aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java298
1 files changed, 146 insertions, 152 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index e38ccc62a..758f28150 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -1,18 +1,18 @@
package at.gv.egovernment.moa.id.auth.builder;
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Text;
+import org.w3c.dom.Node;
+import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
/**
* Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
@@ -22,124 +22,121 @@ import at.gv.egovernment.moa.util.XPathUtils;
* @version $Id$
*/
public class VerifyXMLSignatureRequestBuilder {
- /** The MOA-Prefix */
- private static final String MOA = Constants.MOA_PREFIX + ":";
+
+ /** shortcut for XMLNS namespace URI */
+ private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+ /** shortcut for MOA namespace URI */
+ private static final String MOA_NS_URI = Constants.MOA_NS_URI;
/** The DSIG-Prefix */
private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** the request as string */
- private String request;
- /** the request as DOM-Element */
- private Element reqElem;
-
+
+ /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+ private Document requestDoc_;
+ /** the <code>VerifyXMLsignatureRequest</code> root element */
+ private Element requestElem_;
+
+
/**
- * Constructor for VerifyXMLSignatureRequestBuilder.
+ * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root
+ * element and namespace declarations.
+ *
+ * @throws BuildException If an error occurs on building the document.
*/
- public VerifyXMLSignatureRequestBuilder() {
+ public VerifyXMLSignatureRequestBuilder() throws BuildException {
+ try {
+ DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ requestDoc_ = docBuilder.newDocument();
+ requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+ requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+ requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ requestDoc_.appendChild(requestElem_);
+ } catch (Throwable t) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"VerifyXMLSignatureRequest", t.toString()},
+ t);
+ }
}
+
+
/**
* Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
* from an IdentityLink with a known trustProfileID which
* has to exist in MOA-SP
- * @param idl - The IdentityLink
+ * @param identityLink - The IdentityLink
* @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ *
* @return Element - The complete request as Dom-Element
+ *
* @throws ParseException
*/
- public Element build(IdentityLink idl, String trustProfileID)
- throws ParseException { //samlAssertionObject
- request =
- "<?xml version='1.0' encoding='UTF-8' ?>"
- + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
- + " <VerifySignatureInfo>"
- + " <VerifySignatureEnvironment>"
- + " <Base64Content>"
- + " </Base64Content>"
- + " </VerifySignatureEnvironment>"
- + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
- + " </VerifySignatureInfo>"
- + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung
- +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>"
- // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock)
- +" </ReferenceInfo>"
- + " </SignatureManifestCheckParams>"
- + " <ReturnHashInputData/>"
- + " <TrustProfileID>"
- + trustProfileID
- + "</TrustProfileID>"
- + "</VerifyXMLSignatureRequest>";
-
+ public Element build(IdentityLink identityLink, String trustProfileID)
+ throws ParseException
+ {
try {
- InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
- reqElem = DOMUtils.parseXmlValidating(s);
-
- String CONTENT_XPATH =
- "//"
- + MOA
- + "VerifyXMLSignatureRequest/"
- + MOA
- + "VerifySignatureInfo/"
- + MOA
- + "VerifySignatureEnvironment/"
- + MOA
- + "Base64Content";
-
- Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
-
- String dtdString = ""
- /* TODO MOA-ID-AUTH remove dtdString processing if it is not nec. in further versions
- + "<!DOCTYPE saml:Assertion [\n"
- + " <!ATTLIST saml:Assertion AssertionID ID #REQUIRED\n"
- + ">\n"
- + "]>"
- */
- ;
-
- String serializedAssertion = idl.getSerializedSamlAssertion();
- //insert mini dtd after xml declaration to allow usage of AssertionID
- //encode then base64 and put this into Element Base64Content
- String dtdAndIL =
- serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2)
- + dtdString
- + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2);
- String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8"));
- //replace all '\r' characters by no char.
- String replaced = "";
- for (int i = 0; i < b64dtdAndIL.length(); i ++) {
- if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i);
- }
- b64dtdAndIL = replaced;
- Text b64content = (Text) insertTo.getFirstChild();
- b64content.setData(b64dtdAndIL);
-
- String SIGN_MANI_CHECK_PARAMS_XPATH =
- "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams";
- insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH);
- insertTo.removeChild(
- (Element) XPathUtils.selectSingleNode(
- reqElem,
- SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo"));
- Element[] dsigTransforms = idl.getDsigReferenceTransforms();
- for (int i = 0; i < 1; i++) //dsigTransforms.length; i++)
- {
- Element refInfo =
- insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo");
- insertTo.appendChild(refInfo);
- Element verifyTransformsInfoProfile =
- insertTo.getOwnerDocument().createElementNS(
- Constants.MOA_NS_URI,
- "VerifyTransformsInfoProfile");
- refInfo.appendChild(verifyTransformsInfoProfile);
- verifyTransformsInfoProfile.appendChild(
- insertTo.getOwnerDocument().importNode(dsigTransforms[i], true));
+ // build the request
+ Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+ requestElem_.appendChild(dateTimeElem);
+ Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+ dateTimeElem.appendChild(dateTime);
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+ Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+ verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+ // insert the base64 encoded identity link SAML assertion
+ String serializedAssertion = identityLink.getSerializedSamlAssertion();
+ String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8"));
+ //replace all '\r' characters by no char.
+ StringBuffer replaced = new StringBuffer();
+ for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+ char c = base64EncodedAssertion.charAt(i);
+ if (c != '\r') {
+ replaced.append(c);
+ }
}
+ base64EncodedAssertion = replaced.toString();
+ Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+ base64ContentElem.appendChild(base64Content);
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+ // add the transforms
+ Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+ signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+ Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+ for (int i = 0; i < dsigTransforms.length; i++) {
+ Element verifyTransformsInfoProfileElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+ referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+ verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));
+ }
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
} catch (Throwable t) {
- throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)");
- "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+ throw new ParseException("builder.00",
+ new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
}
- return reqElem;
+ return requestElem_;
}
-
+
+
/**
* Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
* from the signed AUTH-Block with a known trustProfileID which
@@ -154,59 +151,56 @@ public class VerifyXMLSignatureRequestBuilder {
CreateXMLSignatureResponse csr,
String[] verifyTransformsInfoProfileID,
String trustProfileID)
- throws ParseException { //samlAssertionObject
- request =
- "<?xml version='1.0' encoding='UTF-8' ?>"
- + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
- + " <VerifySignatureInfo>"
- + " <VerifySignatureEnvironment>"
- + " <XMLContent xml:space=\"preserve\"/>"
- + " </VerifySignatureEnvironment>"
- + " <VerifySignatureLocation>" + DSIG + "Signature</VerifySignatureLocation>"
- + " </VerifySignatureInfo>"
- + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
- + " <ReferenceInfo>";
-
- for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
- request += " <VerifyTransformsInfoProfileID>"
- + verifyTransformsInfoProfileID[i]
- + "</VerifyTransformsInfoProfileID>";
- // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....)
-
- }
-
- request += " </ReferenceInfo>" + " </SignatureManifestCheckParams>"
- // Testweise ReturnReferenceInputData = False
- +" <ReturnHashInputData/>"
- + " <TrustProfileID>"
- + trustProfileID
- + "</TrustProfileID>"
- + "</VerifyXMLSignatureRequest>";
-
+ throws BuildException { //samlAssertionObject
+
try {
- // Build a DOM-Tree of the obove String
- InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
- reqElem = DOMUtils.parseXmlValidating(s);
- //Insert the SAML-Assertion-Object
- String CONTENT_XPATH =
- "//"
- + MOA
- + "VerifyXMLSignatureRequest/"
- + MOA
- + "VerifySignatureInfo/"
- + MOA
- + "VerifySignatureEnvironment/"
- + MOA
- + "XMLContent";
-
- Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
- insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
+ // build the request
+// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:"
+// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+ Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+ verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+ xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+ // insert the SAML assertion
+ xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true));
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+ // add the transform profile IDs
+ Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+ signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+ for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+ Element verifyTransformsInfoProfileIDElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+ referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+ verifyTransformsInfoProfileIDElem.appendChild(
+ requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
+ }
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
} catch (Throwable t) {
- throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+ throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
}
- return reqElem;
+ return requestElem_;
}
}