appendChild(y);
- basePoint.appendChild(factoryDoc.createTextNode("\n "));
-
- Element order = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Order");
- order.appendChild(factoryDoc.createTextNode(params.getR().toString(10)));
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- basePointParams.appendChild(order);
-
- if (params.getK() != null)
- {
- Element cofactor = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Cofactor");
- cofactor.appendChild(factoryDoc.createTextNode(params.getK().toString(10)));
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- basePointParams.appendChild(cofactor);
- }
-
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
-
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- domainParameters.appendChild(explicitParams);
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- }
- }
-
- // Public key point
- Element publicKeyPoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":PublicKey");
-
- Element publicKeyX = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X");
- publicKeyX.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- publicKeyX.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(10)
- : evenStringLength(publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(16)));
- publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
- publicKeyPoint.appendChild(publicKeyX);
-
- Element publicKeyY = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y");
- publicKeyY.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- publicKeyY.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(10)
- : evenStringLength(publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(16)));
- publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
- publicKeyPoint.appendChild(publicKeyY);
- publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
-
- eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
- eCDSAKeyValue.appendChild(publicKeyPoint);
- eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
-
- return eCDSAKeyValue;
- }
- */
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static String getECDSANSPrefix(Element element)
- {
- // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than
- // one NS prefix can be bound to the ECDSA namespace
-
- HashMap inScopeNSAttrs = getInScopeNSAttrs(element);
- Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator();
- while (inScopeNSAttrsIt.hasNext())
- {
- Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next());
- if (ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_.equals(currentAttr.getValue()))
- {
- return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6);
- }
- }
- return null;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- // Converts an octet string representation into an int array as needed for the IAIK ECC library
- // String: rightmost byte is least significant byte
- // IntArray: rightmost byte is LEAST significant byte
- private static int[] octetString2IntArray(String octetString)
- {
- int byteCount = octetString.length()/2;
- int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)];
- for (int i = 0; i < byteCount; i++)
- {
- int oSStartPos = octetString.length() - (i + 1) * 2;
- int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16);
- intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8);
- }
- return intArray;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- // Converts an octet string representation into a byte array as needed for the IAIK ECC library
- // String: rightmost byte is least significant byte
- // ByteArray: rightmost byte is MOST significant byte
- private static byte[] octetString2ByteArray(String octetString)
- {
- int byteCount = octetString.length()/2;
- byte[] byteArray = new byte[byteCount];
- for (int i = 0; i < byteCount; i++)
- {
- int oSStartPos = octetString.length() - (i + 1) * 2;
- byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring(
- oSStartPos, oSStartPos + 2), 16);
- }
- return byteArray;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static String evenStringLength(String hexString)
- {
- return (hexString.length() % 2 != 0) ? "0" + hexString : hexString;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static Element getChildElement(Element parent, String namespace, String localName,
- int instance)
- {
- NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName);
- if (namedElements.getLength() < instance) return null;
- return (Element)namedElements.item(instance - 1);
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static String getChildElementText(Element parent, String namespace, String localName,
- int instance)
- {
- Element child = getChildElement(parent, namespace, localName, instance);
- if (child == null) return null;
- NodeList childNodes = child.getChildNodes();
- int nodeCount = 0;
- while (nodeCount < childNodes.getLength())
- {
- Node currentNode = childNodes.item(nodeCount);
- if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue();
- nodeCount++;
- }
- return null;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- public static HashMap getInScopeNSAttrs(Element element)
- {
- // Get all ancestors of element
- Vector ancestors = new Vector();
- ancestors.add(element);
- Node currentAncestor = element;
- while ((currentAncestor = currentAncestor.getParentNode()) != null &&
- currentAncestor.getNodeType() == Node.ELEMENT_NODE)
- {
- ancestors.add(currentAncestor);
- }
-
- // Scan all ancestors for NS attributes
- HashMap inScopeNSAttrs = new HashMap();
- for (int i = ancestors.size() - 1; i >= 0; i--)
- {
- Element currentAncestorElem = (Element)ancestors.get(i);
- NamedNodeMap attrs = currentAncestorElem.getAttributes();
- for (int j = 0; j < attrs.getLength(); j++)
- {
- Attr currentAttr = (Attr)attrs.item(j);
- String currentAttrName = currentAttr.getNodeName();
- if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:"))
- {
- inScopeNSAttrs.put(currentAttrName, currentAttr);
- }
- }
- }
-
- // Check if default NS attribute is in list; if value is empty remove it from list
- Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns");
- if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns");
-
- return inScopeNSAttrs;
- }
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
deleted file mode 100644
index 7c4731555..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Created on 17.02.2004
- *
- * To change the template for this generated file go to
- * Window>Preferences>Java>Code Generation>Code and Comments
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author rschamberger
- *
- * To change the template for this generated type comment go to
- * Window>Preferences>Java>Code Generation>Code and Comments
- */
-public class HTTPRequestJSPForwarder {
-
- /**
- * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response. <br>
- * <ul>
- * <li>Logs the message</li>
- * </ul>
- *
- * @param message message text
- * @param jspPageURI URI of the JSP page
- * @param context the servlet context of the servlet belonging to the req, resp
- * @param req servlet request
- * @param resp servlet response
- */
- public static void forwardNamed(
- String message,
- String jspPageURI,
- ServletContext context,
- HttpServletRequest req,
- HttpServletResponse resp) {
-
- if (null != message) {
- Logger.info(message);
- req.setAttribute("Message", message);
- }
-
- //forward this to the given jsp page where the HTML response is generated
- try {
- context.getRequestDispatcher(jspPageURI).forward(req, resp);
- } catch (IOException e) {
- Logger.error(e);
- } catch (ServletException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Forwards the HttpServletRequest to the customizable JSP Page 'message.jsp' and serves the Response. <br>
- * <ul>
- * <li>Logs the message</li>
- * </ul>
- *
- * @param message message text
- * @param context the servlet context of the servlet belonging to the req, resp
- * @param req servlet request
- * @param resp servlet response
- */
- public static void forwardDefault(
- String message,
- ServletContext context,
- HttpServletRequest req,
- HttpServletResponse resp) {
- forwardNamed(message, "/message.jsp", context, req, resp);
- }
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/HTTPUtils.java
deleted file mode 100644
index 035c47eb9..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-/**
- * HTTP Utilities
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-
-import java.io.BufferedInputStream;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.net.HttpURLConnection;
-import java.net.URL;
-
-import org.apache.regexp.RE;
-import org.apache.regexp.RESyntaxException;
-
-/**
- *
- * @author Rudolf Schamberger
- *
- */
-public class HTTPUtils {
-
- /**
- * Utility used to obtainin correct encoded HTTP content.
- * Reads a given Content adressed by HTTP-URL into String.
- * Content encoding is considered by using the Content-Type HTTP header charset value.
- * @param URL HTTP URL to read from.
- * @return String representation of content
- * @throws IOException on data-reading problems
- */
- public static String readHttpURL(String URL)
- throws IOException {
-
- URL url = new URL(URL);
- HttpURLConnection conn = (HttpURLConnection)url.openConnection();
- conn.setRequestMethod("GET");
- String contentType = conn.getContentType();
- RE regExp = null;
- try {
- regExp = new RE("(;.*charset=)(\"*)(.*[^\"])");
- } catch (RESyntaxException e) {
- //RESyntaxException is not possible = expr. is costant
- }
- boolean charsetSupplied = regExp.match(contentType);
- String encoding = "ISO-8859-1"; //default HTTP encoding
- if (charsetSupplied) {
- encoding = regExp.getParen(3);
- }
- InputStream instream = new BufferedInputStream(conn.getInputStream());
- InputStreamReader isr = new InputStreamReader(instream, encoding);
- Reader in = new BufferedReader(isr);
- int ch;
- StringBuffer buffer = new StringBuffer();
- while ((ch = in.read()) > -1) {
- buffer.append((char)ch);
- }
- in.close();
- conn.disconnect();
- return buffer.toString();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id.server/src/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
deleted file mode 100644
index 4330133f0..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
- * Created on 01.10.2004
- *
- * @author rschamberger
- * $ID$
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequestWrapper;
-
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.URLDecoder;
-
-/**
- * Special ServletRequestWrapper class which provides a more precise implementation of the getParameter*
- * family. This implementation cares about the order of the parameters from Query String and HTTP POST
- * Body. Use this as Filter class for Servlets which such needs.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class InOrderServletRequestWrapper extends HttpServletRequestWrapper {
-
- /**
- * standard encoding used to decode the URL string.
- */
- //
- public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";
- /**
- * Vector that stores the order of the query paramters
- */
- private Vector queryParamOrder;
-
- /**
- * Hashtable that stores the content of the query paramters
- */
- private Hashtable queryParameters;
-
- /**
- * Vector that stores the order of the HTTP body paramters
- */
- private Vector bodyParamOrder;
-
- /**
- * Hashtable that stores the content of the HTTP body paramters
- */
- private Hashtable bodyParameters;
-
- /**
- * ServletContext
- */
- private ServletContext context;
-
- /**
- * Identifier used to identify query parameters
- */
- public static final int QUERY_PARAM = 1;
-
- /**
- * Identifier used to identify HTTP body parameters
- */
- public static final int BODY_PARAM = 2;
-
- /**
- * @see HttpServletRequestWrapper
- */
- public InOrderServletRequestWrapper(final HttpServletRequest request, final ServletContext sContext) {
- super(request);
- this.context = sContext;
- }
-
- /**
- * parses the Query and if availlable also HTTP POST parameters
- *
- * @param req a <code>HttpServletRequest</code> which should be parsed
- */
- protected final void parseParameters(final HttpServletRequest req)
- {
- queryParamOrder = new Vector();
- queryParameters = new Hashtable();
- bodyParamOrder = new Vector();
- bodyParameters = new Hashtable();
-
- //Insert code for Query string parsing
- String rawQuery = req.getQueryString();
- queryParameters = tokenize(queryParameters, queryParamOrder, rawQuery, DEFAULT_CHARACTER_ENCODING, true);
-
- //analyze HTTP Post body parameters
- if (req.getMethod().equalsIgnoreCase("POST"))
- {
- //get body encoding
- String enc = req.getCharacterEncoding();
- if (enc == null) enc = DEFAULT_CHARACTER_ENCODING;
-
- if (req.getContentType().equals("application/x-www-form-urlencoded"))
- {
- try
- {
- bodyParameters = parsePostData(bodyParameters, req.getContentLength(), req.getInputStream(), enc);
- }
- catch (IOException e)
- {
- context.log("could not open input stream of reqest \n" + e.toString());
- }
- }
- else
- {
- //TODO add multipart code
- context.log(
- "ERROR other Content-Types than 'application/x-www-form-urlencoded' not supported!");
- }
-
- }// end POST
- }
-
- /**
- * parses the HTTP POST parameters
- *
- * @param ht parameter Hashtable to put parameters in.
- * @param length of content
- * @param instream the ServletInputStream of the request
- * @param encoding encoding of the instream
- *
- * @return the Hashtable with the parsed data
- */
- private Hashtable parsePostData(Hashtable ht, final int length, final ServletInputStream instream,
- final String encoding)
- {
- int inputLen, offset;
- byte[] postedBytes = null;
- boolean dataRemaining = true;
- String postedBody;
-
- StringBuffer sb = new StringBuffer();
-
- if (length <= 0)
- {
- return null;
- }
-
- postedBytes = new byte[length];
- try
- {
- offset = 0;
- while (dataRemaining)
- {
- inputLen = instream.read(postedBytes, offset, length - offset);
- if (inputLen <= 0)
- {
- throw new IOException("read error during reading the HTTP POST body");
- }
- offset += inputLen;
- if ((length - offset) == 0)
- {
- dataRemaining = false;
- }
- }
- }
- catch (IOException e)
- {
- System.out.println("Exception =" + e);
- return null;
- }
-
- postedBody = new String(postedBytes);
- Hashtable ht2 = tokenize(ht, bodyParamOrder, postedBody, encoding, false);
- return ht2;
- }
-
-
- /**
- * tokenizes parameter strings
- *
- * @param ht parameter Hashtable to put parameters in.
- * @param order Vector in which the order of the tokenized parameters will be stored.
- * @param parameterString String to tokenize.
- * @param encoding which will be used to decode the parameterString.
- *
- * @return the Hashtable with the parsed data
- */
- private Hashtable tokenize(Hashtable ht, Vector order, final String parameterString, final String encoding, boolean decode)
- {
- String[] valArray = null;
-
- if (null == parameterString) return ht;
-
- StringTokenizer st = new StringTokenizer(parameterString, "&");
-
- String key = null;
- String val = null;
-
- while (st.hasMoreTokens())
- {
- String pair = (String) st.nextToken();
- int pos = pair.indexOf('=');
- if (pos == -1)
- {
- throw new IllegalArgumentException();
- }
- try
- {
- if (decode) {
- key = URLDecoder.decode(pair.substring(0, pos), encoding);
- val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding);
- } else {
- key = pair.substring(0, pos);
- val = pair.substring(pos + 1, pair.length());
- }
- //Logger.debug("(" + Integer.toString(key.length()) + "=" + Integer.toString(pair.substring(0, pos).length()) + ")"+key+"|--|"+pair.substring(0, pos));
- //Logger.debug("(" + Integer.toString(val.length()) + "=" + Integer.toString(pair.substring(pos + 1, pair.length()).length()) + ")"+val+"|--|"+pair.substring(pos + 1, pair.length()));
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException();
- }
- if (ht.containsKey(key))
- {
- String oldVals[] = (String[]) ht.get(key);
- valArray = new String[oldVals.length + 1];
- for (int i = 0; i < oldVals.length; i++)
- {
- valArray[i] = oldVals[i];
- }
- valArray[oldVals.length] = val;
- }
- else
- {
- valArray = new String[1];
- valArray[0] = val;
- }
- ht.put(key, valArray);
- order.addElement(key);
- }
- return ht;
-
- }
-
- /**
- * Returns the value of a request parameter as a <code>String</code>, or <code>null</code> if the
- * parameter does not exist. Request parameters are extra information sent with the request. For HTTP
- * servlets, parameters are contained in the query string or posted form data.
- *
- * <p>
- * You should only use this method when you are sure the parameter has only one value. If the parameter
- * might have more than one value, use {@link #getParameterValues(String, int)}.
- *
- * <p>
- * If you use this method with a multivalued parameter, the value returned is equal to the first value in
- * the array returned by <code>getParameterValues</code>.
- *
- * <p>
- * If the parameter data was sent in the request body, such as occurs with an HTTP POST request, then
- * reading the body directly via {@link #getInputStream} or {@link #getReader}can interfere with the
- * execution of this method.
- *
- * @param name a <code>String</code> containing the name of the parameter whose value is requested
- *
- * @return a <code>String</code> representing the single value of the parameter
- *
- * @see #getParameterValues(String, int)
- *
- */
- public final String getParameter(final String name) {
- String val = getParameter(name, QUERY_PARAM);
- return (null != val) ? val : getParameter(name, BODY_PARAM);
- }
-
- /**
- * Returns the value of a request parameter as a <code>String</code>, or <code>null</code> if the
- * parameter does not exist.
- *
- * @param name a <code>String</code> containing the name of the parameter whose value is requested
- * @param parameterType type of parameter
- * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM
- * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM
- * @see #getParameterValues(String)
- * @return value of the (single) parameter or null if not availlable
- **/
- public final String getParameter(final String name, final int parameterType)
- {
-
- Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters;
- String[] vals = (String[]) parameters.get(name);
- if (vals == null)
- {
- return null;
- }
- return vals[0];
- }
-
-
- /**
- * Returns an array of <code>String</code> objects containing all of the values the given request
- * parameter has, or <code>null</code> if the parameter does not exist.
- *
- * <p>
- * If the parameter has a single value, the array has a length of 1.
- *
- * @param name a <code>String</code> containing the name of the parameter whose value is requested
- * @param parameterType type of parameter
- * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM
- * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM
- * @return an array of <code>String</code> objects containing the parameter's values or null
- *
- * @see #getParameter
- */
- public final String getParameterValues(final String name, final int parameterType)
- {
- Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters;
- String[] vals = (String[]) parameters.get(name);
- if (vals == null)
- {
- return null;
- }
- String vallist = vals[0];
- for (int i = 1; i < vals.length; i++)
- {
- vallist = vallist + "," + vals[i];
- }
- return vallist;
- }
-
- /**
- *
- * Returns an <code>Enumeration</code> of <code>String</code> objects containing the names of the
- * parameters. If there are no parameters, the method returns an empty
- * <code>Enumeration</code>.
- *
- * @return an <code>Enumeration</code> of <code>String</code> objects, each <code>String</code>
- * containing the name of a request parameter; or an empty <code>Enumeration</code> if the
- * request has no parameters
- *
- */
- public final Enumeration getParameterNames()
- {
- Vector FullParamOrder = new Vector();
- for (Enumeration enu = queryParamOrder.elements(); enu.hasMoreElements();) {
- FullParamOrder.addElement(enu.nextElement());
- }
- for (Enumeration enu = bodyParamOrder.elements(); enu.hasMoreElements();) {
- FullParamOrder.addElement(enu.nextElement());
- }
- return FullParamOrder.elements();
- }
-
- /**
- *
- * Returns an <code>Enumeration</code> of <code>String</code> objects containing the names of the
- * parameters contained in this request. If the request has no parameters, the method returns an empty
- * <code>Enumeration</code>.
- * @param parameterType type of parameter
- *
- * @return an <code>Enumeration</code> of <code>String</code> objects, each <code>String</code>
- * containing the name of a request parameter; or an empty <code>Enumeration</code> if the
- * request has no parameters
- *
- */
- public final Enumeration getParameterNames(final int parameterType)
- {
- if (QUERY_PARAM == parameterType)
- return queryParamOrder.elements();
- else
- return bodyParamOrder.elements();
- }
-} //End InOrderServletRequestWrapper \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
deleted file mode 100644
index d31aa6ec1..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Locale;
-
-import at.gv.egovernment.moa.util.Messages;
-
-/**
- * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDMessageProvider {
-
- /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
- private static final String[] DEFAULT_MESSAGE_RESOURCES =
- { "resources/properties/id_messages" };
- /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */
- private static final Locale[] DEFAULT_MESSAGE_LOCALES =
- new Locale[] { new Locale("de", "AT") };
- /** The instance for our singleton */
- private static MOAIDMessageProvider instance;
- /** The Messages */
- private Messages messages;
-
- /**
- * Returns the single instance of <code>MOAIDMessageProvider</code>.
- *
- * @return the single instance of <code>MOAIDMessageProvider</code>
- */
- public static MOAIDMessageProvider getInstance() {
- if (instance == null)
- instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
- return instance;
- }
-
- /**
- * Create a <code>MOAIDMessageProvider</code>.
- *
- * @param resourceNames The names of the resources containing the messages.
- * @param locales The corresponding locales.
- */
- protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
- this.messages = new Messages(resourceNames, locales);
- }
-
- /**
- * Get the message corresponding to a given message ID.
- *
- * @param messageId The ID of the message.
- * @param parameters The parameters to fill in into the message arguments.
- * @return The formatted message.
- */
- public String getMessage(String messageId, Object[] parameters) {
- return messages.getMessage(messageId, parameters);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id.server/src/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
deleted file mode 100644
index 3f5fddba2..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
+++ /dev/null
@@ -1,62 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * @author rschamberger
- *
- */
-/**
- * A Filter class wich uses the InOrderServletRequestWrapper to provide servlets a more precise
- * implementation of the getParameter* family. This implementation cares about the order of the parameters
- * from Query String and HTTP POST Body. Use this as Filter class for Servlets which such needs.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class ParameterInOrderFilter implements Filter
-{
-
- /**
- * filterConfig
- */
- private FilterConfig filterConfig;
-
- /**
- * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
- */
- public final void init(final FilterConfig config)
- {
- this.filterConfig = config;
- }
-
- /**
- * @see javax.servlet.Filter#destroy()
- */
- public final void destroy()
- {
- };
-
- /**
- * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
- * javax.servlet.FilterChain)
- */
- public final void doFilter(final ServletRequest request, final ServletResponse response,
- final FilterChain chain) throws IOException, ServletException
- {
- InOrderServletRequestWrapper sRequ = new InOrderServletRequestWrapper((HttpServletRequest) request,
- filterConfig.getServletContext());
- //parse the Query (and Body) parameters
- sRequ.parseParameters((HttpServletRequest) request);
- //process the rest of filter chain
- chain.doFilter(sRequ, response);
- }
-} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/Random.java b/id.server/src/at/gv/egovernment/moa/id/util/Random.java
deleted file mode 100644
index da75b4213..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/Random.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Date;
-
-/**
- * Random number generator used to generate ID's
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class Random {
-
- /** random number generator used */
- private static java.util.Random random = new java.util.Random(new Date().getTime());
- /**
- * Creates a new random number, to be used as an ID.
- *
- * @return random long as a String
- */
- public static String nextRandom() {
- return "" + random.nextLong();
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
deleted file mode 100644
index 9fa0803c4..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ /dev/null
@@ -1,180 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
-import org.apache.regexp.RE;
-import org.apache.regexp.RESyntaxException;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
- * This <code>TrustManager</code> implementation features CRL checking.<br/>
- * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtils {
-
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map sslSocketFactories = new HashMap();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
- public static void initialize() {
- sslSocketFactories = new HashMap();
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
- }
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes an
- * <code>IAIKX509TrustManager</code> for the given trust store,
- * and the given key store.
- *
- * @param conf configuration provider providing a generic properties pointing
- * to trusted CA store and certificate store root
- * @param connParam connection parameter containing the client key store settings
- * to be used in case of client authentication;
- * if <code>connParam.getClientKeyStore() == null</code>, client authentication
- * is assumed to be disabled
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static SSLSocketFactory getSSLSocketFactory(
- ConfigurationProvider conf,
- ConnectionParameter connParam)
- throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
-
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
- }
-
- /**
- * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
- //not using BoolUtils because default value hast to be true!
- boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
- /**
- * Reads a file, given by URL, into a byte array,
- * securing the connection by IAIKX509TrustManager.
- * @param connParam containing URL and accepted server certificates
- * @param conf ConfigurationProvider for reading
- * @return String representation of content
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws GeneralSecurityException on security issues
- */
- public static String readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- URL url = new URL(connParam.getUrl());
- HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
- conn.setRequestMethod("GET");
- conn.setDoInput(true);
- SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam);
- conn.setSSLSocketFactory(sslSocketFactory);
- conn.connect();
- String contentType = conn.getContentType();
- RE regExp = null;
- try {
- regExp = new RE("(;.*charset=)(\"*)(.*[^\"])");
- } catch (RESyntaxException e) {
- //RESyntaxException is not possible = expr. is costant
- }
- boolean charsetSupplied = regExp.match(contentType);
- String encoding = "ISO-8859-1"; //default HTTP encoding
- if (charsetSupplied) {
- encoding = regExp.getParen(3);
- }
- InputStream instream = new BufferedInputStream(conn.getInputStream());
- InputStreamReader isr = new InputStreamReader(instream, encoding);
- Reader in = new BufferedReader(isr);
- int ch;
- StringBuffer buffer = new StringBuffer();
- while ((ch = in.read()) > -1) {
- buffer.append((char)ch);
- }
- in.close();
- conn.disconnect();
- return buffer.toString();
- }
-}