diff options
Diffstat (limited to 'id.server/src')
134 files changed, 0 insertions, 16813 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java b/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java deleted file mode 100644 index 96a5e0673..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java +++ /dev/null @@ -1,31 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown during handling of AuthenticationSession - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationException extends MOAIDException { - - /** - * Constructor for AuthenticationException. - * @param messageId - */ - public AuthenticationException(String messageId, Object[] parameters) { - super(messageId, parameters, null); - } - /** - * Constructor for AuthenticationException. - * @param messageId - * @param parameters - * @param wrapped - */ - public AuthenticationException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/BuildException.java b/id.server/src/at/gv/egovernment/moa/id/BuildException.java deleted file mode 100644 index 785dce7a3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/BuildException.java +++ /dev/null @@ -1,34 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown while building an XML or HTML structure. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class BuildException extends MOAIDException { - - /** - * Constructor for BuildException. - * @param messageId - * @param parameters - */ - public BuildException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for BuildException. - * @param messageId - * @param parameters - * @param wrapped - */ - public BuildException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java b/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java deleted file mode 100644 index bce2c4778..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java +++ /dev/null @@ -1,159 +0,0 @@ -package at.gv.egovernment.moa.id; - -import java.io.PrintStream; -import java.io.PrintWriter; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.DOMImplementation; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.util.Constants; - -/** - * Base class of technical MOA exceptions. - * - * Technical exceptions are exceptions that originate from system failure (e.g., - * a database connection fails, a component is not available, etc.) - * - * @author Patrick Peck, Ivancsics Paul - * @version $Id$ - */ -public class MOAIDException extends Exception { - /** message ID */ - private String messageId; - /** wrapped exception */ - private Throwable wrapped; - - /** - * Create a new <code>MOAIDException</code>. - * - * @param messageId The identifier of the message associated with this - * exception. - * @param parameters Additional message parameters. - */ - public MOAIDException(String messageId, Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - this.messageId = messageId; - } - - /** - * Create a new <code>MOAIDException</code>. - * - * @param messageId The identifier of the message associated with this - * <code>MOAIDException</code>. - * @param parameters Additional message parameters. - * @param wrapped The exception wrapped by this - * <code>MOAIDException</code>. - */ - public MOAIDException( - String messageId, - Object[] parameters, - Throwable wrapped) { - - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - this.messageId = messageId; - this.wrapped = wrapped; - } - - /** - * Print a stack trace of this exception to <code>System.err</code>. - * - * @see java.lang.Throwable#printStackTrace() - */ - public void printStackTrace() { - printStackTrace(System.err); - } - - /** - * Print a stack trace of this exception, including the wrapped exception. - * - * @param s The stream to write the stack trace to. - * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) - */ - public void printStackTrace(PrintStream s) { - if (getWrapped() == null) - super.printStackTrace(s); - else { - s.print("Root exception: "); - getWrapped().printStackTrace(s); - } - } - - /** - * Print a stack trace of this exception, including the wrapped exception. - * - * @param s The stream to write the stacktrace to. - * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) - */ - public void printStackTrace(PrintWriter s) { - if (getWrapped() == null) - super.printStackTrace(s); - else { - s.print("Root exception: "); - getWrapped().printStackTrace(s); - } - } - - /** - * @return message ID - */ - public String getMessageId() { - return messageId; - } - - /** - * @return wrapped exception - */ - public Throwable getWrapped() { - return wrapped; - } - - /** - * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code> - * element from the MOA namespace. - * - * @return An <code>ErrorResponse</code> element, containing the subelements - * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema. - */ - public Element toErrorResponse() { - DocumentBuilder builder; - DOMImplementation impl; - Document doc; - Element errorResponse; - Element errorCode; - Element info; - - // create a new document - try { - builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - impl = builder.getDOMImplementation(); - } catch (ParserConfigurationException e) { - return null; - } - - // build the ErrorResponse element - doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); - errorResponse = doc.getDocumentElement(); - - // add MOA namespace declaration - errorResponse.setAttributeNS( - Constants.XMLNS_NS_URI, - "xmlns", - Constants.MOA_NS_URI); - - // build the child elements - errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); - errorCode.appendChild(doc.createTextNode(messageId)); - info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); - info.appendChild(doc.createTextNode(toString())); - errorResponse.appendChild(errorCode); - errorResponse.appendChild(info); - return errorResponse; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/ParseException.java b/id.server/src/at/gv/egovernment/moa/id/ParseException.java deleted file mode 100644 index a5e0088d9..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/ParseException.java +++ /dev/null @@ -1,34 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown while parsing an XML structure. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ParseException extends MOAIDException { - - /** - * Constructor for ParseException. - * @param messageId - * @param parameters - */ - public ParseException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ParseException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ParseException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java b/id.server/src/at/gv/egovernment/moa/id/ServiceException.java deleted file mode 100644 index 9e6ab2361..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java +++ /dev/null @@ -1,34 +0,0 @@ -package at.gv.egovernment.moa.id; - - -/** - * Exception thrown while calling the MOA-SPSS web service. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ServiceException extends MOAIDException { - - /** - * Constructor for ServiceException. - * @param messageId - * @param parameters - */ - public ServiceException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ServiceException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ServiceException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java deleted file mode 100644 index bc3e075be..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ /dev/null @@ -1,722 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import iaik.pki.PKIException; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.Calendar; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Map; -import java.util.Set; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; -import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.VPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; -import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * API for MOA ID Authentication Service.<br> - * {@link AuthenticationSession} is stored in a session store and retrieved - * by giving the session ID. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationServer implements MOAIDAuthConstants { - - /** single instance */ - private static AuthenticationServer instance; - /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data store - */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - /** - * Returns the single instance of <code>AuthenticationServer</code>. - * - * @return the single instance of <code>AuthenticationServer</code> - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - /** - * Constructor for AuthenticationServer. - */ - public AuthenticationServer() { - super(); - } - /** - * Processes request to select a BKU. - * <br/>Processing depends on value of {@link AuthConfigurationProvider#getBKUSelectionType}. - * <br/>For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> for the - * "BKU Auswahl" service is returned. - * <br/>For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection is returned. - * @param authURL base URL of MOA-ID Auth component - * @param target "Geschäftsbereich" - * @param oaURL online application URL requested - * @param bkuSelectionTemplateURL template for BKU selection form to be used - * in case of <code>HTMLSelect</code>; may be null - * @param templateURL URL providing an HTML template for the HTML form to be used - * for call <code>startAuthentication</code> - * @return for <code>bkuSelectionType==HTMLComplete</code>, the <code>returnURI</code> for the - * "BKU Auswahl" service; - * for <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection - * @throws WrongParametersException upon missing parameters - * @throws AuthenticationException when the configured BKU selection service cannot be reached, - * and when the given bkuSelectionTemplateURL cannot be reached - * @throws ConfigurationException on missing configuration data - * @throws BuildException while building the HTML form - */ - public String selectBKU( - String authURL, - String target, - String oaURL, - String bkuSelectionTemplateURL, - String templateURL) - throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - - //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); - - ConnectionParameter bkuConnParam = - AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); - if (bkuConnParam == null) - throw new ConfigurationException( - "config.08", - new Object[] { "BKUSelection/ConnectionParameter" }); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - AuthenticationSession session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - String returnURL = - new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL; - return redirectURL; - } else { - // bkuSelectionType==HTMLSelect - String bkuSelectTag; - try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); - } catch (Throwable ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { bkuConnParam.getUrl(), ex.toString()}, - ex); - } - String bkuSelectionTemplate = null; - if (bkuSelectionTemplateURL != null) { - try { - bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { bkuSelectionTemplateURL, ex.toString()}, - ex); - } - } - String htmlForm = - new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); - return htmlForm; - } - } - /** - * Method readBKUSelectTag. - * @param conf the ConfigurationProvider - * @param connParam the ConnectionParameter for that connection - * @return String - * @throws ConfigurationException on config-errors - * @throws PKIException on PKI errors - * @throws IOException on any data error - * @throws GeneralSecurityException on security errors - */ - private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - if (connParam.isHTTPSURL()) - return new String(SSLUtils.readHttpsURL(conf, connParam)); - else - return new String(FileUtils.readURL(connParam.getUrl())); - } - /** - * Processes the beginning of an authentication session. - * <ul> - * <li>Starts an authentication session</li> - * <li>Creates an <code><InfoboxReadRequest></code></li> - * <li>Creates an HTML form for querying the identity link from the - * security layer implementation. - * <br>Form parameters include - * <ul> - * <li>the <code><InfoboxReadRequest></code></li> - * <li>the data URL where the security layer implementation sends it response to</li> - * </ul> - * </ul> - * @param authURL URL of the servlet to be used as data URL - * @param target "Geschäftsbereich" of the online application requested - * @param oaURL online application URL requested - * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; - * may be <code>null</code>; in this case, the default location will be used - * @param templateURL URL providing an HTML template for the HTML form generated - * @return HTML form - * @throws AuthenticationException - * @see GetIdentityLinkFormBuilder - * @see InfoboxReadRequestBuilder - */ - public String startAuthentication( - String authURL, - String target, - String oaURL, - String templateURL, - String bkuURL, - String sessionID) - throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); - - //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = - AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); - } - AuthenticationSession session; - if (sessionID != null) - session = getSession(sessionID); - else { - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - } - String infoboxReadRequest = new InfoboxReadRequestBuilder().build(); - String dataURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_IDENTITY_LINK, - session.getSessionID()); - String template = null; - if (session.getTemplateURL() != null) { - try { - template = new String(FileUtils.readURL(session.getTemplateURL())); - } catch (IOException ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { session.getTemplateURL(), ex.toString()}, - ex); - } - } - String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); - String certInfoDataURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_START_AUTHENTICATION, - session.getSessionID()); - String htmlForm = - new GetIdentityLinkFormBuilder().build( - template, - bkuURL, - infoboxReadRequest, - dataURL, - certInfoRequest, - certInfoDataURL); - return htmlForm; - } - /** - * Processes an <code><InfoboxReadResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><InfoboxReadResponse></code></li> - * <li>Parses identity link enclosed in <code><InfoboxReadResponse></code></li> - * <li>Verifies identity link by calling the MOA SP component</li> - * <li>Checks certificate authority of identity link</li> - * <li>Stores identity link in the session</li> - * <li>Creates an authentication block to be signed by the user</li> - * <li>Creates and returns a <code><CreateXMLSignatureRequest></code> - * containg the authentication block, meant to be returned to the - * security layer implementation</li> - * </ul> - * - * @param sessionID ID of associated authentication session data - * @param xmlInfoboxReadResponse String representation of the - * <code><InfoboxReadResponse></code> - * @return String representation of the <code><CreateXMLSignatureRequest></code> - */ - public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse) - throws - AuthenticationException, - ParseException, - ConfigurationException, - ValidateException, - ServiceException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); - if (isEmpty(xmlInfoboxReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); - AuthenticationSession session = getSession(sessionID); - if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", new Object[] { sessionID }); - session.setTimestampIdentityLink(); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - // parses the <InfoboxReadResponse> - IdentityLink identityLink = - new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); - // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); - // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP - Element domVerifyXMLSignatureRequest = - new VerifyXMLSignatureRequestBuilder().build( - identityLink, - authConf.getMoaSpIdentityLinkTrustProfileID()); - // debug output - if(null != domVerifyXMLSignatureRequest) - debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest); - // invokes the call - Element domVerifyXMLSignatureResponse = - new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse verifyXMLSignatureResponse = - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); - // debug output - if(null != domVerifyXMLSignatureResponse) - debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse); - // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), - VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); - - session.setIdentityLink(identityLink); - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); - session.setAuthBlock(authBlock); - // builds the <CreateXMLSignatureRequest> - String[] transformInfos = authConf.getTransformsInfos(); - String createXMLSignatureRequest = - new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos); - return createXMLSignatureRequest; - } - /** - * Builds an authentication block <code><saml:Assertion></code> from given session data. - * @param session authentication session - * @return <code><saml:Assertion></code> as a String - */ - private String buildAuthenticationBlock(AuthenticationSession session) { - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getGivenName() + " " + identityLink.getFamilyName(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String oaURL = session.getPublicOAURLPrefix(); - String authBlock = - new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL); - return authBlock; - } - /** - * Processes a <code><CreateXMLSignatureResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><CreateXMLSignatureResponse></code></li> - * <li>Parses <code><CreateXMLSignatureResponse></code> for error codes</li> - * <li>Parses authentication block enclosed in - * <code><CreateXMLSignatureResponse></code></li> - * <li>Verifies authentication block by calling the MOA SP component</li> - * <li>Creates authentication data</li> - * <li>Creates a corresponding SAML artifact</li> - * <li>Stores authentication data in the authentication data store - * indexed by the SAML artifact</li> - * <li>Deletes authentication session</li> - * <li>Returns the SAML artifact, encoded BASE64</li> - * </ul> - * - * @param sessionID session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse String representation of the - * <code><CreateXMLSignatureResponse></code> - * @return SAML artifact needed for retrieving authentication data, encoded BASE64 - */ - public String verifyAuthenticationBlock( - String sessionID, - String xmlCreateXMLSignatureReadResponse) - throws - AuthenticationException, - BuildException, - ParseException, - ConfigurationException, - ServiceException, - ValidateException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); - if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); - AuthenticationSession session = getSession(sessionID); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - // parses <CreateXMLSignatureResponse> - CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); - // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate( - csresp, - session.getTarget(), - session.getPublicOAURLPrefix()); - // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); - // debug output - if(null != domVsreq) - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq); - // invokes the call - Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); - // debug output - if(null != domVsresp) - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp); - // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate( - vsresp, - null, - VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); - // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( - vsresp, - session.getIdentityLink()); - - // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); - String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); - storeAuthenticationData(samlArtifact, authData); - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info( - "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; - } - /** - * Builds the AuthenticationData object together with the - * corresponding <code><saml:Assertion></code> - * @param session authentication session - * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP - * @return AuthenticationData object - * @throws ConfigurationException while accessing configuration data - * @throws BuildException while building the <code><saml:Assertion></code> - */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = - new VPKBuilder().buildVPK( - identityLink.getIdentificationValue(), - identityLink.getDateOfBirth(), - session.getTarget()); - authData.setVPK(vpkBase64); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl()); - - try { - String ilAssertion = - oaParam.getProvideIdentityLink() - ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) - : ""; - String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; - String samlAssertion = - new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion); - authData.setSamlAssertion(samlAssertion); - return authData; - } catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "AuthenticationData", ex.toString()}, - ex); - } - } - /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws AuthenticationException { - String assertionHandle; - try { - assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); - } catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); - } - AuthenticationData authData = null; - synchronized (authenticationDataStore) { - authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); - throw new AuthenticationException("1206", new Object[] { samlArtifact }); - } - authenticationDataStore.remove(assertionHandle); - } - long now = new Date().getTime(); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", new Object[] { samlArtifact }); - Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } - /** - * Stores authentication data indexed by the assertion handle contained in the - * given saml artifact. - * @param samlArtifact SAML artifact - * @param authData authentication data - * @throws AuthenticationException when SAML artifact is invalid - */ - private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) - throws AuthenticationException { - - try { - SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); - // check type code 0x0001 - byte[] typeCode = parser.parseTypeCode(); - if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); - synchronized (authenticationDataStore) { - Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); - } - } catch (AuthenticationException ex) { - throw ex; - } catch (Throwable ex) { - throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); - } - } - /** - * Creates a new session and puts it into the session store. - * - * @param id Session ID - * @return AuthenticationSession created - * @exception AuthenticationException - * thrown when an <code>AuthenticationSession</code> is running - * already for the given session ID - */ - private static AuthenticationSession newSession() throws AuthenticationException { - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); - } - return newSession; - } - /** - * Retrieves a session from the session store. - * - * @param id session ID - * @return <code>AuthenticationSession</code> stored with given session ID, - * <code>null</code> if session ID unknown - */ - public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = (AuthenticationSession) sessionStore.get(id); - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; - } - /** - * Cleans up expired session and authentication data stores. - */ - public void cleanup() { - long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info( - MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", - new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } - synchronized (authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlArtifact = (String) iter.next(); - AuthenticationData authData = - (AuthenticationData) authenticationDataStore.get(samlArtifact); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info( - MOAIDMessageProvider.getInstance().getMessage( - "cleaner.03", - new Object[] { samlArtifact })); - authenticationDataStore.remove(samlArtifact); - } - } - } - } - - /** - * Sets the sessionTimeOut. - * @param sessionTimeOut time out in seconds - */ - public void setSecondsSessionTimeOut(long seconds) { - sessionTimeOut = 1000 * seconds; - } - /** - * Sets the authDataTimeOut. - * @param authDataTimeOut time out in seconds - */ - public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = 1000 * seconds; - } - - /** - * Checks a parameter. - * @param param parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - - /** - * Writes an XML structure to file for debugging purposes, encoding UTF-8. - * - * @param filename file name - * @param rootElem root element in DOM tree - */ - public static void debugOutputXMLFile(String filename, Element rootElem) { - if (Logger.isDebugEnabled(DEBUG_OUTPUT_HIERARCHY)) { - try { - String xmlString = new String(DOMUtils.serializeNode(rootElem)); - debugOutputXMLFile(filename, xmlString); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - } - /** - * Writes an XML structure to file for debugging purposes, encoding UTF-8. - * - * @param filename file name - * @param xmlString XML string - */ - public static void debugOutputXMLFile(String filename, String xmlString) { - if (Logger.isDebugEnabled(DEBUG_OUTPUT_HIERARCHY)) { - try { - java.io.OutputStream fout = new java.io.FileOutputStream(filename); - byte[] xmlData = xmlString.getBytes("UTF-8"); - fout.write(xmlData); - fout.close(); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java deleted file mode 100644 index 7e5ed6ec7..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ /dev/null @@ -1,52 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Thread cleaning the <code>AuthenticationServer</code> session store - * and authentication data store from garbage. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationSessionCleaner implements Runnable { - - /** interval the <code>AuthenticationSessionCleaner</code> is run in */ - private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min - - /** - * Runs the thread. Cleans the <code>AuthenticationServer</code> session store - * and authentication data store from garbage, then sleeps for given interval, and restarts. - */ - public void run() { - while (true) { - try { - Logger.debug("AuthenticationSessionCleaner run"); - AuthenticationServer.getInstance().cleanup(); - } - catch (Exception e) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e); - } - try { - Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); - } - catch (InterruptedException e) { - } - } - } - - /** - * start the sessionCleaner - */ - public static void start() { - // start the session cleanup thread - Thread sessionCleaner = - new Thread(new AuthenticationSessionCleaner()); - sessionCleaner.setName("SessionCleaner"); - sessionCleaner.setDaemon(true); - sessionCleaner.setPriority(Thread.MIN_PRIORITY); - sessionCleaner.start(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java deleted file mode 100644 index ddba20049..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ /dev/null @@ -1,53 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -/** - * Constants used throughout moa-id-auth component. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public interface MOAIDAuthConstants { - - /** servlet parameter "Target" */ - public static final String PARAM_TARGET = "Target"; - /** servlet parameter "OA" */ - public static final String PARAM_OA = "OA"; - /** servlet parameter "bkuURI" */ - public static final String PARAM_BKU = "bkuURI"; - /** servlet parameter "BKUSelectionTemplate" */ - public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; - /** servlet parameter "returnURI" */ - public static final String PARAM_RETURN = "returnURI"; - /** servlet parameter "Template" */ - public static final String PARAM_TEMPLATE = "Template"; - /** servlet parameter "MOASessionID" */ - public static final String PARAM_SESSIONID = "MOASessionID"; - /** servlet parameter "XMLResponse" */ - public static final String PARAM_XMLRESPONSE = "XMLResponse"; - /** servlet parameter "SAMLArtifact" */ - public static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */ - public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ - public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ - public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; - /** Logging hierarchy used for controlling debug output of XML structures to files */ - public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_EXPIRES = "Expires"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_PRAGMA = "Pragma"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_PRAGMA = "no-cache"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_CACHE_CONTROL = "Cache-control"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0"; - - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java deleted file mode 100644 index f9bec8b76..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ /dev/null @@ -1,118 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import iaik.pki.PKIException; -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.security.GeneralSecurityException; - -import java.io.IOException; - -import javax.net.ssl.SSLSocketFactory; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; -import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; - -/** - * Web application initializer - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDAuthInitializer { - - /** a boolean identifying if the MOAIDAuthInitializer has been startet */ - public static boolean initialized = false; - - - - /** - * Initializes the web application components which need initialization: - * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. - */ - public static void initialize() - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - if (initialized) - return; - initialized=true; - Logger.setHierarchy("moa.id.auth"); - // Restricts TLS cipher suites - System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader(); - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } - catch (ClassNotFoundException e) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); - } - - // Initializes SSLSocketFactory store - SSLUtils.initialize(); - - // Loads the configuration - AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); - ConnectionParameter moaSPConnParam = authConf.getMoaSpConnectionParameter(); - - // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK - if (moaSPConnParam == null) { - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - ConfigurationProvider config = ConfigurationProvider.getInstance(); - new IaikConfigurator().configure(config); - } - catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { - throw new ConfigurationException("config.10", new Object[] { ex.toString() }, ex); - } - } - - // Initializes IAIKX509TrustManager logging - String log4jConfigURL = System.getProperty("log4j.configuration"); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - - // Initializes the Axis secure socket factory for use in calling the MOA-SP web service - if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, moaSPConnParam); - AxisSecureSocketFactory.initialize(ssf); - } - - // sets the authentication session and authentication data time outs - String param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); - if (param != null) { - long sessionTimeOut = 0; - try { sessionTimeOut = new Long(param).longValue(); } - catch (NumberFormatException ex) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY})); - } - if (sessionTimeOut > 0) - AuthenticationServer.getInstance().setSecondsSessionTimeOut(sessionTimeOut); - } - param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); - if (param != null) { - long authDataTimeOut = 0; - try { authDataTimeOut = new Long(param).longValue(); } - catch (NumberFormatException ex) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY})); - } - if (authDataTimeOut > 0) - AuthenticationServer.getInstance().setSecondsAuthDataTimeOut(authDataTimeOut); - } - - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java deleted file mode 100644 index 3ce2798ea..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ /dev/null @@ -1,21 +0,0 @@ -package at.gv.egovernment.moa.id.auth; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown when the <code>AuthenticationServer</code> API is - * called with wrong parameters provided. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class WrongParametersException extends MOAIDException { - - /** - * Constructor - */ - public WrongParametersException(String call, String parameter) { - super("auth.05", new Object[] {call, parameter}); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java deleted file mode 100644 index 4babf948c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ /dev/null @@ -1,56 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the authentication block <code><saml:Assertion></code> - * to be included in a <code><CreateXMLSignatureResponse></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationBlockAssertionBuilder implements Constants { - /** private static String nl contains the NewLine representation in Java*/ - private static String nl = "\n"; - /** private static String AUTH_BLOCK contains an XML-Auth-Block-Template */ - private static String AUTH_BLOCK = - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{0}'' IssueInstant=''{1}''>" + nl + - " <saml:AttributeStatement>" + nl + - " <saml:Subject>" + nl + - " <saml:NameIdentifier>{2}</saml:NameIdentifier>" + nl + - " </saml:Subject>" + nl + - " <saml:Attribute AttributeName=''Geschäftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{3}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl + - " <saml:AttributeValue>{4}</saml:AttributeValue>" + nl + - " </saml:Attribute>" + nl + - " </saml:AttributeStatement>" + nl + - "</saml:Assertion>"; - - /** - * Constructor for AuthenticationBlockAssertionBuilder. - */ - public AuthenticationBlockAssertionBuilder() { - super(); - } - /** - * Builds the authentication block <code><saml:Assertion></code>. - * - * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code> - * @param issueInstant current timestamp - * @param authURL URL of MOA-ID authentication component - * @param target "Geschäftsbereich" - * @param oaURL public URL of online application requested - * @return String representation of authentication block - * <code><saml:Assertion></code> built - */ - public String build(String issuer, String issueInstant, String authURL, String target, String oaURL) { - String assertion = MessageFormat.format( - AUTH_BLOCK, new Object[] { issuer, issueInstant, authURL, target, oaURL }); - return assertion; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java deleted file mode 100644 index fd7cb1a9d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ /dev/null @@ -1,114 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationDataAssertionBuilder implements Constants { - /** private static String NL contains the NewLine representation in Java*/ - private static final String NL = "\n"; - /** - * XML template for the <code><saml:Assertion></code> to be built - */ - private static final String AUTH_DATA = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + - " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + - " <saml:AttributeStatement>" + NL + - " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''http://reference.e-government.gv.at/names/vpk/20020221#''>{3}</saml:NameIdentifier>" + NL + - " <saml:SubjectConfirmation>" + NL + - " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{4}{5}</saml:SubjectConfirmationData>" + NL + - " </saml:SubjectConfirmation>" + NL + - " </saml:Subject>" + NL + - " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - "{8}" + - " </saml:AttributeStatement>" + NL + - "</saml:Assertion>"; - /** - * XML template for the <code><saml:Attribute></code> named <code>"isPublicAuthority"</code>, - * to be inserted into the <code><saml:Assertion></code> - */ - private static final String PUBLIC_AUTHORITY_ATT = - " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL + - " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL; - - /** - * Constructor for AuthenticationDataAssertionBuilder. - */ - public AuthenticationDataAssertionBuilder() { - super(); - } - - /** - * Builds the authentication data <code><saml:Assertion></code>. - * - * @param authData the <code>AuthenticationData</code> to build the - * <code><saml:Assertion></code> from - * @param xmlPersonData <code>lt;pr:Person></code> element as a String - * @param xmlAuthBlock authentication block to be included in a - * <code>lt;saml:SubjectConfirmationData></code> element; may include - * the <code>"ZMR-Zahl"</code> or not; may be empty - * @param xmlIdentityLink the IdentityLink - * @return the <code><saml:Assertion></code> - * @throws BuildException if an error occurs during the build process - */ - public String build( - AuthenticationData authData, - String xmlPersonData, - String xmlAuthBlock, - String xmlIdentityLink) throws BuildException { - - String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; - String publicAuthorityAttribute = ""; - if (authData.isPublicAuthority()) { - String publicAuthorityIdentification = authData.getPublicAuthorityCode(); - if (publicAuthorityIdentification == null) - publicAuthorityIdentification = "True"; - publicAuthorityAttribute = MessageFormat.format( - PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); - } - - String assertion = MessageFormat.format(AUTH_DATA, new Object[] { - authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstant(), - authData.getVPK(), - removeXMLDeclaration(xmlAuthBlock), - removeXMLDeclaration(xmlIdentityLink), - removeXMLDeclaration(xmlPersonData), - isQualifiedCertificate, - publicAuthorityAttribute}); - return assertion; - } - - /** - * Removes the XML declaration from an XML expression. - * @param xmlString XML expression as String - * @return XML expression, XML declaration removed - */ - private String removeXMLDeclaration(String xmlString) { - if (xmlString.startsWith("<?xml")) { - int firstElement = xmlString.indexOf("<", 1); - return xmlString.substring(firstElement); - } - else return xmlString; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java deleted file mode 100644 index e5bbaa585..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java +++ /dev/null @@ -1,30 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Base class for HTML/XML builders providing commonly useful functions. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class Builder { - - /** - * Replaces a special tag in an XML or HTML template by a value. - * @param htmlTemplate template - * @param tag special tag - * @param value value replacing the tag - * @return XML or HTML code, the tag replaced - * @throws BuildException when template does not contain the tag - */ - protected String replaceTag(String template, String tag, String value) throws BuildException { - int index = template.indexOf(tag); - if (index < 0) - throw new BuildException( - "builder.01", - new Object[] {"<" + tag.substring(1, tag.length() - 1) + ">"}); - return template.substring(0, index) + value + template.substring(index + tag.length()); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index 5ceb1d1c0..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,51 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.IOException; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * Builder for the <code><VerifyXMLSignatureRequest></code> structure - * used for presenting certificate information in the secure viewer of the security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder { - - /** special tag in the VerifyXMLRequest template to be substituted for a <code><dsig:Signature></code> */ - private static final String SIGNATURE_TAG = "<dsig:Signature/>"; - - /** - * Constructor - */ - public CertInfoVerifyXMLSignatureRequestBuilder() { - super(); - } - /** - * Builds the <code><VerifyXMLSignatureRequest></code> structure. - * @return the XML structure - * @throws BuildException - */ - public String build() throws BuildException { - String resCertInfoRequest = "resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml"; - String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; - String certInfoRequest; - try { - certInfoRequest = FileUtils.readResource(resCertInfoRequest, "UTF-8"); - } - catch (IOException ex) { - throw new BuildException("auth.04", new Object[] {resCertInfoRequest, ex.toString()}); - } - try { - String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); - certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature); - return certInfoRequest; - } - catch (IOException ex) { - throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()}); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java deleted file mode 100644 index f8c287cb6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,60 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <code><CreateXMLSignatureRequest></code> structure - * used for requesting a signature under the authentication block from the - * security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class CreateXMLSignatureRequestBuilder implements Constants { - /** private static String nl contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** - * XML template for the <code><moa:CreateXMLSignatureRequest></code> to be built - */ - private static final String CREATE_XML_SIGNATURE_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + - "<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl + - " <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl + - //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair - //" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl + - " <sl11:DataObjectInfo Structure=''detached''>" + nl + - " <sl10:DataObject Reference=''''/>" + nl + - "{1}" + - " </sl11:DataObjectInfo>" + nl + - " <sl11:SignatureInfo>" + nl + - " <sl11:SignatureEnvironment>" + nl + - " <sl10:XMLContent>{0}</sl10:XMLContent>" + nl + - " </sl11:SignatureEnvironment>" + nl + - " <sl11:SignatureLocation Index=''2''>/saml:Assertion</sl11:SignatureLocation>" + nl + - " </sl11:SignatureInfo>" + nl + - "</sl11:CreateXMLSignatureRequest>"; - - /** - * Constructor for CreateXMLSignatureRequestBuilder. - */ - public CreateXMLSignatureRequestBuilder() { - super(); - } - - /** - * Builds the <code><CreateXMLSignatureRequest></code>. - * - * @param authBlock String representation of XML authentication block - * @return String representation of <code><CreateXMLSignatureRequest></code> - */ - public String build(String authBlock, String[] dsigTransformInfos) { - String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) - dsigTransformInfosString += dsigTransformInfos[i]; - String request = MessageFormat.format( - CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString }); - return request; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java deleted file mode 100644 index 30cc1df5a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Builds a DataURL parameter meant for the security layer implementation - * to respond to. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class DataURLBuilder { - - /** - * Constructor for DataURLBuilder. - */ - public DataURLBuilder() { - super(); - } - - /** - * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>, - * including the <code>MOASessionID</code> as a parameter. - * - * @param authBaseURL base URL (context path) of the MOA ID Authentication component, - * including a trailing <code>'/'</code> - * @param authServletName request part of the data URL - * @param sessionID sessionID to be included in the dataURL - * @return String - */ - public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - - String individualDataURLPrefix = null; - String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } - - dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); - return dataURL; - } - - /** - * Method addParameter. - * @param urlString represents the url - * @param paramname is the parameter to be added - * @param value is the value of that parameter - * @return String - */ - private String addParameter(String urlString, String paramname, String value) { - String url = urlString; - if (paramname != null) { - if (url.indexOf("?") < 0) - url += "?"; - else - url += "&"; - url += paramname + "=" + value; - } - return url; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java deleted file mode 100644 index 8391fdd62..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ /dev/null @@ -1,137 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.IOException; -import java.io.StringReader; -import java.io.StringWriter; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Builder for HTML form requesting the security layer implementation - * to get the identity link from smartcard by a <code><InfoboxReadRequest></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetIdentityLinkFormBuilder extends Builder { - /** private static String NL contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** special tag in the HTML template to be substituted for the BKU URL */ - private static final String BKU_TAG = "<BKU>"; - /** special tag in the HTML template to be substituted for the XML request */ - private static final String XMLREQUEST_TAG = "<XMLRequest>"; - /** special tag in the HTML template to be substituted for the data URL */ - private static final String DATAURL_TAG = "<DataURL>"; - /** special tag in the HTML template to be substituted for certificate info XML request */ - private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>"; - /** special tag in the HTML template to be substituted for the certificate info data URL */ - private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>"; - - /** default BKU URL */ - private static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; - /** default HTML template */ - private static final String DEFAULT_HTML_TEMPLATE = - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + - "<html>" + nl + - "<head>" + nl + - "<title>Auslesen der Personenbindung</title>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"GetIdentityLinkForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + DATAURL_TAG + "\"/>" + nl + - " <input type=\"submit\" value=\"Auslesen der Personenbindung\"/>" + nl + - "</form>" + nl + - "<form name=\"CertificateInfoForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl + - " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + - "</form>" + nl + - "</body>" + nl + - "</html>"; - - /** - * Constructor for GetIdentityLinkFormBuilder. - */ - public GetIdentityLinkFormBuilder() { - super(); - } - /** - * Builds the HTML form, including XML Request and data URL as parameters. - * - * @param htmlTemplate template to be used for the HTML form; - * may be <code>null</code>, in this case a default layout will be produced - * @param xmlRequest XML Request to be sent as a parameter in the form - * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; - * may be <code>null</code>, in this case the default URL will be used - * @param dataURL DataURL to be sent as a parameter in the form - */ - public String build( - String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL) - throws BuildException { - - String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); - htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest)); - htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL); - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); - htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest)); - htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL); - return htmlForm; - } - /** - * Encodes a string for inclusion as a parameter in the form. - * Double quotes are substituted by <code>"&quot;"</code>. - * @param s the string to be encoded - * @return the string encoded - * @throws BuildException on any exception encountered - */ - public static String encodeParameter(String s) throws BuildException { - StringReader in = new StringReader(s); - StringWriter out = new StringWriter(); - try { - for (int ch = in.read(); ch >= 0; ch = in.read()) { - if (ch == '"') - out.write("""); - else if (ch == '<') - out.write("<"); - else if (ch == '>') - out.write(">"); - else if (ch == 'ä') - out.write("ä"); - else if (ch == 'ö') - out.write("ö"); - else if (ch == 'ü') - out.write("ü"); - else if (ch == 'Ä') - out.write("Ä"); - else if (ch == 'Ö') - out.write("Ö"); - else if (ch == 'Ü') - out.write("Ü"); - else if (ch == 'ß') - out.write("ß"); - else - out.write(ch); - } - } - catch (IOException ex) { - throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); - } - return out.toString(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java deleted file mode 100644 index d3e100671..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ /dev/null @@ -1,39 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <code><InfoboxReadRequest></code> structure - * used for requesting the identity link from the security layer implementation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class InfoboxReadRequestBuilder implements Constants { - - /** - * XML template for the <code><sl10:InfoboxReadRequest></code> to be built - */ - String INFOBOX_READ_REQUEST = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<sl10:InfoboxReadRequest xmlns:sl10=\"" + SL10_NS_URI + "\">" + - "<sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier>" + - "<sl10:BinaryFileParameters ContentIsXMLEntity=\"true\"/>" + - "</sl10:InfoboxReadRequest>"; - - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilder() { - } - /** - * Builds an <code><InfoboxReadRequest></code>. - * - * @return <code><InfoboxReadRequest></code> as String - */ - public String build() { - String request = INFOBOX_READ_REQUEST; - return request; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java deleted file mode 100644 index 85ec1cb7f..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ /dev/null @@ -1,58 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Builder for the <code>lt;pr:Person></code> element to be inserted - * in the authentication data <code>lt;saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PersonDataBuilder { - - /** - * Constructor for PersonDataBuilder. - */ - public PersonDataBuilder() { - super(); - } - /** - * Builds the <code><pr:Person></code> element.<br/> - * Utilizes the parsed <code><prPerson></code> from the identity link - * and the information regarding inclusion of <code>"ZMR-Zahl"</code> in the - * <code><pr:Person></code> data. - * - * @param identityLink <code>IdentityLink</code> containing the - * attribute <code>prPerson</code> - * @param provideZMRZahl true if <code>"ZMR-Zahl"</code> is to be included; - * false otherwise - * @return the <code><pr:Person></code> element as a String - * @throws BuildException on any error - */ - public String build(IdentityLink identityLink, boolean provideZMRZahl) - throws BuildException { - - try { - Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); - if (! provideZMRZahl) { - Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification"); - prPerson.removeChild(prIdentification); - } - String xmlString = DOMUtils.serializeNode(prPerson); - return xmlString; - } - catch (Exception ex) { - throw new BuildException( - "builder.00", - new Object[] {"PersonData", ex.toString()}, - ex); - } - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java deleted file mode 100644 index 27e19e830..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ /dev/null @@ -1,60 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayOutputStream; -import java.security.MessageDigest; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Builder for the SAML artifact, as defined in the - * Browser/Artifact profile of SAML. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLArtifactBuilder { - - /** - * Constructor for SAMLArtifactBuilder. - */ - public SAMLArtifactBuilder() { - super(); - } - - /** - * Builds the SAML artifact, encoded BASE64. - * <ul> - * <li><code>TypeCode</code>: <code>0x0001</code>.</li> - * <li><code>SourceID</code>: SHA-1 hash of the authURL</li> - * <li><code>AssertionHandle</code>: SHA-1 hash of the <code>MOASessionID</code></li> - * </ul> - * @param authURL URL auf the MOA-ID Auth component to be used for construction - * of <code>SourceID</code> - * @param sessionID <code>MOASessionID</code> to be used for construction - * of <code>AssertionHandle</code> - * @return the 42-byte SAML artifact, encoded BASE64 - */ - public String build(String authURL, String sessionID) throws BuildException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] sourceID = md.digest(authURL.getBytes()); - byte[] assertionHandle = md.digest(sessionID.getBytes()); - ByteArrayOutputStream out = new ByteArrayOutputStream(42); - out.write(0); - out.write(1); - out.write(sourceID, 0, 20); - out.write(assertionHandle, 0, 20); - byte[] samlArtifact = out.toByteArray(); - String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - return samlArtifactBase64; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java deleted file mode 100644 index a4fb5579e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ /dev/null @@ -1,100 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * Builder for the <code>lt;samlp:Response></code> used for passing - * result and status information from the <code>GetAuthenticationData</code> - * web service. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseBuilder implements Constants { - /** XML - Template for samlp:Response */ - private static final String RESPONSE = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Response xmlns:samlp=\"" + SAMLP_NS_URI + "\" xmlns:saml=\"" + SAML_NS_URI + "\"" + - " ResponseID=\"{0}\" InResponseTo=\"{1}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{2}\">" + - " <samlp:Status>" + - " <samlp:StatusCode Value=\"{3}\">" + - " {4}" + - " </samlp:StatusCode>" + - " <samlp:StatusMessage>{5}</samlp:StatusMessage>" + - " </samlp:Status>" + - " {6}" + - "</samlp:Response>"; - /** XML - Template for samlp:StatusCode */ - private static final String SUB_STATUS_CODE = - "<samlp:StatusCode Value=\"{0}\"></samlp:StatusCode>"; - - /** - * Constructor for SAMLResponseBuilder. - */ - public SAMLResponseBuilder() { - super(); - } - /** - * Builds the SAML response. - * @param responseID response ID - * @param inResponseTo request ID of <code>lt;samlp:Request></code> responded to - * @param issueInstant current timestamp - * @param statusCode status code - * @param subStatusCode sub-status code refining the status code; may be <code>null</code> - * @param statusMessage status message - * @param samlAssertion SAML assertion representing authentication data - * @return SAML response as a DOM element - */ - public Element build( - String responseID, - String inResponseTo, - String issueInstant, - String statusCode, - String subStatusCode, - String statusMessage, - String samlAssertion) - throws BuildException { - - try { - String xmlSubStatusCode = - subStatusCode == null ? - "" : - MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode}); - String xmlResponse = MessageFormat.format(RESPONSE, new Object[] { - responseID, - inResponseTo, - issueInstant, - statusCode, - xmlSubStatusCode, - statusMessage, - removeXMLDeclaration(samlAssertion) }); - Element domResponse = DOMUtils.parseDocument(xmlResponse, true, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - return domResponse; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "samlp:Response", ex.toString() }, - ex); - } - } - /** - * Removes the XML declaration from an XML expression. - * @param xmlString XML expression as String - * @return XML expression, XML declaration removed - */ - private String removeXMLDeclaration(String xmlString) { - if (xmlString.startsWith("<?xml")) { - int firstElement = xmlString.indexOf("<", 1); - return xmlString.substring(firstElement); - } - else return xmlString; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java deleted file mode 100644 index 363cd65a3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java +++ /dev/null @@ -1,63 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Builder for the BKU selection form requesting the user to choose - * a BKU from a list. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SelectBKUFormBuilder extends Builder { - /** private static String NL contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** special tag in the HTML template to be substituted for the form action which is - * a URL of MOA-ID Auth */ - private static final String ACTION_TAG = "<StartAuth>"; - /** special tag in the HTML template to be substituted for the <code><select;gt;</code> tag - * containing the BKU selection options */ - private static final String SELECT_TAG = "<BKUSelect>"; - /** - * Template for the default html-code to be returned as security-layer-selection to be built - */ - private static final String DEFAULT_HTML_TEMPLATE = - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + - "<html>" + nl + - "<head>" + nl + - "<title>Auswahl der Bürgerkartenumgebung</title>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"BKUSelectionForm\"" + nl + - " action=\"" + ACTION_TAG + "\"" + nl + - " method=\"post\">" + nl + - SELECT_TAG + nl + - " <input type=\"submit\" value=\"Bürgerkartenumgebung auswählen\"/>" + nl + - "</form>" + nl + - "</body>" + nl + - "</html>"; - - /** - * Constructor - */ - public SelectBKUFormBuilder() { - super(); - } - /** - * Method build. Builds the form - * @param htmlTemplate to be used - * @param startAuthenticationURL the url where the startAuthenticationServlet can be found - * @param bkuSelectTag if a special bku should be used - * @return String - * @throws BuildException on any error - */ - public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag) - throws BuildException { - - String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL); - htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag); - return htmlForm; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java deleted file mode 100644 index c18156a01..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java +++ /dev/null @@ -1,52 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.security.MessageDigest; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Builder for the VPK, as defined in - * <code>"Ableitung f¨r die verfahrensspezifische Personenkennzeichnung"</code> - * version <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class VPKBuilder { - - /** - * Builds the VPK from given parameters. - * @param identificationValue "ZMR-Zahl" - * @param dateOfBirth "Geburtsdatum" - * @param target "Verfahrensname"; will be transformed to lower case - * @return VPK in a BASE64 encoding - * @throws BuildException while building the VPK - */ - public String buildVPK(String identificationValue, String dateOfBirth, String target) - throws BuildException { - - if (identificationValue == null || identificationValue.length() == 0 - || dateOfBirth == null || dateOfBirth.length() == 0 - || target == null || target.length() == 0) - throw new BuildException( - "builder.00", - new Object[] {"VPK", - "Unvollständige Parameterangaben: identificationValue=" + identificationValue + - ",dateOfBirth=" + dateOfBirth + ",target=" + target}); - String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase(); - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes()); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } - catch (Exception ex) { - throw new BuildException( - "builder.00", - new Object[] {"VPK", ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index 863162fd9..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,203 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Builder for the <code><VerifyXMLSignatureRequestBuilder></code> structure - * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilder { - /** The MOA-Prefix */ - private static final String MOA = Constants.MOA_PREFIX + ":"; - /** the request as string */ - private String request; - /** the request as DOM-Element */ - private Element reqElem; - - /** - * Constructor for VerifyXMLSignatureRequestBuilder. - */ - public VerifyXMLSignatureRequestBuilder() {} - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param idl - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build(IdentityLink idl, String trustProfileID) throws ParseException - { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <XMLContent xml:space=\"preserve\"/>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung - +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>" - // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) - +" </ReferenceInfo>" + " </SignatureManifestCheckParams>" - - // Testweise ReturnReferenceInputData = False - - +" <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - - try { - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "XMLContent"; - - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true)); - - String SIGN_MANI_CHECK_PARAMS_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "SignatureManifestCheckParams"; - insertTo = - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH); - insertTo.removeChild( - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo")); - Element[] dsigTransforms = idl.getDsigReferenceTransforms(); - for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) - { - Element refInfo = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "ReferenceInfo"); - insertTo.appendChild(refInfo); - Element verifyTransformsInfoProfile = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "VerifyTransformsInfoProfile"); - refInfo.appendChild(verifyTransformsInfoProfile); - verifyTransformsInfoProfile.appendChild( - insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); - } - } - catch (Throwable t) { - throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)"); - "builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, - t); - } - - return reqElem; - } - - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param idl - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build( - CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, - String trustProfileID) - throws ParseException { //samlAssertionObject - request = - "<?xml version='1.0' encoding='UTF-8' ?>" - + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" - + " <VerifySignatureInfo>" - + " <VerifySignatureEnvironment>" - + " <XMLContent xml:space=\"preserve\"/>" - + " </VerifySignatureEnvironment>" - + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>" - + " </VerifySignatureInfo>" - + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">" - + " <ReferenceInfo>"; - - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - request += " <VerifyTransformsInfoProfileID>" + - verifyTransformsInfoProfileID[i] + - "</VerifyTransformsInfoProfileID>"; - // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) - - } - - request += " </ReferenceInfo>" - + " </SignatureManifestCheckParams>" - // Testweise ReturnReferenceInputData = False - +" <ReturnHashInputData/>" - + " <TrustProfileID>" - + trustProfileID - + "</TrustProfileID>" - + "</VerifyXMLSignatureRequest>"; - - try { - // Build a DOM-Tree of the obove String - InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); - reqElem = DOMUtils.parseXmlValidating(s); - //Insert the SAML-Assertion-Object - String CONTENT_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "VerifySignatureInfo/" - + MOA - + "VerifySignatureEnvironment/" - + MOA - + "XMLContent"; - - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); - - } - catch (Throwable t) { - throw new ParseException( - "builder.00", - new Object[] { "VerifyXMLSignatureRequest" }, - t); - } - - return reqElem; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java deleted file mode 100644 index ba4a9e367..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ /dev/null @@ -1,220 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import java.util.Date; - - -/** - * Session data to be stored between <code>AuthenticationServer</code> API calls. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationSession { - /** - * session ID - */ - private String sessionID; - /** - * "Geschäftsbereich" the online application belongs to - */ - private String target; - /** - * public online application URL requested - */ - private String oaURLRequested; - /** - * public online application URL prefix - */ - private String oaPublicURLPrefix; - /** - * URL of MOA ID authentication component - */ - private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * identity link read from smartcard - */ - private IdentityLink identityLink; - /** - * authentication block to be signed by the user - */ - private String authBlock; - /** - * timestamp logging when authentication session has been created - */ - private Date timestampStart; - /** - * timestamp logging when identity link has been received - */ - private Date timestampIdentityLink; - - /** - * Constructor for AuthenticationSession. - * - * @param id Session ID - */ - public AuthenticationSession(String id) { - sessionID = id; - setTimestampStart(); - } - - /** - * Returns the identityLink. - * @return IdentityLink - */ - public IdentityLink getIdentityLink() { - return identityLink; - } - - /** - * Returns the sessionID. - * @return String - */ - public String getSessionID() { - return sessionID; - } - - /** - * Sets the identityLink. - * @param identityLink The identityLink to set - */ - public void setIdentityLink(IdentityLink identityLink) { - this.identityLink = identityLink; - } - - /** - * Sets the sessionID. - * @param sessionID The sessionID to set - */ - public void setSessionID(String sessionId) { - this.sessionID = sessionId; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getOAURLRequested() { - return oaURLRequested; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getPublicOAURLPrefix() { - return oaPublicURLPrefix; - } - - /** - * Returns the target. - * @return String - */ - public String getTarget() { - return target; - } - - /** - * Sets the oaURLRequested. - * @param oaURLRequested The oaURLRequested to set - */ - public void setOAURLRequested(String url) { - this.oaURLRequested = url; - } - - /** - * Sets the oaPublicURLPrefix - * @param url The oaPublicURLPrefix to set - */ - public void setPublicOAURLPrefix(String url) { - this.oaPublicURLPrefix = url; - } - - /** - * Sets the target. - * @param target The target to set - */ - public void setTarget(String target) { - this.target = target; - } - - /** - * Returns the authURL. - * @return String - */ - public String getAuthURL() { - return authURL; - } - - /** - * Sets the authURL. - * @param authURL The authURL to set - */ - public void setAuthURL(String authURL) { - this.authURL = authURL; - } - - /** - * Returns the authBlock. - * @return String - */ - public String getAuthBlock() { - return authBlock; - } - - /** - * Sets the authBlock. - * @param authBlock The authBlock to set - */ - public void setAuthBlock(String authBlock) { - this.authBlock = authBlock; - } - - /** - * Returns the timestampIdentityLink. - * @return Date - */ - public Date getTimestampIdentityLink() { - return timestampIdentityLink; - } - - /** - * Returns the timestampStart. - * @return Date - */ - public Date getTimestampStart() { - return timestampStart; - } - - /** - * Sets the current date as timestampIdentityLink. - */ - public void setTimestampIdentityLink() { - timestampIdentityLink = new Date(); - } - - /** - * Sets the current date as timestampStart. - */ - public void setTimestampStart() { - timestampStart = new Date(); - } - - /** - * @return template URL - */ - public String getTemplateURL() { - return templateURL; - } - - /** - * @param string the template URL - */ - public void setTemplateURL(String string) { - templateURL = string; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java deleted file mode 100644 index 81945f644..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java +++ /dev/null @@ -1,71 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import org.w3c.dom.Element; - -/** - * This bean saves all information of the CreateXMLSignature-Response: - * a {@link SAMLAttribute} array, the SamlAssertion-Element and the - * saml NameIdentifier - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class CreateXMLSignatureResponse { - /** the samlNameIdentifier */ -private String samlNameIdentifier; - /** an array of saml-attributes */ -private SAMLAttribute[] samlAttributes; - /** - * the original saml:Assertion-Element - */ - private Element samlAssertion; -/** - * Returns the samlAssertion. - * @return Element - */ -public Element getSamlAssertion() { - return samlAssertion; -} - -/** - * Returns the samlAttribute. - * @return SAMLAttribute[] - */ -public SAMLAttribute[] getSamlAttributes() { - return samlAttributes; -} - -/** - * Returns the samlNameIdentifier. - * @return String - */ -public String getSamlNameIdentifier() { - return samlNameIdentifier; -} - -/** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ -public void setSamlAssertion(Element samlAssertion) { - this.samlAssertion = samlAssertion; -} - -/** - * Sets the samlAttribute. - * @param samlAttribute The samlAttribute to set - */ -public void setSamlAttributes(SAMLAttribute[] samlAttributes) { - this.samlAttributes = samlAttributes; -} - -/** - * Sets the samlNameIdentifier. - * @param samlNameIdentifier The samlNameIdentifier to set - */ -public void setSamlNameIdentifier(String samlNameIdentifier) { - this.samlNameIdentifier = samlNameIdentifier; -} - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java deleted file mode 100644 index e2ad2625a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ /dev/null @@ -1,189 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import java.security.PublicKey; - -import org.w3c.dom.Element; - - -/** - * Data contained in an identity link issued by BMI, relevant to the MOA ID component. - * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class IdentityLink { - /** - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. - */ - private String identificationValue; - /** - * first name - */ - private String givenName; - /** - * family name - */ - private String familyName; - /** - * date of birth - */ - private String dateOfBirth; - /** - * the original saml:Assertion-Element - */ - private Element samlAssertion; - /** - * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person - */ - private Element prPerson; - /** - * we need for each dsig:Reference Element all - * transformation elements - */ - private Element[] dsigReferenceTransforms; - - - /** - * we need all public keys stored in - * the identity link - */ - private PublicKey[] publicKey; - - /** - * Constructor for IdentityLink - */ - public IdentityLink() { - } - - /** - * Returns the dateOfBirth. - * @return Calendar - */ - public String getDateOfBirth() { - return dateOfBirth; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Returns the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. - * @return String - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Returns the samlAssertion. - * @return Element - */ - public Element getSamlAssertion() { - return samlAssertion; - } - - /** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(Element samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Returns the dsigReferenceTransforms. - * @return Element[] - */ - public Element[] getDsigReferenceTransforms() { - return dsigReferenceTransforms; - } - - /** - * Sets the dsigReferenceTransforms. - * @param dsigReferenceTransforms The dsigReferenceTransforms to set - */ - public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { - this.dsigReferenceTransforms = dsigReferenceTransforms; - } - - /** - * Returns the publicKey. - * @return PublicKey[] - */ - public PublicKey[] getPublicKey() { - return publicKey; - } - - /** - * Sets the publicKey. - * @param publicKey The publicKey to set - */ - public void setPublicKey(PublicKey[] publicKey) { - this.publicKey = publicKey; - } - - /** - * Returns the prPerson. - * @return Element - */ - public Element getPrPerson() { - return prPerson; - } - - /** - * Sets the prPerson. - * @param prPerson The prPerson to set - */ - public void setPrPerson(Element prPerson) { - this.prPerson = prPerson; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java deleted file mode 100644 index c787b2a81..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java +++ /dev/null @@ -1,78 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -/** - * This bean saves all data of a single SAMLAttribute: - * the name, value and namespace - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class SAMLAttribute { -/** the name to be stored */ -private String name; -/** the namespace to be stored */ -private String namespace; -/** the value to be stored */ -private String value; - - /** - * Constructor for SAMLAttribute. - */ - public SAMLAttribute(String name, String namespace, String value) { - - this.name = name; - this.namespace = namespace; - this.value = value; - - } - -/** - * Returns the name. - * @return String - */ -public String getName() { - return name; -} - -/** - * Returns the namespace. - * @return String - */ -public String getNamespace() { - return namespace; -} - -/** - * Returns the value. - * @return String - */ -public String getValue() { - return value; -} - -/** - * Sets the name. - * @param name The name to set - */ -public void setName(String name) { - this.name = name; -} - -/** - * Sets the namespace. - * @param namespace The namespace to set - */ -public void setNamespace(String namespace) { - this.namespace = namespace; -} - -/** - * Sets the value. - * @param value The value to set - */ -public void setValue(String value) { - this.value = value; -} - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java deleted file mode 100644 index 8233d1478..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ /dev/null @@ -1,177 +0,0 @@ -package at.gv.egovernment.moa.id.auth.data; - -import iaik.x509.X509Certificate; - -/** - * This bean saves all information of the MOA-SP-Answer - * after the verification of any signature - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class VerifyXMLSignatureResponse { - /** The xmlDsigSubjectName to be stored */ - private String xmlDsigSubjectName; - /** The signatureCheckCode to be stored */ - private int signatureCheckCode; - /** The xmlDSIGManifestCheckCode to be stored */ - private int xmlDSIGManifestCheckCode; - /** The xmlDSIGManigest to be stored */ - private boolean xmlDSIGManigest; - /** The certificateCheckCode to be stored */ - private int certificateCheckCode; - /** The publicAuthority to be stored */ - private boolean publicAuthority; - /** The publicAuthorityCode to be stored */ - private String publicAuthorityCode; - /** The qualifiedCertificate to be stored */ - private boolean qualifiedCertificate; - /** The x509certificate to be stored */ - private X509Certificate x509certificate; - - /** - * Returns the certificateCheckCode. - * @return int - */ - public int getCertificateCheckCode() { - return certificateCheckCode; - } - - /** - * Returns the signatureCheckCode. - * @return int - */ - public int getSignatureCheckCode() { - return signatureCheckCode; - } - - /** - * Returns the xmlDSIGManifestCheckCode. - * @return int - */ - public int getXmlDSIGManifestCheckCode() { - return xmlDSIGManifestCheckCode; - } - - /** - * Returns the xmlDsigSubjectName. - * @return String - */ - public String getXmlDsigSubjectName() { - return xmlDsigSubjectName; - } - - /** - * Sets the certificateCheckCode. - * @param certificateCheckCode The certificateCheckCode to set - */ - public void setCertificateCheckCode(int certificateCheckCode) { - this.certificateCheckCode = certificateCheckCode; - } - - /** - * Sets the signatureCheckCode. - * @param signatureCheckCode The signatureCheckCode to set - */ - public void setSignatureCheckCode(int signatureCheckCode) { - this.signatureCheckCode = signatureCheckCode; - } - - /** - * Sets the xmlDSIGManifestCheckCode. - * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set - */ - public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { - this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode; - } - - /** - * Sets the xmlDsigSubjectName. - * @param xmlDsigSubjectName The xmlDsigSubjectName to set - */ - public void setXmlDsigSubjectName(String xmlDsigSubjectName) { - this.xmlDsigSubjectName = xmlDsigSubjectName; - } - - /** - * Returns the publicAuthorityCode. - * @return int - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityCode The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityCode) { - this.publicAuthorityCode = publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the x509certificate. - * @return X509Certificate - */ - public X509Certificate getX509certificate() { - return x509certificate; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the x509certificate. - * @param x509certificate The x509certificate to set - */ - public void setX509certificate(X509Certificate x509certificate) { - this.x509certificate = x509certificate; - } - - /** - * Returns the xmlDSIGManigest. - * @return boolean - */ - public boolean isXmlDSIGManigest() { - return xmlDSIGManigest; - } - - /** - * Sets the xmlDSIGManigest. - * @param xmlDSIGManigest The xmlDSIGManigest to set - */ - public void setXmlDSIGManigest(boolean xmlDSIGManigest) { - this.xmlDSIGManigest = xmlDSIGManigest; - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java deleted file mode 100644 index 8faa69260..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ /dev/null @@ -1,91 +0,0 @@ -package at.gv.egovernment.moa.id.auth.invoke; - -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.api.SignatureVerificationService; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; - -/** - * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br> - * Either invokes the web service, or calls the corresponding API, depending on configuration data. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class SignatureVerificationInvoker { - /** This QName Object identifies the SignatureVerification endpoint of the web service */ - private static final QName SERVICE_QNAME = new QName("SignatureVerification"); - - /** - * Method verifyXMLSignature. - * @param request to be sent - * @return Element with the answer - * @throws ServiceException if an error occurs - */ - public Element verifyXMLSignature(Element request) throws ServiceException { - return doCall(SERVICE_QNAME, request); - } - - /** - * Method doCall. - * @param serviceName the name of the service - * @param request the request to be sent - * @return Element the answer - * @throws ServiceException if an error occurs - */ - protected Element doCall(QName serviceName, Element request) throws ServiceException { - ConnectionParameter authConnParam = null; - try { - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - String endPoint; - AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance(); - authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - - //If the ConnectionParameter do NOT exist, we try to get the api to work.... - if (authConnParam != null) { - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(serviceName, params); - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - else { - SignatureVerificationService svs = SignatureVerificationService.getInstance(); - VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); - VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); - - Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); - Logger.setHierarchy("moa.id.auth"); - return result.getDocumentElement(); - } - } - catch (Exception ex) { - if (authConnParam != null) - throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); - else - throw new ServiceException("service.03", new Object[] { ex.toString()}, ex); - } - } -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java deleted file mode 100644 index 1079a48de..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ /dev/null @@ -1,140 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an <code><InfoboxReadResponse></code> returned from - * the security layer - * - * @author Stefan Knirsch - * @version $Id$ - */ - -public class CreateXMLSignatureResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */ - private static final String SL11 = Constants.SL11_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL11 + "CreateXMLSignatureResponse/"; - /** Xpath expression to the SAML:Assertion element */ - private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion"; - /** Xpath expression to the SAML:NameIdentifier element */ - private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier"; - /** Xpath expression to the AttributeStatement element */ - private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; - /** Xpath expression to the AttributeValue element */ - private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue"; - - /** This is the root element of the XML-Document provided by the Security Layer Card */ - private Element sigResponse; - - /** - * Constructor for CreateXMLSignatureResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws AuthenticationException if any authentication error occurs - * @throws ParseException if an element cannot be parsed - */ - public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException { - ErrorResponseParser erp = new ErrorResponseParser(xmlResponse); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - sigResponse = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for CreateXMLSignatureResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws AuthenticationException if any Authentication error occurs - * @throws ParseException if an element cannot be parsed - */ - public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException { - - ErrorResponseParser erp = new ErrorResponseParser(is); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - sigResponse = DOMUtils.parseXmlValidating(is); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for CreateXMLSignatureResponseParser. - * The incoming Element will be used for further operations - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - */ - public CreateXMLSignatureResponseParser(Element xmlResponse) { - sigResponse = xmlResponse; - - } - - /** - * Parses the identity link from <code><InfoboxReadResponse></code> - * @return Identity link - * @throws ParseException - */ - - public CreateXMLSignatureResponse parseResponse() throws ParseException { - CreateXMLSignatureResponse cResp; - try { - - cResp = new CreateXMLSignatureResponse(); - cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse, SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null)); - cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse, SAML_ASSERTION_XPATH)); - NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse, SAML_ATTRIBUTE_XPATH); - Element samlAttr; - List samlAttributes = new ArrayList(); - while ((samlAttr = (Element) attrIter.nextNode()) != null) { - String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", ""); - String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", ""); - String attrValue = XPathUtils.getElementValue(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH, ""); - samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); - } - SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; - samlAttributes.toArray(result); - cResp.setSamlAttributes(result); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - return cResp; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java deleted file mode 100644 index c28cfac76..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java +++ /dev/null @@ -1,350 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import iaik.security.ecc.ecdsa.ECDSAParameter; -import iaik.security.ecc.ecdsa.ECPublicKey; -import iaik.security.ecc.math.ecgroup.ECGroupFactory; -import iaik.security.ecc.math.ecgroup.ECPoint; -import iaik.security.ecc.math.ecgroup.EllipticCurve; -import iaik.security.ecc.math.ecgroup.ProjectiveCoordinate; -import iaik.security.ecc.math.field.Field; -import iaik.security.ecc.math.field.FieldElement; -import iaik.security.ecc.math.field.FieldFactory; -import iaik.security.ecc.math.field.Value; -import iaik.security.ecc.parameter.ECCParameterFactory; -import iaik.security.ecc.spec.ECCParameterSpec; -import java.math.BigInteger; -import java.security.PublicKey; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Vector; -import java.net.URL; -import org.w3c.dom.Attr; -import org.w3c.dom.Element; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.util.Constants; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class ECDSAKeyValueConverter -{ - /** Namespaces */ - public static final String NAMESPACE_XSI = "http://www.w3.org/2001/XMLSchema-instance"; - - /** - * Method element2ECDSAPublicKey. - * @param keyValueElem a DomElement containing an ECDSA Public Key - * @return PublicKey a java.security.publicKey - object - * @throws Exception on any error - */ - - public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception - { - String ecdsaNS = Constants.ECDSA_NS_URI; - // Domain parameters - Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1); - if (domainParams == null) throw new Exception("Domain parameters must not be implicit."); - Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1); - ECCParameterSpec eccParameterSpec; - if (namedCurve != null) - { - URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN")); - ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance(); - eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4)); - } - else - { - Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1); - Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1); - Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1); - Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1); - - // Field parameters - String fieldParamsTypeStr = fieldParams.getAttributeNS(NAMESPACE_XSI, "type"); - String ecdsaNSPrefix = getECDSANSPrefix(fieldParams); - BigInteger p = null; - int fieldParamsType = 0; - final int FIELD_TYPE_PRIME = 1; - final int FIELD_TYPE_TNB = 2; - final int FIELD_TYPE_PNB = 3; - int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1; - if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType")) - { - fieldParamsType = FIELD_TYPE_PRIME; - String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1); - p = new BigInteger(pStr, 10); - } - else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType")) - { - fieldParamsType = FIELD_TYPE_TNB; - String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); - m = Integer.parseInt(mStr); - String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1); - k = Integer.parseInt(kStr); - } - else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType")) - { - fieldParamsType = FIELD_TYPE_PNB; - String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); - m = Integer.parseInt(mStr); - String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1); - k1 = Integer.parseInt(k1Str); - String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1); - k2 = Integer.parseInt(k2Str); - String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1); - k3 = Integer.parseInt(k3Str); - } - else throw new Exception("Unknown field parameters."); - - // Curve parameters - Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1); - String aStr = aElem.getAttributeNS(null, "Value"); - Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1); - String bStr = bElem.getAttributeNS(null, "Value"); - String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1); - BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null; - - // Base point parameters - Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1); - Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1); - String basePointXStr = basePointXElem.getAttributeNS(null, "Value"); - Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1); - String basePointYStr = basePointYElem.getAttributeNS(null, "Value"); - String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1); - BigInteger order = new BigInteger(orderStr, 10); - String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1); - BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null; - - if (fieldParamsType == FIELD_TYPE_PRIME) - { - BigInteger a = new BigInteger(aStr, 10); - BigInteger b = new BigInteger(bStr, 10); - BigInteger basePointX = new BigInteger(basePointXStr, 10); - BigInteger basePointY = new BigInteger(basePointYStr, 10); - eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX, - basePointY, null); - } - else - { - int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)]; - if (fieldParamsType == FIELD_TYPE_TNB) - { - irreducible[m/32] = 1 << m % 32; - irreducible[k/32] += 1 << k % 32; - irreducible[0] += 1; - } - else - { - irreducible[m/32] = 1 << m % 32; - irreducible[k3/32] += 1 << k3 % 32; - irreducible[k2/32] += 1 << k2 % 32; - irreducible[k1/32] += 1 << k1 % 32; - irreducible[0] += 1; - } - eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr), - octetString2IntArray(bStr), octetString2IntArray(basePointXStr), - octetString2IntArray(basePointYStr), null); - } - } - - // Public key - Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1); - Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1); - String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value"); - Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1); - String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value"); - - ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, false); - ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance(); - EllipticCurve eCurve = ecGroupFactory.getCurveWithProjective(eccParameterSpec.getA(), - eccParameterSpec.getB(), eccParameterSpec.getR()); - Field field = eCurve.getField(); - - // Detect type of public key field elements - String elementType = publicKeyXElem.getAttributeNS(NAMESPACE_XSI, "type"); - String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1); - int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2; - int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName)) - ? FIELD_TYPE_PRIME - : FIELD_TYPE_CHAR_TWO; - - FieldElement publicKeyPointX, publicKeyPointY; - if (fieldElemType == FIELD_TYPE_PRIME) - { - Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10)); - publicKeyPointX = field.newElement(xValue); - Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10)); - publicKeyPointY = field.newElement(yValue); - } - else - { - publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr)); - publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr)); - } - ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX, - publicKeyPointY, field.getONEelement()); - ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate); - ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint); - - return publicKey; - } - - /** - * Method getECDSANSPrefix. - * @param element to get the prefix - * @return String the prefix - */ - private static String getECDSANSPrefix(Element element) - { - // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than - // one NS prefix can be bound to the ECDSA namespace - - HashMap inScopeNSAttrs = getInScopeNSAttrs(element); - Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator(); - while (inScopeNSAttrsIt.hasNext()) - { - Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next()); - if (Constants.ECDSA_NS_URI.equals(currentAttr.getValue())) - { - return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6); - } - } - return null; - } - - /** - * Method octetString2IntArray. - * Converts an octet string representation into an int array as needed for the IAIK ECC library - * @param octetString rightmost byte is least significant byte - * @return int[] rightmost byte is LEAST significant byte - */ - private static int[] octetString2IntArray(String octetString) - { - int byteCount = octetString.length()/2; - int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)]; - for (int i = 0; i < byteCount; i++) - { - int oSStartPos = octetString.length() - (i + 1) * 2; - int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16); - intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8); - } - return intArray; - } - - /** - * Converts an octet string representation into a byte array as needed for the IAIK ECC library - * @param octetString rightmost byte is least significant byte - * @return byte[] rightmost byte is MOST significant byte - */ - private static byte[] octetString2ByteArray(String octetString) - { - int byteCount = octetString.length()/2; - byte[] byteArray = new byte[byteCount]; - for (int i = 0; i < byteCount; i++) - { - int oSStartPos = octetString.length() - (i + 1) * 2; - byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring( - oSStartPos, oSStartPos + 2), 16); - } - return byteArray; - } - - /** - * Method evenStringLength. - * @param hexString - * @return String - */ - - private static String evenStringLength(String hexString) - { - return (hexString.length() % 2 != 0) ? "0" + hexString : hexString; - } - - /** - * Method getChildElement. - * @param parent - * @param namespace - * @param localName - * @param instance - * @return Element - */ - - private static Element getChildElement(Element parent, String namespace, String localName, - int instance) - { - NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName); - if (namedElements.getLength() < instance) return null; - return (Element)namedElements.item(instance - 1); - } - - /** - * Method getChildElementText. - * @param parent Element - * @param namespace String - * @param localName String - * @param instance int - * @return String - */ - - private static String getChildElementText(Element parent, String namespace, String localName, - int instance) - { - Element child = getChildElement(parent, namespace, localName, instance); - if (child == null) return null; - NodeList childNodes = child.getChildNodes(); - int nodeCount = 0; - while (nodeCount < childNodes.getLength()) - { - Node currentNode = childNodes.item(nodeCount); - if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue(); - nodeCount++; - } - return null; - } - - /** - * Method getInScopeNSAttrs. - * @param element element - * @return HashMap - */ - public static HashMap getInScopeNSAttrs(Element element) - { - // Get all ancestors of element - Vector ancestors = new Vector(); - ancestors.add(element); - Node currentAncestor = element; - while ((currentAncestor = currentAncestor.getParentNode()) != null && - currentAncestor.getNodeType() == Node.ELEMENT_NODE) - { - ancestors.add(currentAncestor); - } - - // Scan all ancestors for NS attributes - HashMap inScopeNSAttrs = new HashMap(); - for (int i = ancestors.size() - 1; i >= 0; i--) - { - Element currentAncestorElem = (Element)ancestors.get(i); - NamedNodeMap attrs = currentAncestorElem.getAttributes(); - for (int j = 0; j < attrs.getLength(); j++) - { - Attr currentAttr = (Attr)attrs.item(j); - String currentAttrName = currentAttr.getNodeName(); - if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:")) - { - inScopeNSAttrs.put(currentAttrName, currentAttr); - } - } - } - - // Check if default NS attribute is in list; if value is empty remove it from list - Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns"); - if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns"); - - return inScopeNSAttrs; - } -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java deleted file mode 100644 index 4fbc58977..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ /dev/null @@ -1,89 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an <code><InfoboxReadResponse></code>. - * - * @author Stefan Knirsch - * @version $Id$ - */ - -public class ErrorResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL10 + "ErrorResponse/"; - /** Xpath expression to the ErrorCode element */ - private static final String ERROR_CODE_XPATH = - ROOT + SL10 + "ErrorCode"; - /** Xpath expression to the Info element */ - private static final String ERROR_INFO_XPATH = - ROOT + SL10 + "Info"; - - - /** This is the root element of the XML-Document provided by the Security Layer Card */ - private Element errorElement; - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws ParseException on any error - */ - public ErrorResponseParser(String xmlResponse) throws ParseException { - try { - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - errorElement = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws ParseException on any error - */ - public ErrorResponseParser(InputStream xmlResponse) throws ParseException { - try { - errorElement = DOMUtils.parseXmlValidating(xmlResponse); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - - /** - * Method getErrorCode. returns the error code - * @return String - */ - public String getErrorCode() { - - return XPathUtils.getElementValue(errorElement,ERROR_CODE_XPATH,null); - } - - /** - * Method getErrorInfo: returns the information about the error - * @return String - */ - public String getErrorInfo() { - - return XPathUtils.getElementValue(errorElement,ERROR_INFO_XPATH,null); - } - - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java deleted file mode 100644 index f9ef54884..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ /dev/null @@ -1,266 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.security.interfaces.RSAPublicKey; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.PublicKey; -import java.util.ArrayList; -import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an identity link <code><saml:Assertion></code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class IdentityLinkAssertionParser { - - // - // XPath namespace prefix shortcuts - // - - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = Constants.PD_PREFIX + ":"; - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath prefix for reaching ECDS Namespaces */ - private static final String ECDSA = Constants.ECDSA_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SAML + "Assertion/"; - /** Xpath expression to the SAMLSubjectConfirmationData element */ - private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Subject/" - + SAML - + "SubjectConfirmation/" - + SAML - + "SubjectConfirmationData"; - /** Xpath expression to the PersonData element */ - private static final String PERSON_XPATH = - SAML_SUBJECT_CONFIRMATION_DATA_XPATH - + "/" - + PDATA - + "Person"; - /** Xpath expression to the PersonData GivenName element */ - private static final String PERSON_GIVEN_NAME_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Name/" - + PDATA - + "GivenName"; - /** Xpath expression to the PersonData FamilyName element */ - private static final String PERSON_FAMILY_NAME_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Name/" - + PDATA - + "FamilyName"; - /** Xpath expression to the PersonData DateOfBirth element */ - private static final String PERSON_DATE_OF_BIRTH_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "DateOfBirth"; - /** Xpath expression to the Identification element */ - private static final String PERSON_IDENT_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Identification"; - - /** Xpath expression to the Identification Value element */ - private static final String PERSON_IDENT_VALUE_XPATH = - PERSON_XPATH - + "/" - + PDATA - + "Identification/" - + PDATA - + "Value"; - /** Xpath expression to the RSAKeyValue element */ - private static final String RSA_KEY_VALUE_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Attribute/" - + SAML - + "AttributeValue/" - + DSIG - + "RSAKeyValue"; - /** Xpath expression to the RSA Modulus element */ - private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus"; - /** Xpath expression to the RSA Exponent element */ - private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent"; - /** Xpath expression to the DSIG X509Certificate element */ - private static final String DSIG_CERTIFICATES_XPATH = - ROOT - + DSIG - + "Signature/" - + DSIG - + "KeyInfo/" - + DSIG - + "X509Data/" - + DSIG - + "X509Certificate"; - /** Xpath expression to the DSIG Transforms element */ - private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH = - ROOT - + DSIG - + "Signature/" - + DSIG - + "SignedInfo/" - + DSIG - + "Reference/" - + DSIG - + "Transforms"; - - /**This is the root element of the XML-Document provided by the Security Layer Card*/ - private Element assertionElem; - - /** - * Constructor for <code>IdentityLinkAssertionParser</code>. - * A DOM-representation of the incoming String will be created - * @param xmlAssertion <code><saml:Assertion></code> as String - * @throws ParseException on any parsing error - */ - public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException { - try { - InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8")); - assertionElem = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for <code>IdentityLinkAssertionParser</code>. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlAssertion <code><saml:Assertion></code> as InputStream - * @throws ParseException on any parsing error - */ - public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception { - try { - assertionElem = DOMUtils.parseXmlValidating(xmlAssertion); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - - /** - * Parses the identity link from the <code><saml:Assertion></code> - * @return Identity link - * @throws ParseException on any parsing error - */ - - public IdentityLink parseIdentityLink() throws ParseException { - IdentityLink identityLink; - try { - identityLink = new IdentityLink(); - //ÄNDERN: NUR der Identification-Teil - identityLink.setSamlAssertion(assertionElem); - identityLink.setPrPerson((Element) - XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH)); - identityLink.setIdentificationValue( - XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); - identityLink.setGivenName( - XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); - identityLink.setFamilyName( - XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "")); - identityLink.setDateOfBirth( - XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); - NodeIterator dsigRefTransforms = - XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH); - List transElems = new ArrayList(); - Element transformsElem; - while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) { - transElems.add(transformsElem); - } - Element[] result = new Element[transElems.size()]; - transElems.toArray(result); - identityLink.setDsigReferenceTransforms(result); - - identityLink.setPublicKey(getPublicKeys()); - - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - - return identityLink; - } - - /** - * Parses an array of Public Keys from the <code><InfoboxReadResponse></code> - * @return RSAPublicKey[] - * @throws IOException can occur when decoding the base64 values of the modulus and exponent - */ - public PublicKey[] getPublicKeys() throws IOException{ - - - List pubKeys = new ArrayList(); - //Try to get RSA-Keys - NodeIterator rsaIter = - XPathUtils.selectNodeIterator(assertionElem, RSA_KEY_VALUE_XPATH); - Element rsaElem; - while ((rsaElem = (Element) rsaIter.nextNode()) != null) { - String modulus = - XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, ""); - String exponent = - XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, ""); - - RSAPublicKey resPub = - new iaik.security.rsa.RSAPublicKey( - new BigInteger(1, Base64Utils.decode(modulus, true)), - new BigInteger(1, Base64Utils.decode(exponent, true))); - pubKeys.add(resPub);} - - PublicKey[] result = new PublicKey[pubKeys.size()]; - - pubKeys.toArray(result); - return result; - - } - /** - * Parses a string array of decoded base64 certificates from - * the <code><InfoboxReadResponse></code> found in the dsig-signature - * @return String[] with raw-certificates from the dsig-signature keyinfo - * @throws Exception - */ - public String[] getCertificates() throws Exception { - List certs = new ArrayList(); - NodeIterator rsaIter = - XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH); - Element certElem; - while ((certElem = (Element) rsaIter.nextNode()) != null) { - String content = DOMUtils.getText(certElem); - certs.add(new String(Base64Utils.decode(content, true))); - } - String[] result = new String[certs.size()]; - certs.toArray(result); - return result; - - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java deleted file mode 100644 index c1146218e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ /dev/null @@ -1,110 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses an <code><InfoboxReadResponse></code>. - * - * @author Stefan Knirsch - * @version $Id$ - */ - -public class InfoboxReadResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SL10 = Constants.SL10_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SL10 + "InfoboxReadResponse/"; - /** Xpath expression to the SAML:Assertion element */ - private static final String SAML_ASSERTION_XPATH = ROOT + SL10 + "BinaryFileData/" + SL10 + "XMLContent/" + SAML + "Assertion"; - - /** This is the root element of the XML-Document provided by the Security Layer Card*/ - private Element infoBoxElem; - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws ParseException on any parsing error - */ - public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException { - - ErrorResponseParser erp = new ErrorResponseParser(xmlResponse); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - infoBoxElem = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Constructor for InfoboxReadResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws ParseException on any parsing error - */ - public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException { - - ErrorResponseParser erp = new ErrorResponseParser(is); - if (erp.getErrorCode() != null) { - throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); - } - - try { - - infoBoxElem = DOMUtils.parseXmlValidating(is); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Parses the embedded <code><saml:Assertion></code> element from <code><InfoboxReadResponse></code> - * @return <code><saml:Assertion></code> as String - * @throws ParseException on any parsing error - */ - public String parseSAMLAssertion() throws ParseException { - try { - Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem, SAML_ASSERTION_XPATH); - return DOMUtils.serializeNode(samlAssertion); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); - } - } - - /** - * Parses the identity link from the <code><saml:Assertion></code> - * @return Identity link - * @throws ParseException on any parsing error - */ - - public IdentityLink parseIdentityLink() throws ParseException { - String samlAssertionString = parseSAMLAssertion(); - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString); - return ilParser.parseIdentityLink(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java deleted file mode 100644 index 7c4c01abe..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java +++ /dev/null @@ -1,58 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import java.io.IOException; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Parser for a SAML artifact. - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLArtifactParser { - /** byte array containing the SamlArtifact bytes */ - private byte[] samlArtifactBytes; - - /** - * Constructor - * @param samlArtifact as String - * @throws ParseException on any parsing error - */ - public SAMLArtifactParser(String samlArtifact) throws ParseException { - try { - samlArtifactBytes = Base64Utils.decode(samlArtifact, false); - } - catch (IOException ex) { - throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); - } - } - /** - * Parses the type code. - * @return type code - * @throws ParseException when SAML artifact is invalid - */ - public byte[] parseTypeCode() throws ParseException { - try { - byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]}; - return typeCode; - } - catch (Throwable ex) { - throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); - } - } - /** - * Parses the assertion handle. - * @return assertion handle - * @throws ParseException when SAML artifact is invalid - */ - public String parseAssertionHandle() throws ParseException { - try { - return new String(samlArtifactBytes, 22, 20); - } - catch (Throwable ex) { - throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java deleted file mode 100644 index c74dc64e8..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ /dev/null @@ -1,159 +0,0 @@ -package at.gv.egovernment.moa.id.auth.parser; - -import iaik.utils.Base64InputStream; -import iaik.x509.X509Certificate; -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.*; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses a <code><VerifyXMLSignatureResponse></code> returned by - * MOA-SPSS. - * This class implements the Singleton pattern - * - * @author Stefan Knirsch - * @version $Id$ - */ - - -public class VerifyXMLSignatureResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching MOA Namespaces */ - private static final String MOA = Constants.MOA_PREFIX + ":"; - /** Xpath prefix for reaching DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */ - private static final String SL11 = Constants.SL11_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; - - /** Xpath expression to the X509SubjectName element */ - private static final String DSIG_SUBJECT_NAME_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - DSIG + "X509SubjectName"; - /** Xpath expression to the X509Certificate element */ - private static final String DSIG_X509_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - DSIG + "X509Certificate"; - /** Xpath expression to the PublicAuthority element */ - private static final String PUBLIC_AUTHORITY_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - MOA + "PublicAuthority"; - /** Xpath expression to the PublicAuthorityCode element */ - private static final String PUBLIC_AUTHORITY_CODE_XPATH = - PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; - /** Xpath expression to the QualifiedCertificate element */ - private static final String QUALIFIED_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - SL11 + "QualifiedCertificate"; - - /** Xpath expression to the SignatureCheckCode element */ - private static final String SIGNATURE_CHECK_CODE_XPATH = - ROOT + MOA + "SignatureCheck/" + MOA + "Code"; - /** Xpath expression to the XMLDSIGManifestCheckCode element */ - private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = - ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; - /** Xpath expression to the CertificateCheckCode element */ - private static final String CERTIFICATE_CHECK_CODE_XPATH = - ROOT + MOA + "CertificateCheck/" + MOA + "Code"; - - - /** This is the root element of the XML-Document provided by the Security Layer Card*/ - private Element verifyXMLSignatureResponse; - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as String - * @throws ParseException on any parsing error - */ - public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{ - try { - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - - verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream - * @throws Exception on any parsing error - */ - public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception - { - try { - verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * The incoming Element will be used for further operations - * @param xmlResponse <code><InfoboxReadResponse></code> as Element - */ - public VerifyXMLSignatureResponseParser(Element xmlResponse) - { - verifyXMLSignatureResponse =xmlResponse; - - } - - /** - * Parse identity link from <code><InfoboxReadResponse></code> - * @return Identity link - * @throws ParseException on any parsing error - */ - - public VerifyXMLSignatureResponse parseData() throws ParseException { - VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); - - try { - - respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); - Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); - respData.setQualifiedCertificate(e!=null); - - Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( - verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); - - respData.setX509certificate(new X509Certificate(in)); - - Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH); - respData.setPublicAuthority(publicAuthority != null); - respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); - respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); - - String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); - if (xmlDsigCheckCode!=null) - { - respData.setXmlDSIGManigest(true); - respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); - } - else - respData.setXmlDSIGManigest(false); - respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - return respData; - } - - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java deleted file mode 100644 index 6ff52bc4a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ /dev/null @@ -1,156 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.URLDecoder; - -/** - * Base class for MOA-ID Auth Servlets, providing standard error handling - * and constant names. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { - - - /** - * Handles an error. <br> - * <ul> - * <li>Logs the error</li> - * <li>Places error message and exception thrown into the request - * as request attributes (to be used by <code>"/errorpage.jsp"</code>)</li> - * <li>Sets HTTP status 500 (internal server error)</li> - * </ul> - * - * @param errorMessage error message - * @param exceptionThrown exception thrown - * @param req servlet request - * @param resp servlet response - */ - protected void handleError( - String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { - - - if(null != errorMessage) { - Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage ); - } - - if (null != exceptionThrown) { - if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); - Logger.error(errorMessage, exceptionThrown); - req.setAttribute("ExceptionThrown", exceptionThrown); - } - - //forward this to errorpage.jsp wher the HTML error page is generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); - try { - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - - } - /** - * Handles a <code>WrongParametersException</code>. - * @param req servlet request - * @param resp servlet response - */ - protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { - Logger.error(ex.toString()); - req.setAttribute("WrongParameters", ex.getMessage()); - - // forward this to errorpage.jsp where the HTML error page is generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); - try { - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - } - - /** - * Logs all servlet parameters for debugging purposes. - */ - protected void logParameters(HttpServletRequest req) { - for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements(); ) { - String parname = (String)enum.nextElement(); - Logger.debug("Parameter " + parname + req.getParameter(parname)); - } - } - /** - * Parses the request input stream for parameters, - * assuming parameters are encoded UTF-8. - * @param req servlet request - * @return mapping parameter name -> value - */ - protected Map getParameters(HttpServletRequest req) throws IOException { - Map parameters = new HashMap(); - InputStream in = req.getInputStream(); - String paramName; - String paramValueURLEncoded; - do { - paramName = new String(readBytesUpTo(in, '=')); - if (paramName.length() > 0) { - paramValueURLEncoded = readBytesUpTo(in, '&'); - String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); - parameters.put(paramName, paramValue); - } - } - while (paramName.length() > 0); - in.close(); - - return parameters; - } - /** - * Reads bytes up to a delimiter, consuming the delimiter. - * @param in input stream - * @param delimiter delimiter character - * @return String constructed from the read bytes - * @throws IOException - */ - protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - boolean done = false; - int b; - while (! done && (b = in.read()) >= 0) { - if (b == delimiter) - done = true; - else - bout.write(b); - } - return bout.toString(); - } - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - super.init(servletConfig); - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java deleted file mode 100644 index 1dc1897b2..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ /dev/null @@ -1,80 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.text.DateFormat; -import java.util.Date; -import java.util.Locale; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for updating the MOA-ID Auth configuration from configuration file - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConfigurationServlet extends HttpServlet { - /** Constant for the DTD-Doc type */ - private static final String DOC_TYPE = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; - - /** - * Handle a HTTP GET request, used to indicated that the MOA - * configuration needs to be updated (reloaded). - * - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - - MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("<head><title>MOA configuration update</title></head>"); - out.println("<body bgcolor=\"#FFFFFF\">"); - try { - MOAIDAuthInitializer.initialized=false; - MOAIDAuthInitializer.initialize(); - String message = msg.getMessage("config.00", new Object[] - { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); - - Logger.info(message); - //TODO low-priority: change to ErrorPage - out.println("<p><b>"); - out.println(message); - out.println("</b></p>"); - } catch (Throwable t) { - String errorMessage = msg.getMessage("config.04", null); - Logger.error(errorMessage, t); - out.println("<p><b>"); - out.println(errorMessage); - out.println("</b></p>"); - } - out.println("</body>"); - - out.flush(); - out.close(); - } - - /** - * Do the same as <code>doGet</code>. - * - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - public void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - doGet(request, response); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java deleted file mode 100644 index c41b514c8..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ /dev/null @@ -1,135 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.util.Calendar; - -import org.apache.axis.AxisFault; -import org.w3c.dom.Element; - -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Web service for picking up authentication data created in the MOA-ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData - */ -public class GetAuthenticationDataService implements Constants { - - /** - * Constructor for GetAuthenticationDataService. - */ - public GetAuthenticationDataService() { - super(); - } - - /** - * Takes a <code>lt;samlp:Request></code> containing a - * <code>SAML artifact</code> and returns the corresponding - * authentication data <code>lt;saml:Assertion></code> - * (obtained from the <code>AuthenticationServer</code>), - * enclosed in a <code>lt;samlp:Response></code>. - * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode></code>s, - * possibly containing enclosed sub-<code>lt;samlp:StatusCode></code>s. - * The status codes are defined in the SAML specification. - * - * @param requests request elements of type <code>lt;samlp:Request></code>; - * only 1 request element is allowed - * @return response element of type <code>lt;samlp:Response></code>, - * packed into an <code>Element[]</code> - * @throws AxisFault thrown when an error occurs in assembling the - * <code>lt;samlp:Response></code> - */ - public Element[] Request(Element[] requests) - throws AxisFault { - - Element request = requests[0]; - Element[] responses = new Element[1]; - String requestID = ""; - String statusCode = ""; - String subStatusCode = null; - String statusMessageCode = null; - String statusMessage = null; - String samlAssertion = ""; - if (requests.length > 1) { - // more than 1 request given as parameter - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1201"; - } - else { - try { - DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); - NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); - if (samlArtifactList.getLength() == 0) { - // no SAML artifact given in request - statusCode = "samlp:Requester"; - statusMessageCode = "1202"; - } - else if (samlArtifactList.getLength() > 1) { - // too many SAML artifacts given in request - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1203"; - } - else { - Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = samlArtifactElem.getAttribute("RequestID"); - String samlArtifact = DOMUtils.getText(samlArtifactElem); - try { - AuthenticationData authData = AuthenticationServer.getInstance(). - getAuthenticationData(samlArtifact); - // success - samlAssertion = authData.getSamlAssertion(); - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } - } - } - catch (Throwable t) { - // invalid request format - statusCode = "samlp:Requester"; - statusMessageCode = "1204"; - } - } - try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); - if (statusMessage == null) - statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); - responses[0] = new SAMLResponseBuilder().build( - responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); - } - catch (MOAIDException e) { - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - catch (Throwable t) { - MOAIDException e = new MOAIDException("1299", null, t); - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - return responses; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java deleted file mode 100644 index 422ddf0a3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ /dev/null @@ -1,96 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for selecting a BKU. - * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete, - * the browser is redirected to the configured "BKU-Auswahl-URL". - * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect, - * the list of available BKU's is fetched from a BKU-Auswahl server, and presented - * to the user in an HTML form. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SelectBKUServlet extends AuthServlet { - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - try { - super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } - } - - /** - * Responds with an HTML form which requests the user to choose a BKU. - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); - String templateURL = req.getParameter(PARAM_TEMPLATE); - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - - try { - String returnValue = AuthenticationServer.getInstance().selectBKU( - authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; - resp.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - } - else { - // bkuSelectionType==HTMLSelect - String htmlForm = returnValue; - resp.setContentType("text/html"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(htmlForm); - out.flush(); - Logger.debug("Finished GET SelectBKU"); - } - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (Throwable ex) { - handleError(null, ex, req, resp); - } - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java deleted file mode 100644 index 6308742bf..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ /dev/null @@ -1,103 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for starting a MOA ID authentication session. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @see AuthenticationServer#startAuthentication - */ -public class StartAuthenticationServlet extends AuthServlet { - - /** - * Responds with an HTML form which upon submit requests the identity link - * from the security layer implementation. - * <br> - * Response: - * <ul> - * <li>Content type: <code>"text/html"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - try { - String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID); - resp.setContentType("text/html"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - Logger.debug("Finished GET StartAuthentication"); - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - } - - - /** - * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - doGet(req, resp); - } - - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - try { - super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java deleted file mode 100644 index eda0c6726..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ /dev/null @@ -1,109 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.net.URLEncoder; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for verifying the signed authentication block - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class VerifyAuthenticationBlockServlet extends AuthServlet { - - - /** - * Constructor for VerifyAuthenticationBlockServlet. - */ - public VerifyAuthenticationBlockServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET VerifyAuthenticationBlock"); - } - - /** - * Verifies the signed authentication block and redirects the browser - * to the online application requested, adding a parameter needed for - * retrieving the authentication data. - * <br> - * Request parameters: - * <ul> - * <li>MOASessionID: ID of associated authentication session</li> - * <li>XMLResponse: <code><CreateXMLSignatureResponse></code></li> - * </ul> - * Response: - * <ul> - * <li>Status: <code>302</code></li> - * <li>Header <code>"Location"</code>: URL of the online application requested, with - * parameters <code>"Target"</code> and <code>"SAMLArtifact"</code> added</li> - * <li>Error status: <code>500</code> - * </ul> - * @see AuthenticationServer#verifyAuthenticationBlock - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyAuthenticationBlock"); - Map parameters = getParameters(req); - String sessionID = req.getParameter(PARAM_SESSIONID); - String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - - // debug XMLSignatureResponse from BKU - if(null != createXMLSignatureResponse) - AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse); - try { - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget()); - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64)); - redirectURL = resp.encodeRedirectURL(redirectURL); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - - } - /** - * Adds a parameter to a URL. - * @param url the URL - * @param paramname parameter name - * @param paramvalue parameter value - * @return the URL with parameter added - */ - private static String addURLParameter(String url, String paramname, String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java deleted file mode 100644 index 55bce7af3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ /dev/null @@ -1,95 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for verifying the identity link - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class VerifyIdentityLinkServlet extends AuthServlet { - - /** - * Constructor for VerifyIdentityLinkServlet. - */ - public VerifyIdentityLinkServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET VerifyIdentityLink"); - } - - /** - * Verifies the identity link and responds with a new - * <code>CreateXMLSignatureRequest</code>. - * <br> - * Request parameters: - * <ul> - * <li>MOASessionID: ID of associated authentication session</li> - * <li>XMLResponse: <code><InfoboxReadResponse></code></li> - * </ul> - * Response: - * <ul> - * <li>Content type: <code>"text/xml"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyIdentityLink"); - Map parameters = getParameters(req); - String sessionID = req.getParameter(PARAM_SESSIONID); - String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE); - // debug output - if(null != infoboxReadResponse) - AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse); - try { - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - resp.setContentType("text/xml"); - // debug output - if(null != createXMLSignatureRequest) - AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest); - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java deleted file mode 100644 index e596e79a4..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ /dev/null @@ -1,106 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * - * This class is used to validate an {@link CreateXMLSignatureResponse} - * returned by the security layer. - * This class implements the Singleton pattern. - * @author Stefan Knirsch - * @version $Id$ - */ -public class CreateXMLSignatureResponseValidator { - - /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath expression to the SAML:Assertion element */ - private static final String ROOT = SAML + "Assertion"; - /** Xpath expression to the SAML:NameIdentifier element */ - private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = - SAML + "AttributeStatement/" + SAML + "Subject/" + - SAML + "NameIdentifier"; - /** Xpath expression to the SAML:Attribute element */ - private static final String SAML_ATTRIBUTE_XPATH = - ROOT + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; - /** Xpath expression to the SAML:AttributeValue element */ - private static final String SAML_ATTRIBUTE_VALUE_XPATH = - SAML + "AttributeValue"; - - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static CreateXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton CreateXMLSignatureResponseValidator. - * @return an instance of CreateXMLSignatureResponseValidator - * @throws ValidateException if no instance can be created - */ - public static synchronized CreateXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new CreateXMLSignatureResponseValidator(); - } - return instance; - } - - - /** - * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} - * @param createXMLSignatureResponse - * @param gbTarget - * @param oaURL - * @throws ValidateException - */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, String gbTarget, String oaURL) - throws ValidateException { - - // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - - XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH); - - SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes(); - boolean foundOA = false; - boolean foundGB = false; - for (int i = 0; i < samlattributes.length; i++) - { - if (samlattributes[i].getName().equals("Geschäftsbereich")) - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) - - { - foundGB = true; - if (!gbTarget.equals(samlattributes[i].getValue())) - { - throw new ValidateException("validator.13", null); - } - } - else throw new ValidateException("validator.12", null); - if (samlattributes[i].getName().equals("OA")) - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) - { - foundOA = true; - if (!oaURL.equals(samlattributes[i].getValue())) // CHECKS für die AttributeVALUES fehlen noch - { - throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()}); - } - - } - else throw new ValidateException("validator.15", null); - } - if (!foundOA) throw new ValidateException("validator.14", null); - if (!foundGB) throw new ValidateException("validator.11", null); - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(createXMLSignatureResponse.getSamlAssertion(),DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", null); - - - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java deleted file mode 100644 index 42e3e946f..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ /dev/null @@ -1,156 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * - * This class is used to validate an {@link IdentityLink} - * returned by the security layer - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class IdentityLinkValidator implements Constants { - - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = PD_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = DSIG_PREFIX + ":"; - /** Xpath prefix for reaching ECDSA Namespaces */ - private static final String ECDSA = ECDSA_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + SAML + "Assertion/"; - /** Xpath expression to the SAML:SubjectConfirmationData element */ - private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Subject/" - + SAML - + "SubjectConfirmation/" - + SAML - + "SubjectConfirmationData"; -/** Xpath expression to the PersonData:Person element */ - private static final String PERSON_XPATH = - SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; - /** Xpath expression to the SAML:Attribute element */ - private static final String ATTRIBUTE_XPATH = - ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; - /** Xpath expression to the SAML:AttributeName attribute */ - private static final String ATTRIBUTE_NAME_XPATH = - ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; - /** Xpath expression to the SAML:AttributeNamespace attribute */ - private static final String ATTRIBUTE_NAMESPACE_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Attribute/@AttributeNamespace"; - /** Xpath expression to the SAML:AttributeValue element */ - private static final String ATTRIBUTE_VALUE_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Attribute/" - + SAML - + "AttributeValue"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static IdentityLinkValidator instance; - - /** - * Constructor for a singleton IdentityLinkValidator. - * @return a new IdentityLinkValidator instance - * @throws ValidateException if no instance can be created - */ - public static synchronized IdentityLinkValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new IdentityLinkValidator(); - } - return instance; - } - - /** - * Method validate. Validates the {@link IdentityLink} - * @param identityLink The identityLink to validate - * @throws ValidateException on any validation error - */ - public void validate(IdentityLink identityLink) throws ValidateException { - - //Search the SAML:ASSERTION Object (A2.054) - if (identityLink.getSamlAssertion() == null) - throw new ValidateException("validator.00", null); - - // Check how many saml:Assertion/saml:AttributeStatement/ - // saml:Subject/ saml:SubjectConfirmation/ - // saml:SubjectConfirmationData/pr:Person of type - // PhysicalPersonType exist (A2.056) - NodeList nl = - XPathUtils.selectNodeList(identityLink.getSamlAssertion(), PERSON_XPATH); - // If we have just one Person-Element we don't need to check the attributes - int counterPhysicalPersonType = 0; - if (nl.getLength() > 1) - for (int i = 0; i < nl.getLength(); i++) { - String xsiType = - ((Element) nl.item(i)) - .getAttributeNodeNS( - "http://www.w3.org/2001/XMLSchema-instance", - "type") - .getNodeValue(); - // We have to check if xsiType contains "PhysicalPersonType" - // An equal-check will fail because of the Namespace-prefix of the attribute value - if (xsiType.indexOf("PhysicalPersonType") > -1) - counterPhysicalPersonType++; - } - if (counterPhysicalPersonType > 1) - throw new ValidateException("validator.01", null); - - //Check the SAML:ATTRIBUTES - nl = XPathUtils.selectNodeList(identityLink.getSamlAssertion(), ATTRIBUTE_XPATH); - for (int i = 0; i < nl.getLength(); i++) { - String attributeName = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeName", - null); - String attributeNS = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeNamespace", - null); - if (attributeName.equals("CitizenPublicKey")) { - if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#")) { - Element attributeValue = - (Element) XPathUtils.selectSingleNode((Element) nl.item(i),SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); - if (attributeValue == null) - throw new ValidateException("validator.02", null); - } - else - throw new ValidateException("validator.03", null); - } - else - throw new ValidateException("validator.04", null); - } - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(identityLink.getSamlAssertion(),ROOT + DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", null); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java deleted file mode 100644 index a6685fca8..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown while validating an incoming XML structure - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ValidateException extends MOAIDException { - - /** - * Constructor for ValidateException. - * @param messageId - * @param parameters - */ - public ValidateException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ValidateException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ValidateException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java deleted file mode 100644 index 8de475f95..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ /dev/null @@ -1,125 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; - -import iaik.asn1.structures.Name; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; - -/** - * This class is used to validate an {@link VerifyXMLSignatureResponse} - * returned by MOA-SPSS - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureResponseValidator { - - /** Identification string for checking identity link */ - public static final String CHECK_IDENTITY_LINK = "IdentityLink"; - /** Identification string for checking authentication block */ - public static final String CHECK_AUTH_BLOCK = "AuthBlock"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static VerifyXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton VerifyXMLSignatureResponseValidator. - */ - public static synchronized VerifyXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new VerifyXMLSignatureResponseValidator(); - } - return instance; - } - - /** - * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. - * - * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code> - * @param identityLinkSignersSubjectDNNames subject names configured - * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated - * @throws ValidateException on any validation error - */ - public void validate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - String[] identityLinkSignersSubjectDNNames, String whatToCheck) - throws ValidateException { - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); - //TODO enhance error messages (reason why check failed) - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", null); - else - throw new ValidateException("validator.19", null); - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); - //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not - if (identityLinkSignersSubjectDNNames != null) { - String subjectDN = ""; - X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); - try { - subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); - } - catch (RFC2253NameParserException e) { - throw new ValidateException("validator.17", null); - } - boolean found = false; - for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) { - if (identityLinkSignersSubjectDNNames[i].equals(subjectDN)) - found = true; - } - if (!found) - throw new ValidateException( - "validator.18", - new Object[] { subjectDN }); - } - } - - /** - * Method validateCertificate. - * @param vsr is the VerifyXMLSignatureResponse - * @param idl - * @throws ValidateException - */ - public void validateCertificate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - IdentityLink idl) - throws ValidateException { - - X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); - PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); - - RSAPublicKey pubKeyResponse = (RSAPublicKey) x509Response.getPublicKey(); - - boolean found = false; - for (int i = 0; i < pubKeysIdentityLink.length; i++) { - if (idl.getPublicKey()[i] - instanceof java.security.interfaces.RSAPublicKey) { - /* for (int j = 0; - j < idl.getPublicKey()[i].getClass().getInterfaces().length; - j++) { - if (idl.getPublicKey()[i].getClass().getInterfaces()[j].getName() - .equals("java.security.interfaces.RSAPublicKey")) {*/ - RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; - if (rsakey.getModulus().equals(pubKeyResponse.getModulus()) - && rsakey.getPublicExponent().equals( - pubKeyResponse.getPublicExponent())) - found = true; - } - - } - - if (!found) - throw new ValidateException("validator.09", null); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java deleted file mode 100644 index 6d3e05c29..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ /dev/null @@ -1,697 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -import iaik.pki.pathvalidation.ChainingModes; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -import java.io.ByteArrayInputStream; -import java.math.BigInteger; -import java.security.Principal; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.w3c.dom.Attr; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * A class that builds configuration data from a DOM based representation. - * - * @author Patrick Peck - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConfigurationBuilder { - - // - // XPath namespace prefix shortcuts - // - /** an XPATH-Expression */ - private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; - /** an XPATH-Expression */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - - // - // chaining mode constants appearing in the configuration file - // - /** an XPATH-Expression */ - private static final String CM_CHAINING = "chaining"; - /** an XPATH-Expression */ - private static final String CM_PKIX = "pkix"; - /** an XPATH-Expression */ - private static final String DEFAULT_ENCODING = "UTF-8"; - - /** - * Default online application configuration file name - * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>). - */ - public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; - - // - // XPath expressions to select certain parts of the configuration - // - /** an XPATH-Expression */ - private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; - /** an XPATH-Expression */ - private static final String ROOTOA = "/" + CONF + "Configuration/"; - /** an XPATH-Expression */ - private static final String AUTH_BKU_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; - /** an XPATH-Expression */ - private static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; - /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; - - /** an XPATH-Expression */ - private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; - /** an XPATH-Expression */ - private static final String PROXY_AUTH_XPATH = - ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; - - /** an XPATH-Expression */ - private static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; - /** an XPATH-Expression */ - private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; - /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; - /** an XPATH-Expression */ - private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; - /** an XPATH-Expression */ - private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_URL_XPATH = - CONF + "ConnectionParameter/@URL"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = - CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = - CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = - CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; - /** an XPATH-Expression */ - private static final String GENERIC_CONFIGURATION_XPATH = - ROOT + CONF + "GenericConfiguration"; - /** an XPATH-Expression */ - private static final String OACONF_LOGIN_TYPE_XPATH = - ROOTOA + CONF + "LoginType"; - /** an XPATH-Expression */ - private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = - ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; - /** an XPATH-Expression */ - private static final String OACONF_USER_ID_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; - /** an XPATH-Expression */ - private static final String OACONF_PASSWORD_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; - /** an XPATH-Expression */ - private static final String OACONF_HEADER_AUTH_HEADER_XPATH = - ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; - /** an XPATH-Expression */ - private static final String CHAINING_MODES_XPATH = - ROOT + CONF + "ChainingModes"; - /** an XPATH-Expression */ - private static final String CHAINING_MODES_DEFAULT_XPATH = - CHAINING_MODES_XPATH + "/@systemDefaultMode"; - /** an XPATH-Expression */ - private static final String TRUST_ANCHOR_XPATH = - ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; - /** an XPATH-Expression */ - private static final String ISSUER_XPATH = DSIG + "X509IssuerName"; - /** an XPATH-Expression */ - private static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; - /** an XPATH-Expression */ - private static final String TRUSTED_CA_CERTIFICATES_XPATH = - ROOT + CONF + "TrustedCACertificates"; - - - /** - * main configuration file directory name used to configure MOA-ID - */ - private String rootConfigFileDir; - - /** The root element of the MOA-ID configuration */ - private Element configElem; - - /** - * Creates a new <code>MOAConfigurationProvider</code>. - * - * @param configElem The root element of the MOA-ID configuration. - */ - public ConfigurationBuilder(Element configElem, String rootConfigDir) { - this.configElem = configElem; - this.rootConfigFileDir = rootConfigDir; - } - - /** - * Returns the root element of the MOA-ID configuration. - * - * @return The root element of the MOA-ID configuration. - */ - public Element getConfigElem() { - return configElem; - } - - /** - * Build a ConnectionParameter object containing all information - * of the moa-sp element in the authentication component - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter buildAuthBKUConnectionParameter() { - - Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH); - if (authBKU==null) return null; - return buildConnectionParameter(authBKU); - } - - /** - * Method buildAuthBKUSelectionType. - * - * Build a string with the configuration value of BKUSelectionAlternative - * - * @return String - */ - public String buildAuthBKUSelectionType() { - - Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH); - if (authBKU==null) return null; - return (authBKU).getAttribute("BKUSelectionAlternative"); - } - - /** - * Build a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - public String[] buildTransformsInfoFileNames() { - - List transformsInfoFileNames = new ArrayList(); - NodeIterator tiIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - Attr tiElem; - - while ((tiElem = (Attr) tiIter.nextNode()) != null) { - - String tiFileName = tiElem.getNodeValue(); - transformsInfoFileNames.add(tiFileName); - } - String[] result = new String[transformsInfoFileNames.size()]; - transformsInfoFileNames.toArray(result); - - return result; - } - - /** - * Build a ConnectionParameter bean containing all information - * of the authentication component moa-sp element - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter buildMoaSpConnectionParameter() { - - Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH); - if (connectionParameter==null) return null; - return buildConnectionParameter(connectionParameter); - } - - /** - * Return a string with a url-reference to the VerifyIdentityLink trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyIdentityLink trust profile ID - */ - public String getMoaSpIdentityLinkTrustProfileID() { - return XPathUtils.getElementValue( - getConfigElem(), - AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, - ""); - } - /** - * Return a string representation of an URL pointing to trusted CA Certificates - * @return String representation of an URL pointing to trusted CA Certificates - */ - public String getTrustedCACertificates() { - return XPathUtils.getElementValue( - getConfigElem(), - TRUSTED_CA_CERTIFICATES_XPATH,null); - } - - /** - * Return a string with a url-reference to the VerifyAuthBlock trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - */ - public String getMoaSpAuthBlockTrustProfileID() { - return XPathUtils.getElementValue( - getConfigElem(), - AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, - ""); - } - /** - * Build a string array with references to all verify transform info - * IDs within the moa-sp part of the authentication component - * @return A string array containing all urls to the - * verify transform info IDs - */ - public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { - - List verifyTransformsInfoIDs = new ArrayList(); - NodeIterator vtIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); - Element vtElem; - - while ((vtElem = (Element) vtIter.nextNode()) != null) { - - String vtInfoIDs = DOMUtils.getText(vtElem); - verifyTransformsInfoIDs.add(vtInfoIDs); - } - String[] result = new String[verifyTransformsInfoIDs.size()]; - verifyTransformsInfoIDs.toArray(result); - - return result; - } - - /** - * Return a string array containing all X509 Subject Names - * of the Identity Link Signers - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - */ - public String[] getIdentityLink_X509SubjectNames() { - - List x509SubjectNameList = new ArrayList(); - NodeIterator x509Iter = - XPathUtils.selectNodeIterator( - getConfigElem(), - AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); - Element x509Elem; - - while ((x509Elem = (Element) x509Iter.nextNode()) != null) { - - String vtInfoIDs = DOMUtils.getText(x509Elem); - x509SubjectNameList.add(vtInfoIDs); - } - String[] result = new String[x509SubjectNameList.size()]; - x509SubjectNameList.toArray(result); - - return result; - } - - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for the authentication component of the online - * application - */ - public OAAuthParameter[] buildOnlineApplicationAuthParameters() { - - List OA_set = new ArrayList(); - NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH); - - for (int i = 0; i < OAIter.getLength(); i++) { - Element oAElem = (Element) OAIter.item(i); - Element authComponent = - (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); - - OAAuthParameter oap = new OAAuthParameter(); - oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); - //Check if there is an Auth-Block to read from configuration - if (authComponent!=null) - { - oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl"))); - oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); - oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); - } - OA_set.add(oap); - } - OAAuthParameter[] result = - new OAAuthParameter[OA_set.size()]; - OA_set.toArray(result); - - return result; - - } - - /** - * Build a bean containing all information about the ProxyComponent - * @return The ConnectionParameter for the Proxy Component - */ - public ConnectionParameter buildAuthComponentConnectionParameter() - { - - Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH); - if (connectionParameter==null) return null; - return buildConnectionParameter(connectionParameter); - - } - /** - * Method buildConnectionParameter: internal Method for creating a - * ConnectionParameter object with all data found in the incoming element - * @param root: this Element contains the ConnectionParameter - * @return ConnectionParameter - */ - protected ConnectionParameter buildConnectionParameter(Element root) - { - ConnectionParameter result = new ConnectionParameter(); - result.setAcceptedServerCertificates( - XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); - - result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( - result.getAcceptedServerCertificates(), rootConfigFileDir)); - - result.setUrl( - XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); - result.setClientKeyStore( - XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); - - result.setClientKeyStore(FileUtils.makeAbsoluteURL( - result.getClientKeyStore(), rootConfigFileDir)); - - result.setClientKeyStorePassword( - XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); - - if ((result.getAcceptedServerCertificates()==null) - && (result.getUrl()=="") - && (result.getClientKeyStore()==null) - && (result.getClientKeyStorePassword()=="")) - return null; - - return result; - } - - /** - * Build an array of OnlineApplication Parameter Beans containing information - * about the proxy component - * @return An OAProxyParameter array containing beans - * with all relevant information for the proxy component of the online - * application - */ - public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ - - List oA_list = new ArrayList(); - NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH); - - for (int i = 0; i < OAIter.getLength(); i++) { - Element oAElem = (Element) OAIter.item(i); - OAProxyParameter oap = new OAProxyParameter(); - - oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); - Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); - if (proxyComponentElem != null) { - oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); - oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir)); - // default session time out: 3600 sec = 1 h - oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); - oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); - oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); - oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); - - ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); - oap.setConnectionParameter(conPara); - - OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); - oap.setOaConfiguration(oaConf); - - oA_list.add(oap); - } - } - OAProxyParameter[] result = - new OAProxyParameter[oA_list.size()]; - oA_list.toArray(result); - - return result; - - } - - /** - * Build the mapping of generic configuration properties. - * - * @return a {@link Map} of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map buildGenericConfiguration() { - - Map genericConfiguration = new HashMap(); - NodeIterator gcIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - GENERIC_CONFIGURATION_XPATH); - Element gcElem; - - while ((gcElem = (Element) gcIter.nextNode()) != null) { - String gcName = gcElem.getAttribute("name"); - String gcValue = gcElem.getAttribute("value"); - - genericConfiguration.put(gcName, gcValue); - } - - return genericConfiguration; - } - /** - * Method buildOAConfiguration. - * - * Build an {@link OAConfiguration} Object from the given configuration DOM element - * - * @param root - * @return OAConfiguration - * @throws ConfigurationException - */ - public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ - - OAConfiguration oaConfiguration = new OAConfiguration(); - - //The LoginType hast to be "stateless" or "stateful" to be valid - oaConfiguration.setLoginType( - XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); - - //Try to build the Parameter Auth Parameters - NodeIterator paramAuthIter = - XPathUtils.selectNodeIterator( - root, - OACONF_PARAM_AUTH_PARAMETER_XPATH); - Element paramAuthElem; - HashMap paramAuthMap = new HashMap(); - while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { - String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); - String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); - if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); - paramAuthMap.put(name, value); - } - oaConfiguration.setParamAuthMapping(paramAuthMap); - // Try to build the BasicAuthParameters - oaConfiguration.setBasicAuthUserIDMapping( - XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); - oaConfiguration.setBasicAuthPasswordMapping( - XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); - - //Try to build the Parameter Auth Parameters - NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); - - Element headerAuthElem; - HashMap headerAuthMap = new HashMap(); - while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { - String name = - XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); - String value = - XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); - // Contains Key (Neue Config-Exception: doppelte werte) - if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); - headerAuthMap.put(name, value); - } - oaConfiguration.setHeaderAuthMapping(headerAuthMap); - - if (paramAuthMap.size() == 0) { - if (oaConfiguration.getBasicAuthUserIDMapping() == null) { - oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); - - return oaConfiguration; - } - - /** - * Reads the configuration file of the online application, and creates a DOM tree from it. - * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given, - * uses default configuration file location. - * - * @param oap configuration data of online application, meant for use by MOA-ID-PROXY - * @return Element DOM tree root element - * @throws ConfigurationException on any exception thrown - */ - private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException - { - try { - String configFileURL = oap.getConfigFileURL(); - if (configFileURL == null) { - // use default config file URL, when config file URL is not given - configFileURL = oap.getConnectionParameter().getUrl(); - if (configFileURL.charAt(configFileURL.length() - 1) != '/') - configFileURL += "/"; - configFileURL += DEFAULT_OA_CONFIG_FILENAME; - } - Logger.info("Loading MOA-OA configuration " + configFileURL); - Element configElem = DOMUtils.parseXmlValidating( - new ByteArrayInputStream(FileUtils.readURL(configFileURL))); - return configElem; - } - catch (Throwable t) { - throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); - } - } - - /** - * Returns the default chaining mode from the configuration. - * - * @return The default chaining mode. - */ - public String getDefaultChainingMode() { - String defaultChaining = - XPathUtils.getAttributeValue( - getConfigElem(), - CHAINING_MODES_DEFAULT_XPATH, - CM_CHAINING); - - return translateChainingMode(defaultChaining); - - } - /** - * Build the chaining modes for all configured trust anchors. - * - * @return The mapping from trust anchors to chaining modes. - */ - public Map buildChainingModes() { - Map chainingModes = new HashMap(); - NodeIterator trustIter = - XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); - Element trustAnchorElem; - - while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { - IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); - String mode = trustAnchorElem.getAttribute("mode"); - - if (issuerAndSerial != null) { - chainingModes.put(issuerAndSerial, translateChainingMode(mode)); - } - } - - return chainingModes; - } - - /** - * Build an <code>IssuerAndSerial</code> from the DOM representation. - * - * @param root The root element (being of type <code>dsig: - * X509IssuerSerialType</code>. - * @return The issuer and serial number contained in the <code>root</code> - * element or <code>null</code> if could not be built for any reason. - */ - private IssuerAndSerial buildIssuerAndSerial(Element root) { - String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); - String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); - - if (issuer != null && serial != null) { - try { - RFC2253NameParser nameParser = new RFC2253NameParser(issuer); - Principal issuerDN = nameParser.parse(); - - return new IssuerAndSerial(issuerDN, new BigInteger(serial)); - } catch (RFC2253NameParserException e) { - warn("config.09", new Object[] { issuer, serial }, e); - return null; - } catch (NumberFormatException e) { - warn("config.09", new Object[] { issuer, serial }, e); - return null; - } - } - return null; - } - - /** - * Translate the chaining mode from the configuration file to one used in the - * IAIK MOA API. - * - * @param chainingMode The chaining mode from the configuration. - * @return The chaining mode as provided by the <code>ChainingModes</code> - * interface. - * @see iaik.pki.pathvalidation.ChainingModes - */ - private String translateChainingMode(String chainingMode) { - if (chainingMode.equals(CM_CHAINING)) { - return ChainingModes.CHAIN_MODE; - } else if (chainingMode.equals(CM_PKIX)) { - return ChainingModes.PKIX_MODE; - } else { - return ChainingModes.CHAIN_MODE; - } - } - - /** - * Method warn. - * @param messageId to identify a country-specific message - * @param parameters for the logger - */ - // - // various utility methods - // - - private static void warn(String messageId, Object[] parameters) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - } - - /** - * Method warn. - * @param messageId to identify a country-specific message - * @param args for the logger - * @param t as throwabl - */ - private static void warn(String messageId, Object[] args, Throwable t) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java deleted file mode 100644 index 2ebec0398..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java +++ /dev/null @@ -1,31 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception signalling an error in the configuration. - * - * @author Patrick Peck - * @version $Id$ - */ -public class ConfigurationException extends MOAIDException { - - /** - * Create a <code>MOAConfigurationException</code>. - */ - public ConfigurationException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Create a <code>MOAConfigurationException</code>. - */ - public ConfigurationException( - String messageId, - Object[] parameters, - Throwable wrapped) { - - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java deleted file mode 100644 index 48e82011d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ /dev/null @@ -1,114 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -import java.math.BigInteger; -import java.security.Principal; -import java.security.cert.X509Certificate; -import java.util.Map; - -import at.gv.egovernment.moa.id.data.IssuerAndSerial; - -/** - * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>, - * providing functions common to both of them. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConfigurationProvider { - - /** - * Constructor - */ - public ConfigurationProvider() { - super(); - } - - /** - * The name of the system property which contains the file name of the - * configuration file. - */ - public static final String CONFIG_PROPERTY_NAME = - "moa.id.configuration"; - - /** - * The name of the generic configuration property giving the certstore directory path. - */ - public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = - "DirectoryCertStoreParameters.RootDir"; - - /** - * The name of the generic configuration property switching the ssl revocation checking on/off - */ - public static final String TRUST_MANAGER_REVOCATION_CHECKING = - "TrustManager.RevocationChecking"; - - - /** - * A <code>Map</code> which contains generic configuration information. Maps a - * configuration name (a <code>String</code>) to a configuration value (also a - * <code>String</code>). - */ - protected Map genericConfiguration; - - /** The default chaining mode. */ - protected String defaultChainingMode; - - /** - * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to - * chaining mode (a <code>String</code>) mapping. - */ - protected Map chainingModes; - - /** - * the URL for the trusted CA Certificates - */ - protected String trustedCACertificates; - - /** - * Returns the mapping of generic configuration properties. - * - * @return The mapping of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map getGenericConfiguration() { - return genericConfiguration; - } - - /** - * Returns the value of a parameter from the generic configuration section. - * - * @return the parameter value; <code>null</code> if no such parameter - */ - public String getGenericConfigurationParameter(String parameter) { - if (! genericConfiguration.containsKey(parameter)) - return null; - return (String)genericConfiguration.get(parameter); - } - - /** - * Return the chaining mode for a given trust anchor. - * - * @param trustAnchor The trust anchor for which the chaining mode should be - * returned. - * @return The chaining mode for the given trust anchor. If the trust anchor - * has not been configured separately, the system default will be returned. - */ - public String getChainingMode(X509Certificate trustAnchor) { - Principal issuer = trustAnchor.getIssuerDN(); - BigInteger serial = trustAnchor.getSerialNumber(); - IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); - - String mode = (String) chainingModes.get(issuerAndSerial); - return mode != null ? mode : defaultChainingMode; - } - - /** - * Returns the trustedCACertificates. - * @return String - */ - public String getTrustedCACertificates() { - - return trustedCACertificates; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java deleted file mode 100644 index 30b09cfe0..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ /dev/null @@ -1,106 +0,0 @@ -package at.gv.egovernment.moa.id.config; - -/** - * This bean class is used to store data for various connectionParameter - * within the MOA-ID configuration - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConnectionParameter { - - /** - * Server URL - */ - private String url; - /** - * File URL for a directory containing PKCS#12 server SSL certificates. - * From these certificates, a X509 trust store will be assembled for use - * by a JSSE <code>TrustManager</code>. - * This field will only be used in case of an HTTPS URL. - */ - private String acceptedServerCertificates; - /** - * File URL of a X509 key store containing the private key to be used - * for an HTTPS connection when the server requires client authentication. - * This field will only be used in case of an HTTPS URL. - */ - private String clientKeyStore; - /** - * Password protecting the client key store. - */ - private String clientKeyStorePassword; - - /** - * Checks whether the URL scheme is <code>"https"</code>. - * @return true in case of an URL starting with <code>"https"</code> - */ - public boolean isHTTPSURL() { - return getUrl().indexOf("https") == 0; - } - - /** - * Returns the url. - * @return String - */ - public String getUrl() { - return url; - } - - /** - * Returns the acceptedServerCertificates. - * @return String - */ - public String getAcceptedServerCertificates() { - return acceptedServerCertificates; - } - - /** - * Sets the acceptedServerCertificates. - * @param acceptedServerCertificates The acceptedServerCertificates to set - */ - public void setAcceptedServerCertificates(String acceptedServerCertificates) { - this.acceptedServerCertificates = acceptedServerCertificates; - } - - /** - * Sets the url. - * @param url The url to set - */ - public void setUrl(String url) { - this.url = url; - } - - /** - * Returns the clientKeyStore. - * @return String - */ - public String getClientKeyStore() { - return clientKeyStore; - } - - /** - * Returns the clientKeyStorePassword. - * @return String - */ - public String getClientKeyStorePassword() { - return clientKeyStorePassword; - } - - /** - * Sets the clientKeyStore. - * @param clientKeyStore The clientKeyStore to set - */ - public void setClientKeyStore(String clientKeyStore) { - this.clientKeyStore = clientKeyStore; - } - - /** - * Sets the clientKeyStorePassword. - * @param clientKeyStorePassword The clientKeyStorePassword to set - */ - public void setClientKeyStorePassword(String clientKeyStorePassword) { - this.clientKeyStorePassword = clientKeyStorePassword; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java deleted file mode 100644 index 2e133130c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ /dev/null @@ -1,375 +0,0 @@ -package at.gv.egovernment.moa.id.config.auth; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.MalformedURLException; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * A class providing access to the Auth Part of the MOA-ID configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.id.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>AuthConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>AuthConfigurationProvider</code> local to that request.</p> - * - * @author Patrick Peck - * @author Stefan Knirsch - * - * @version $Id$ - */ -public class AuthConfigurationProvider extends ConfigurationProvider { - - /** DEFAULT_ENCODING is "UTF-8" */ - private static final String DEFAULT_ENCODING="UTF-8"; - /** - * The name of the generic configuration property giving the authentication session time out. - */ - public static final String AUTH_SESSION_TIMEOUT_PROPERTY = - "AuthenticationSession.TimeOut"; - /** - * The name of the generic configuration property giving the authentication data time out. - */ - public static final String AUTH_DATA_TIMEOUT_PROPERTY = - "AuthenticationData.TimeOut"; - - /** - * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code> - */ - public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = - "HTMLComplete"; - - /** - * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code> - */ - public static final String BKU_SELECTION_TYPE_HTMLSELECT = - "HTMLSelect"; - - /** - * The name of the generic configuration property allowing https connection to - * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) - */ - public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = - "FrontendServlets.EnableHTTPConnection"; - - /** - * The name of the generic configuration property allowing to set a individual - * DATA URL used to communicate with the BKU (SecurityLayer) - */ - public static final String INDIVIDUAL_DATA_URL_PREFIX = - "FrontendServlets.DataURLPrefix"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static AuthConfigurationProvider instance; - - // - // configuration data - // - - /** - * main configuration file directory name used to configure MOA-ID - */ - private String rootConfigFileDir; - - /** - * configuration files containing transformations for rendering in the - * secure viewer of the security layer implementation; - * multiple files can be given for different mime types - */ - private String[] transformsInfoFileNames; - /** - * transformations for rendering in the secure viewer of the security layer implementation, - * read from {@link transformsInfoFileNames}; - * multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - /** - * parameters for connection to MOA SP component - */ - private ConnectionParameter moaSpConnectionParameter; - /** - * trust profile ID to be used for verifying the identity link signature via MOA ID SP - */ - private String moaSpIdentityLinkTrustProfileID; - /** - * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP - */ - private String moaSpAuthBlockTrustProfileID; - /** - * transformations to be used for verifying the AUTH block signature via MOA ID SP - */ - private String[] moaSpAuthBlockVerifyTransformsInfoIDs; - /** - * X509 SubjectNames which will be trusted - */ - private String[] identityLinkX509SubjectNames; - - /** - * configuration parameters for online applications - */ - private OAAuthParameter[] onlineApplicationAuthParameters; - /** - * the Selection Type of the bku Selection Element - */ - private String bKUSelectionType; - /** - * is the bku Selection Element present? - */ - private boolean bKUSelectable; - /** - * the bku Selection Connection Parameters - */ - private ConnectionParameter bKUConnectionParameter; - /** - * Return the single instance of configuration data. - * - * @return AuthConfigurationProvider The current configuration data. - * @throws ConfigurationException - */ - public static synchronized AuthConfigurationProvider getInstance() - throws ConfigurationException { - - if (instance == null) { - reload(); - } - return instance; - } - - /** - * Reload the configuration data and set it if successful. - * - * @return AuthConfigurationProvider The loaded configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized AuthConfigurationProvider reload() - throws ConfigurationException { - String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); - if (fileName == null) { - throw new ConfigurationException("config.01", null); - } - Logger.info("Loading MOA-ID-AUTH configuration " + fileName); - - instance = new AuthConfigurationProvider(fileName); - return instance; - } - - /** - * Constructor for AuthConfigurationProvider. - * @param fileName - * @throws ConfigurationException - */ - public AuthConfigurationProvider(String fileName) - throws ConfigurationException { - - load(fileName); - } - - /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA ID configuration. - * - * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. - */ - private void load(String fileName) throws ConfigurationException { - InputStream stream = null; - Element configElem; - ConfigurationBuilder builder; - - try { - // load the main config file - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseXmlValidating(stream); - } catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - } - } - try { - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - bKUSelectable = (bKUConnectionParameter!=null); - bKUSelectionType = builder.buildAuthBKUSelectionType(); - genericConfiguration = builder.buildGenericConfiguration(); - transformsInfoFileNames = builder.buildTransformsInfoFileNames(); - loadTransformsInfos(); - moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(); - identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); } - - catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - - /** - * Loads the <code>transformsInfos</code> from files. - * @throws Exception on any exception thrown - */ - private void loadTransformsInfos() throws Exception { - - transformsInfos = new String[transformsInfoFileNames.length]; - for (int i = 0; i < transformsInfoFileNames.length; i++) { - String fileURL = transformsInfoFileNames[i]; - - //if fileURL is relative to rootConfigFileDir make it absolute - fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); - String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); - transformsInfos[i] = transformsInfo; - } - } - /** - * Return a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - public String[] getTransformsInfoFileNames() { - return transformsInfoFileNames; - } - - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for theauthentication component of the online - * application - */ - public OAAuthParameter[] getOnlineApplicationParameters() { - return onlineApplicationAuthParameters; - } - - /** - * Provides configuration information regarding the online application behind - * the given URL, relevant to the MOA-ID Auth component. - * - * @param oaURL URL requested for an online application - * @return an <code>OAAuthParameter</code>, or <code>null</code> - * if none is applicable - */ - public OAAuthParameter getOnlineApplicationParameter(String oaURL) { - OAAuthParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAAuthParameter oaParam = oaParams[i]; - if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) - return oaParam; - } - return null; - } - - /** - * Return a string with a url-reference to the VerifyAuthBlock trust - * profile id within the moa-sp part of the authentication component - * - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - */ - public String getMoaSpAuthBlockTrustProfileID() { - return moaSpAuthBlockTrustProfileID; - } - - /** - * Return a string array with references to all verify transform info - * IDs within the moa-sp part of the authentication component - * @return A string array containing all urls to the - * verify transform info IDs - */ - public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { - return moaSpAuthBlockVerifyTransformsInfoIDs; - } - - /** - * Return a ConnectionParameter bean containing all information - * of the authentication component moa-sp element - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter getMoaSpConnectionParameter() { - return moaSpConnectionParameter; - } - - /** - * Return a string with a url-reference to the VerifyIdentityLink trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyIdentityLink trust profile ID - */ - public String getMoaSpIdentityLinkTrustProfileID() { - return moaSpIdentityLinkTrustProfileID; - } - /** - * Returns the transformsInfos. - * @return String[] - */ - public String[] getTransformsInfos() { - return transformsInfos; - } - - /** - * Returns the identityLinkX509SubjectNames. - * @return String[] - */ - public String[] getIdentityLinkX509SubjectNames() { - return identityLinkX509SubjectNames; - } - - /** - * Returns the bKUConnectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getBKUConnectionParameter() { - return bKUConnectionParameter; - } - - /** - * Returns the bKUSelectable. - * @return boolean - */ - public boolean isBKUSelectable() { - return bKUSelectable; - } - - /** - * Returns the bKUSelectionType. - * @return String - */ - public String getBKUSelectionType() { - return bKUSelectionType; - } - -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java deleted file mode 100644 index 9ee1ec606..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ /dev/null @@ -1,93 +0,0 @@ -package at.gv.egovernment.moa.id.config.auth; - -/** - * Configuration parameters belonging to an online application, - * to use with the MOA ID Auth component. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAAuthParameter { - - /** - * public URL prefix of the online application - */ - private String publicURLPrefix; - /** - * determines whether "ZMR-Zahl" is to be included in the authentication data - */ - private boolean provideZMRZahl; - /** - * determines whether AUTH block is to be included in the authentication data - */ - private boolean provideAuthBlock; - /** - * determines whether identity link is to be included in the authentication data - */ - private boolean provideIdentityLink; - - /** - * Returns the provideAuthBlock. - * @return String - */ - public boolean getProvideAuthBlock() { - return provideAuthBlock; - } - - /** - * Returns the provideIdentityLink. - * @return String - */ - public boolean getProvideIdentityLink() { - return provideIdentityLink; - } - - /** - * Returns the provideZMRZahl. - * @return String - */ - public boolean getProvideZMRZahl() { - return provideZMRZahl; - } - - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - /** - * Sets the provideAuthBlock. - * @param provideAuthBlock The provideAuthBlock to set - */ - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } - - /** - * Sets the provideIdentityLink. - * @param provideIdentityLink The provideIdentityLink to set - */ - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } - - /** - * Sets the provideZMRZahl. - * @param provideZMRZahl The provideZMRZahl to set - */ - public void setProvideZMRZahl(boolean provideZMRZahl) { - this.provideZMRZahl = provideZMRZahl; - } - - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java deleted file mode 100644 index c9a13fee5..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java +++ /dev/null @@ -1,145 +0,0 @@ -package at.gv.egovernment.moa.id.config.proxy; - -import java.util.HashMap; -import java.util.Map; - -/** - * Holds configuration data concerning an online application for use by the MOA-ID Proxy component. - * These include the login type (stateful or stateless), the HTTP authentication type, - * and information needed to add authentication parameters or headers for a URL connection - * to the remote online application. - * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code> - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAConfiguration { - - /** Constant for an login method */ - public static final String LOGINTYPE_STATEFUL = "stateful"; - /** Constant for an login method */ - public static final String LOGINTYPE_STATELESS = "stateless"; - - /** Constant for an auth method */ - public static final String BASIC_AUTH = "basic"; - /** Constant for an auth method */ - public static final String HEADER_AUTH = "header"; - /** Constant for an auth method */ - public static final String PARAM_AUTH = "param"; - - /** login type: stateful or stateless */ - String loginType; - /** authentication type: basic, header, or param */ - String authType; - /** - * mapping of parameter names to AuthenticationData field names - * in case of authentication type <code>"header-auth"</code> - */ - Map paramAuthMapping; - /** - * mapping of parameter names to AuthenticationData field names - * in case of authentication type <code>"param-auth"</code> - */ - Map headerAuthMapping; - /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */ - String basicAuthUserIDMapping; - /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */ - String basicAuthPasswordMapping; - - /** - * Returns the basicAuthPasswordMapping. - * @return String - */ - public String getBasicAuthPasswordMapping() { - return basicAuthPasswordMapping; - } - - /** - * Returns the basicAuthUserIDMapping. - * @return String - */ - public String getBasicAuthUserIDMapping() { - return basicAuthUserIDMapping; - } - - /** - * Returns the headerAuthMapping. - * @return HashMap - */ - public Map getHeaderAuthMapping() { - return headerAuthMapping; - } - - /** - * Returns the loginType. - * @return String - */ - public String getLoginType() { - return loginType; - } - - /** - * Returns the paramAuthMapping. - * @return HashMap - */ - public Map getParamAuthMapping() { - return paramAuthMapping; - } - - /** - * Sets the basicAuthPasswordMapping. - * @param basicAuthPasswordMapping The basicAuthPasswordMapping to set - */ - public void setBasicAuthPasswordMapping(String basicAuthPassword) { - this.basicAuthPasswordMapping = basicAuthPassword; - } - - /** - * Sets the basicAuthUserIDMapping. - * @param basicAuthUserIDMapping The basicAuthUserIDMapping to set - */ - public void setBasicAuthUserIDMapping(String basicAuthUserID) { - this.basicAuthUserIDMapping = basicAuthUserID; - } - - /** - * Sets the headerAuthMapping. - * @param headerAuthMapping The headerAuthMapping to set - */ - public void setHeaderAuthMapping(HashMap headerAuth) { - this.headerAuthMapping = headerAuth; - } - - /** - * Sets the loginType. - * @param loginType The loginType to set - */ - public void setLoginType(String loginType) { - this.loginType = loginType; - } - - /** - * Sets the paramAuthMapping. - * @param paramAuthMapping The paramAuthMapping to set - */ - public void setParamAuthMapping(HashMap paramAuth) { - this.paramAuthMapping = paramAuth; - } - - /** - * Returns the authType. - * @return String - */ - public String getAuthType() { - return authType; - } - - /** - * Sets the authType. - * @param authType The authType to set - */ - public void setAuthType(String authLoginType) { - this.authType = authLoginType; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java deleted file mode 100644 index a16dcfa26..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ /dev/null @@ -1,183 +0,0 @@ -package at.gv.egovernment.moa.id.config.proxy; - -import at.gv.egovernment.moa.id.config.ConnectionParameter; - -/** - * Configuration parameters belonging to an online application, - * to use with the MOA ID Proxy component. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAProxyParameter { - - /** - * public URL prefix of the online application - */ - private String publicURLPrefix; - /** - * URL of online application configuration file; - * defaults to relative URL <code>/moaconfig.xml</code> - */ - private String configFileURL; - /** - * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface - * to be used for authenticating the online application; - * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver} - */ - private String loginParameterResolverImpl; - - /** - * Configuration Parameter of LoginParameterResolver - */ - private String loginParameterResolverConfiguration; - - /** - * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface - * to be used for connecting to the online application; - * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder} - */ - private String connectionBuilderImpl; - /** - * session time out to be used in case of a stateless online application - */ - private int sessionTimeOut; - /** - * parameters regarding the connection from the proxy to the online application - */ - private ConnectionParameter connectionParameter; - /** - * parameters for logging into the online application - */ - private OAConfiguration oaConfiguration; - - - /** - * Returns the configFileURL. - * @return String - */ - public String getConfigFileURL() { - return configFileURL; - } - - /** - * Returns the sessionTimeOut. - * @return int - */ - public int getSessionTimeOut() { - return sessionTimeOut; - } - - /** - * Returns the connectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getConnectionParameter() { - return connectionParameter; - } - - /** - * Sets the configFileURL. - * @param configFileURL The configFileURL to set - */ - public void setConfigFileURL(String oaProxyConfigFileURL) { - this.configFileURL = oaProxyConfigFileURL; - } - - /** - * Sets the sessionTimeOut. - * @param sessionTimeOut The sessionTimeOut to set - */ - public void setSessionTimeOut(int oaProxySessionTimeOut) { - this.sessionTimeOut = oaProxySessionTimeOut; - } - - /** - * Sets the connectionParameter. - * @param connectionParameter The connectionParameter to set - */ - public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) { - this.connectionParameter = proxyConnectionParameter; - } - - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String url) { - this.publicURLPrefix = url; - } - - /** - * Returns the connectionBuilderImpl. - * @return String - */ - public String getConnectionBuilderImpl() { - return connectionBuilderImpl; - } - - /** - * Returns the loginParameterResolverImpl. - * @return String - */ - public String getLoginParameterResolverImpl() { - return loginParameterResolverImpl; - } - - /** - * Returns the loginParameterResolverConfiguration. - * @return String - */ - public String getLoginParameterResolverConfiguration() { - return loginParameterResolverConfiguration; - } - - /** - * Sets the connectionBuilderImpl. - * @param connectionBuilderImpl The connectionBuilderImpl to set - */ - public void setConnectionBuilderImpl(String connectionBuilderImp) { - this.connectionBuilderImpl = connectionBuilderImp; - } - - /** - * Sets the loginParameterResolverImpl. - * @param loginParameterResolverImpl The loginParameterResolverImpl to set - */ - public void setLoginParameterResolverImpl(String loginParameterResolverImpl) { - this.loginParameterResolverImpl = loginParameterResolverImpl; - } - - /** - * Sets the loginParameterResolverConfiguration. - * @param loginParameterResolverImpl The loginParameterResolverImpl to set - */ - public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) { - this.loginParameterResolverConfiguration = loginParameterResolverConfiguration; - } - - /** - * Returns the oaConfiguration. - * @return OAConfiguration - */ - public OAConfiguration getOaConfiguration() { - return oaConfiguration; - } - - /** - * Sets the oaConfiguration. - * @param oaConfiguration The oaConfiguration to set - */ - public void setOaConfiguration(OAConfiguration oaConfiguration) { - this.oaConfiguration = oaConfiguration; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java deleted file mode 100644 index 622ae6f82..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ /dev/null @@ -1,193 +0,0 @@ -package at.gv.egovernment.moa.id.config.proxy; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.MalformedURLException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * A class providing access to the Proxy Part of the MOA-ID configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.id.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>ProxyConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>ProxyConfigurationProvider</code> local to that request.</p> - * - * @author Stefan Knirsch - */ -public class ProxyConfigurationProvider extends ConfigurationProvider { - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static ProxyConfigurationProvider instance; - - /** - * main configuration file directory name used to configure MOA-ID - */ - private String rootConfigFileDir; - - // - // configuration data - // - /** - * connection parameters for connection to MOA ID Auth component - */ - private ConnectionParameter authComponentConnectionParameter; - /** - * configuration parameters for online applications - */ - private OAProxyParameter[] onlineApplicationProxyParameter; - - /** - * Return the single instance of configuration data. - * - * @return ProxyConfigurationProvider The current configuration data. - * @throws ConfigurationException - */ - public static synchronized ProxyConfigurationProvider getInstance() - throws ConfigurationException { - - if (instance == null) { - reload(); - } - return instance; - } - - /** - * Reload the configuration data and set it if successful. - * - * @return ProxyConfigurationProvider The loaded configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized ProxyConfigurationProvider reload() - throws ConfigurationException { - String fileName = System.getProperty(CONFIG_PROPERTY_NAME); - if (fileName == null) { - throw new ConfigurationException("config.01", null); - } - Logger.info("Loading MOA-ID-PROXY configuration " + fileName); - - instance = new ProxyConfigurationProvider(fileName); - return instance; - } - - /** - * Constructor for ProxyConfigurationProvider. - */ - public ProxyConfigurationProvider(String fileName) - throws ConfigurationException { - - load(fileName); - } - - /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA configuration. - * - * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. - */ - private void load(String fileName) throws ConfigurationException { - FileInputStream stream = null; - Element configElem; - ConfigurationBuilder builder; - - try { - // load the main config file - stream = new FileInputStream(fileName); - configElem = DOMUtils.parseXmlValidating(stream); - } - catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } - catch (IOException e) { - } - } - try { - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); - - onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); - for(int i = 0; i < onlineApplicationProxyParameter.length; i++) { - onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); - } - - genericConfiguration = builder.buildGenericConfiguration(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - - } - catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - - /** - * Return a bean containing all information about the ProxyComponent - * @return The ConnectionParameter for the Proxy Component - */ - public ConnectionParameter getAuthComponentConnectionParameter() { - return authComponentConnectionParameter; - } - - /** - * Build an array of OnlineApplication Parameter Beans containing all - * information about the proxy component of the online application - * @return An OAProxyParameter array containing beans - * with all relevant information for the proxy component of the online - * application - */ - public OAProxyParameter[] getOnlineApplicationParameters() { - return onlineApplicationProxyParameter; - } - /** - * Provides configuration information regarding the online application behind - * the given URL, relevant to the MOA-ID Proxy component. - * - * @param oaURL URL requested for an online application - * @return an <code>OAProxyParameter</code>, or <code>null</code> - * if none is applicable - */ - public OAProxyParameter getOnlineApplicationParameter(String oaURL) { - OAProxyParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAProxyParameter oaParam = oaParams[i]; - if (oaURL.startsWith(oaParam.getPublicURLPrefix())) - return oaParam; - } - return null; - } - -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java deleted file mode 100644 index aac1dc422..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ /dev/null @@ -1,314 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -import java.util.Date; - -/** - * Encapsulates authentication data contained in a <code><saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ - -public class AuthenticationData { - /** - * major version number of the SAML assertion - */ - private int majorVersion; - /** - * minor version number of the SAML assertion - */ - private int minorVersion; - /** - * identifier for this assertion - */ - private String assertionID; - /** - * URL of the MOA-ID Auth component issueing this assertion - */ - private String issuer; - /** - * time instant of issue of this assertion - */ - private String issueInstant; - /** - * user identification (ZMR-Zahl); <code>null</code>, - * if the authentication module is configured not to return this data - */ - private String identificationValue; - /** - * application specific user identifier (VPK) - */ - private String vpk; - /** - * given name of the user - */ - private String givenName; - /** - * family name of the user - */ - private String familyName; - /** - * date of birth of the user - */ - private String dateOfBirth; - /** - * says whether the certificate is a qualified certificate or not - */ - private boolean qualifiedCertificate; - /** - * says whether the certificate is a public authority or not - */ - private boolean publicAuthority; - /** - * public authority code (Behördenkennzeichen - BKZ) - */ - private String publicAuthorityCode; - /** - * the corresponding <code>lt;saml:Assertion></code> - */ - private String samlAssertion; - /** - * creation timestamp - */ - Date timestamp; - - /** - * Constructor for AuthenticationData. - */ - public AuthenticationData() { - timestamp = new Date(); - } - - /** - * Returns the minorVersion. - * @return int - */ - public int getMinorVersion() { - return minorVersion; - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Returns the publicAuthorityCode. - * @return String - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the vpk. - * @return String - */ - public String getVPK() { - return vpk; - } - - /** - * Sets the minorVersion. - * @param minorVersion The minorVersion to set - */ - public void setMinorVersion(int minorVersion) { - this.minorVersion = minorVersion; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityCode The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityIdentification) { - this.publicAuthorityCode = publicAuthorityIdentification; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the vpk. - * @param vpk The vpk to set - */ - public void setVPK(String vpk) { - this.vpk = vpk; - } - - /** - * Returns the assertionID. - * @return String - */ - public String getAssertionID() { - return assertionID; - } - - /** - * Returns the dateOfBirth. - * @return String - */ - public String getDateOfBirth() { - return dateOfBirth; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Returns the identificationValue. - * @return String - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Returns the issueInstant. - * @return String - */ - public String getIssueInstant() { - return issueInstant; - } - - /** - * Returns the issuer. - * @return String - */ - public String getIssuer() { - return issuer; - } - - /** - * Returns the majorVersion. - * @return int - */ - public int getMajorVersion() { - return majorVersion; - } - - /** - * Sets the assertionID. - * @param assertionID The assertionID to set - */ - public void setAssertionID(String assertionID) { - this.assertionID = assertionID; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String gamilyName) { - this.familyName = gamilyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Sets the issueInstant. - * @param issueInstant The issueInstant to set - */ - public void setIssueInstant(String issueInstant) { - this.issueInstant = issueInstant; - } - - /** - * Sets the issuer. - * @param issuer The issuer to set - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Sets the majorVersion. - * @param majorVersion The majorVersion to set - */ - public void setMajorVersion(int majorVersion) { - this.majorVersion = majorVersion; - } - - /** - * Returns the samlAssertion. - * @return String - */ - public String getSamlAssertion() { - return samlAssertion; - } - - /** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(String samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Returns the timestamp. - * @return Date - */ - public Date getTimestamp() { - return timestamp; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java b/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java deleted file mode 100644 index 5729e54c3..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java +++ /dev/null @@ -1,119 +0,0 @@ -package at.gv.egovernment.moa.id.data; -import java.util.HashMap; -import java.util.Iterator; -import java.util.StringTokenizer; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * The Cookie-class provides methods to save and return cookies for - * each single session - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Cookie { - /** A HahsMap containing all our cookies */ - HashMap cookies = new HashMap(); - /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication - * to send them back to the client/browser as soon as possible */ - HashMap cookies401 = new HashMap(); - - /** - * Adds a Cookie from a response with response-code 401 to the cookie-pool - * for sending it back to the browser / client - * @param String: the complete 'Set-Cookie' - String - */ - public void add401(String cookieString) - { - cookies401.put(getKey(cookieString),cookieString); - } - - /** - * Get the HashMap containing all cookies to be sent to the browser / client - * @return HashMap with all cookies - */ - public HashMap get401() - { - return cookies401; - } - - /** - * Clear the 401 cookie-pool - */ - public void clear401() - { - cookies401.clear(); - } - - /** - * Set a cookie that comes from the Online-Application - * and save it in our "normal" cookie-pool - * @param String the complete "Set-Cookie" - String from the Online-Application - */ - public void setCookie(String value) { - cookies.put(getKey(value), getValue(value)); - } - - /** - * Method saveOldCookies. - * @param String the complete "Set-Cookie" - String from the Online-Application - */ - public void saveOldCookies(String value) { - StringTokenizer st = new StringTokenizer(value,";"); - while (st.hasMoreTokens()) - { - // We have to trim because the Tokenizer returns cookies including spaces at the beginning - StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"="); - String cookieKey = st2.nextToken().trim(); - if (st2.hasMoreTokens()) - { - String cookieValue = st2.nextToken().trim(); - if (!cookies.containsKey(cookieKey)) - cookies.put(cookieKey , cookieValue); - } - } - Logger.debug("Found these cookies: " + getCookies()); - } - - /** - * Get a String containing all cookies saved in that session seperated by '; ' - * to be sent back to the Online-Application - * @return String containing all cookies saved in that session seperated by '; ' - */ - public String getCookies() { - String result = ""; - if (cookies.size()==0) - return null; - Iterator i = cookies.keySet().iterator(); - while (i.hasNext()) { - String key = (String) i.next(); - result += key + "=" + (String)cookies.get(key) + "; "; - } - return result.substring(0, result.length() - 2); - } - - /** - * Returns the key of a key-value-pair of a cookie - * getKey("CookieA=1234") returns CookieA - * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie - * @return String the key of a key-value-pair of a cookie - */ - private String getKey(String input) { - return input.substring(0, input.indexOf("=")); - } - - /** - * Returns the value of a key-value-pair of a cookie - * getKey("CookieA=1234") returns 1234 - * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie - * @return String the value of a key-value-pair of a cookie - */ - private String getValue(String input) { - if (input.indexOf(";") == -1) - return input.substring(input.indexOf("=") + 1, input.getBytes().length); - return input.substring(input.indexOf("=") + 1, input.indexOf(";")); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java b/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java deleted file mode 100644 index 98f84c429..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java +++ /dev/null @@ -1,114 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -import java.util.HashMap; - -/** - * The CookieManager is a singleton to manage a Cookie-Object for - * each session - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class CookieManager { - /** the singleton instance of the CookieManager */ - private static CookieManager instance; - /** a HashMap to bind a Cookie-object to every single session*/ - private static HashMap cookies = new HashMap(); - - /** - * Create a singleton of the CookieManager - * @return CookieManager - */ - public static CookieManager getInstance() - { - if(instance==null) instance=new CookieManager(); - return instance; - } - - /** - * Save a cookie to a specified session-id - * @param String id the session id - * @param String cookie_string - the complete 'Set-Cookie' String from the OnlineApplication - */ - public void saveCookie(String id,String cookie_string) - { - getCookieWithID(id).setCookie(cookie_string); - } - - /** - * Method saveOldCookies. - * @param id - * @param cookie_string - */ - public void saveOldCookies(String id,String cookie_string) - { - getCookieWithID(id).saveOldCookies(cookie_string); - } - - /** - * Get a Cookie-Object for a specified session-id - * @param String id the session id - * @return Cookie object containing all saved cookies for this session - */ - public Cookie getCookieWithID(String id) - { - Cookie c = null; - if(cookies.containsKey(id)) - c = (Cookie)cookies.get(id); - else - { - c = new Cookie(); - cookies.put(id,c); - } - return c; - } - - - /** - * Get a String containing all cookies of a specified session-id - * saved in that session seperated by '; ' to be sent back to - * the Online-Application - * @param id the session-id - * @return String containing all cookies saved in that session seperated by '; ' - */ - public String getCookie(String id) - { - Cookie result = (Cookie)cookies.get((String)id); - if (result==null) - return null; - return result.getCookies(); - - } - - /** - * Adds a Cookie for a special session from a response with - * response-code 401 to the cookie-pool for sending it back - * to the browser / client - * @param id the session-id - * @param String: the complete 'Set-Cookie' - String - */ - public void add401(String id,String value) - { - getCookieWithID(id).add401(value); - } - - /** - * Clear the 401 cookie-pool of a session - * @param id the session-id - */ - public void clear401(String id) - { - getCookieWithID(id).clear401(); - } - - /** - * Get the HashMap containing all cookies of a session to be sent to the browser / client - * @param id the session-id - * @return HashMap with all cookies - */ - public HashMap get401(String id) - { - return getCookieWithID(id).get401(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java deleted file mode 100644 index a47dd8b29..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java +++ /dev/null @@ -1,111 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -import java.math.BigInteger; -import java.security.Principal; - -import iaik.asn1.structures.Name; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -/** - * A class containing the issuer and serial number of a certificate, which can - * be used to uniquely identify the certificate. - * - * @author Patrick Peck - * @version $Id$ - */ -public class IssuerAndSerial { - /** store the issuer as String*/ - private String issuerDN; - /** store the serial as BigInteger*/ - private BigInteger serial; - - /** - * Create an <code>IssuerAndSerial</code> object. - * - * The name of the issuer is converted to RFC2253. If it cannot be parsed, the - * DN contained in the <code>issuer</code> is set. - * - * @param issuer The isser of a certificate. - * @param serial The serial number of the certificate. - */ - public IssuerAndSerial(Principal issuer, BigInteger serial) { - RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); - - try { - this.issuerDN = ((Name) parser.parse()).getRFC2253String(); - } catch (RFC2253NameParserException e) { - this.issuerDN = issuer.getName(); - } - this.serial = serial; - } - - /** - * Create an <code>IssuerAndSerial</code> object. - * - * @param issuerDN The issuer distinguished name. Should be an RFC2253 name. - * @param serial The serial number of the certificate. - */ - public IssuerAndSerial(String issuerDN, BigInteger serial) { - this.issuerDN = issuerDN; - this.serial = serial; - } - - /** - * Return the issuer DN in RFC2253 format. - * - * @return The issuer part of this object. - */ - public String getIssuerDN() { - return issuerDN; - } - - /** - * Return the serial number. - * - * @return The serial number of this object. - */ - public BigInteger getSerial() { - return serial; - } - - /** - * Compare this <code>IssuerAndSerial</code> to another object. - * - * @return <code>true</code>, if <code>other</code> is an - * <code>IssuerAndSerial</code> object and the <code>issuer</code> and - * <code>serial</code> fields are both equal. <code>false</code> otherwise. - * @see java.lang.Object#equals(java.lang.Object) - */ - public boolean equals(Object other) { - if (other instanceof IssuerAndSerial) { - IssuerAndSerial ias = (IssuerAndSerial) other; - return getIssuerDN().equals(ias.getIssuerDN()) - && getSerial().equals(ias.getSerial()); - } - return false; - } - - /** - * Return the hash code of this <code>IssuerAndSerial</code>. - * - * @return The hash code of this <code>IssuerAndSerial</code>. - * @see java.lang.Object#hashCode() - */ - public int hashCode() { - return issuerDN.hashCode() ^ serial.hashCode(); - } - - /** - * Return a <code>String</code> representation of this - * <code>IssuerAndSerial</code> object. - * - * @return The <code>String</code> representation. - * @see java.lang.Object#toString() - */ - public String toString() { - return ("(IssuerAndSerial - Issuer<" + getIssuerDN()) - + ("> Serial<" + serial.toString() + ">)"); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java deleted file mode 100644 index ed61827b6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java +++ /dev/null @@ -1,59 +0,0 @@ -package at.gv.egovernment.moa.id.data; - -/** - * Data contained in a <code><samlp:Status></code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLStatus { - - /** main status code */ - private String statusCode; - /** sub status code */ - private String subStatusCode; - /** status message */ - private String statusMessage; - - /** - * @return status code - */ - public String getStatusCode() { - return statusCode; - } - - /** - * @return status message - */ - public String getStatusMessage() { - return statusMessage; - } - - /** - * @return enclosed sub-status code - */ - public String getSubStatusCode() { - return subStatusCode; - } - - /** - * @param string the status code - */ - public void setStatusCode(String string) { - statusCode = string; - } - - /** - * @param string the status message - */ - public void setStatusMessage(String string) { - statusMessage = string; - } - - /** - * @param string the enclosed sub-status code - */ - public void setSubStatusCode(String string) { - subStatusCode = string; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java deleted file mode 100644 index 421286876..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ /dev/null @@ -1,91 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import java.io.File; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; -import iaik.pki.store.certstore.CertStoreConfiguration; -import iaik.pki.store.certstore.CertStoreParameters; -import iaik.pki.store.certstore.CertStoreTypes; -import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; - -/** - * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class CertStoreConfigurationImpl extends ObservableImpl - implements CertStoreConfiguration, DirectoryCertStoreParameters { - /** identifies the rootDirectory */ - private String rootDirectory; - /** Array for storing all CertStoreParameters */ - private CertStoreParameters[] parameters; - - /** - * Create a new <code>CertStoreConfigurationImpl</code>. - * - * @param conf The MOA configuration from which the configuration data is - * @throws ConfigurationException an any config-error - * being read. - */ - public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; - String rootDirParam = conf.getGenericConfigurationParameter(paramName); - if (rootDirParam == null) - throw new ConfigurationException( - "config.08", new Object[] {paramName}); - File f = new File(rootDirParam); - if (f.isDirectory()) - rootDirectory = f.getAbsolutePath(); - else - throw new ConfigurationException( - "config.05", new Object[] {paramName}); - - parameters = new CertStoreParameters[] { this }; - } - - /** - * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() - */ - public CertStoreParameters[] getParameters() { - return parameters; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() - */ - public String getRootDirectory() { - return rootDirectory; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() - */ - public boolean createNew() { - return false; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#getId() - */ - public String getId() { - return "MOA ID Directory CertStore"; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() - */ - public boolean isReadOnly() { - return false; - } - - /** - * @return <code>CertStoreTypes.DIRECTORY</code> - * @see iaik.pki.store.certstore.CertStoreParameters#getType() - */ - public String getType() { - return CertStoreTypes.DIRECTORY; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java deleted file mode 100644 index 3cd02a2b5..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java +++ /dev/null @@ -1,51 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import iaik.logging.LogConfigurationException; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.util.Properties; - -/** - * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class LoggerConfigImpl implements iaik.logging.LoggerConfig { - - /** logging properties **/ - private Properties loggingProperties; - - /** - * Constructor - */ - public LoggerConfigImpl(String propertyFileURL) throws IOException { - InputStream in = new URL(propertyFileURL).openStream(); - loggingProperties = new Properties(); - loggingProperties.load(in); - in.close(); - } - - /** - * @see iaik.logging.LoggerConfig#getFactory() - */ - public String getFactory() { - return "iaik.logging.impl.Log4jFactory"; - } - - /** - * @see iaik.logging.LoggerConfig#getProperties() - */ - public Properties getProperties() throws LogConfigurationException { - return loggingProperties; - } - - /** - * @see iaik.logging.LoggerConfig#getNodeId() - */ - public String getNodeId() { - return "iaik"; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java deleted file mode 100644 index 8d09e2bc9..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ /dev/null @@ -1,65 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import iaik.pki.PKIConfiguration; -import iaik.pki.pathvalidation.ValidationConfiguration; -import iaik.pki.revocation.RevocationConfiguration; -import iaik.pki.store.certstore.CertStoreConfiguration; -import iaik.pki.store.revocation.archive.ArchiveConfiguration; - -/** - * Implementation of interface <code>PKIConfiguration</code> needed to - * initialize an IAIK JSSE <code>TrustManager</code> - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PKIConfigurationImpl implements PKIConfiguration { - /** The configuration for the CertStore */ - private CertStoreConfiguration certStoreConfiguration; - /** The configuration for the RevocationChecks */ - private RevocationConfiguration revocationConfiguration; - /** The configuration for the Validation */ - private ValidationConfiguration validationConfiguration; - - /** - * Constructor - * @param conf the Configuration for the PKIConfig - * @throws ConfigurationException for any config error - */ - public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - certStoreConfiguration = new CertStoreConfigurationImpl(conf); - revocationConfiguration = new RevocationConfigurationImpl(); - validationConfiguration = new ValidationConfigurationImpl(conf); - } - - /** - * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration() - */ - public CertStoreConfiguration getCertStoreConfiguration() { - return certStoreConfiguration; - } - - /** - * @see iaik.pki.PKIConfiguration#getRevocationConfiguration() - */ - public RevocationConfiguration getRevocationConfiguration() { - return revocationConfiguration; - } - - /** - * @see iaik.pki.PKIConfiguration#getArchiveConfiguration() - */ - public ArchiveConfiguration getArchiveConfiguration() { - return null; - } - - /** - * @see iaik.pki.PKIConfiguration#getValidationConfiguration() - */ - public ValidationConfiguration getValidationConfiguration() { - return validationConfiguration; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java deleted file mode 100644 index c583babdc..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import iaik.pki.revocation.RevocationConfiguration; - -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Date; -import java.util.Set; - -import at.gv.egovernment.moa.id.iaik.servertools.observer.*; - -/** - * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration { - - /** - * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.util.Date) - */ - public Set getAlternativeDistributionPoints( - X509Certificate arg0, - Date arg1) { - return Collections.EMPTY_SET; - } - - /** - * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String) - */ - public boolean archiveRevocationInfo(String arg0, String arg1) { - return false; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java deleted file mode 100644 index c500e2e8e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java +++ /dev/null @@ -1,51 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.config; - -import iaik.pki.pathvalidation.ValidationConfiguration; - -import java.security.cert.X509Certificate; -import java.security.spec.AlgorithmParameterSpec; - -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - -/** - * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class ValidationConfigurationImpl extends ObservableImpl - implements ValidationConfiguration { - /** The ConfigurationProvider for the validation*/ - private ConfigurationProvider conf; - - /** - * Constructor - * @param conf with the configuration - */ - public ValidationConfigurationImpl(ConfigurationProvider conf) { - this.conf = conf; - } - - /** - * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate) - */ - public String getChainingMode(X509Certificate trustAnchor) { - String chainingMode = conf.getChainingMode(trustAnchor); - return chainingMode; - } - - /** - * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate) - */ - public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) { - return null; - } - - /** - * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate) - */ - public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) { - return null; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java deleted file mode 100644 index 4d309c18c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ /dev/null @@ -1,166 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.pki; - -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Set; - -import iaik.pki.PKIProfile; -import iaik.pki.pathvalidation.ValidationProfile; -import iaik.pki.revocation.RevocationProfile; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.pki.store.truststore.TrustStoreProfile; -import iaik.pki.store.truststore.TrustStoreTypes; - -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - -/** - * Implementation of the <code>PKIProfile</code> interface and subinterfaces - * providing information needed for certificate path validation. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PKIProfileImpl extends ObservableImpl - implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile { - - /** - * URI to the truststore - */ - private String trustStoreURI; - - /** - * revocation checking; - */ - private boolean revocationChecking; - - - /** - * Create a new <code>PKIProfileImpl</code>. - * - * @param trustStoreURI trust store URI - */ - public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) { - this.trustStoreURI = trustStoreURI; - this.revocationChecking = revocationChecking; - } - - /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - public boolean autoAddCertificates() { - return true; - } - - /** - * @see iaik.pki.PKIProfile#getRevocationProfile() - */ - public RevocationProfile getRevocationProfile() { - return this; - } - - /** - * @see iaik.pki.PKIProfile#getTrustStoreProfile() - */ - public TrustStoreProfile getTrustStoreProfile() { - return this; - } - - /** - * @see iaik.pki.PKIProfile#getValidationProfile() - */ - public ValidationProfile getValidationProfile() { - return this; - } - - /** - * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() - */ - public boolean useAuthorityInfoAccess() { - return true; - } - - /** - * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String) - */ - public long getMaxRevocationAge(String arg0) { - return 0; - } - - /** - * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() - */ - public String getOCSPRequestHashAlgorithm() { - return null; - } - - /** - * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) - */ - public String[] getPreferredServiceOrder(X509Certificate arg0) { - return new String[] {RevocationSourceTypes.CRL}; - } - - /** - * @see iaik.pki.store.truststore.TrustStoreProfile#getType() - */ - public String getType() { - return TrustStoreTypes.DIRECTORY; - } - - /** - * @see iaik.pki.store.truststore.TrustStoreProfile#getURI() - */ - public String getURI() { - return trustStoreURI; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit() - */ - public boolean getInitialAnyPolicyInhibit() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy() - */ - public boolean getInitialExplicitPolicy() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit() - */ - public boolean getInitialPolicyMappingInhibit() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet() - */ - public Set getInitialPolicySet() { - return Collections.EMPTY_SET; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing() - */ - public boolean getNameConstraintsProcessing() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing() - */ - public boolean getPolicyProcessing() { - return false; - } - - /** - * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() - */ - public boolean getRevocationChecking() { - return this.revocationChecking; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java deleted file mode 100644 index 9da006d35..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java +++ /dev/null @@ -1,119 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.pki.jsse; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - -import iaik.pki.jsse.IAIKX509TrustManager; - -/** - * <code>TrustManager</code> implementation featuring CRL checking (inherited from - * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDTrustManager extends IAIKX509TrustManager { - - /** an x509Certificate array containing all accepted server certificates*/ - private X509Certificate[] acceptedServerCertificates; - - /** - * Constructor - * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store - * @throws GeneralSecurityException occurs on security errors - * @throws IOException occurs on IO errors - */ - public MOAIDTrustManager(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { - - if (acceptedServerCertificateStoreURL != null) - buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); - else - acceptedServerCertificates = null; - } - - - /** - * Initializes the LoggingContextManager logging context. - * Fixes a bug occuring in the case MOA-SP is called by API. - * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. - * This method must be called before a MOAIDTrustManager is constructed, - * from every thread. - */ - public static void initializeLoggingContext() { - if (LoggingContextManager.getInstance().getLoggingContext() == null) - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext(Thread.currentThread().getName())); - } - - - /** - * Builds an Array of accepted server certificates from an URL, - * and stores it in <code>acceptedServerCertificates</code>. - * @param acceptedServerCertificateStoreURL file URL pointing to the directory - * containing accepted server X509 certificates - * @throws GeneralSecurityException on security errors - * @throws IOException on any IO errors - */ - private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { - - List certList = new ArrayList(); - URL storeURL = new URL(acceptedServerCertificateStoreURL); - File storeDir = new File(storeURL.getFile()); - // list certificate files in directory - File[] certFiles = storeDir.listFiles(); - for (int i = 0; i < certFiles.length; i++) { - // for each: create an X509Certificate and store it in list - File certFile = certFiles[i]; - FileInputStream fis = new FileInputStream(certFile.getPath()); - CertificateFactory certFact = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); - fis.close(); - certList.add(cert); - } - // store acceptedServerCertificates - acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]); - } - - /** - * Does additional server-end-SSL-certificate checking. - * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[]) - */ - public boolean isServerTrusted(X509Certificate[] certChain) { - boolean trusted = super.isServerTrusted(certChain); - if (! trusted || acceptedServerCertificates == null) - return trusted; - else { - // check server-end-SSL-certificate with acceptedServerCertificates - X509Certificate serverCert = certChain[0]; - for (int i = 0; i < acceptedServerCertificates.length; i++) { - X509Certificate acceptedServerCert = acceptedServerCertificates[i]; - if (serverCert.equals(acceptedServerCert)) - return true; - } - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null)); - return false; - } - } - /** - * In rare cases, this method is being called although it should not be. - * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[]) - */ - public boolean isClientTrusted(java.security.cert.X509Certificate arg0[]) - { - return true; - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java deleted file mode 100644 index 6f6949ad6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java +++ /dev/null @@ -1,46 +0,0 @@ -package at.gv.egovernment.moa.id.iaik.servertools.observer; - -import iaik.servertools.observer.NotificationData; -import iaik.servertools.observer.Observable; -import iaik.servertools.observer.Observer; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - - -/** - * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class ObservableImpl implements Observable { - /** a List for all observers */ - private List observers = new ArrayList(); - - /** - * @see iaik.servertools.observer.Observable#addObserver(iaik.servertools.observer.Observable) - */ - public void addObserver(Observer observer) { - observers.add(observer); - } - - /** - * @see iaik.servertools.observer.Observable#removeObserver(iaik.servertools.observer.Observable) - */ - public boolean removeObserver(Observer observer) { - return observers.remove(observer); - } - - /** - * @see iaik.servertools.observer.Observable#notify(iaik.servertools.observer.NotificationData) - */ - public void notify(NotificationData data) { - Iterator iter = observers.iterator(); - for (iter = observers.iterator(); iter.hasNext();) { - Observer observer = (Observer) iter.next(); - observer.notify(data); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java deleted file mode 100644 index 8039b67a6..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java +++ /dev/null @@ -1,54 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -/** - * Builder for {@link java.net.URLConnection} objects used to forward requests - * to the remote online application. - * - * @author Paul Ivancsics - * @version $Id$ - */ - -public interface ConnectionBuilder { - - /** - * Builds an HttpURLConnection to a {@link java.net.URL} which is derived - * from an {@link HttpServletRequest} URL, by substitution of a - * public URL prefix for the real URL prefix.<br> - * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but - * it has not yet been connected to by {@link java.net.URLConnection#connect}.<br> - * The field settings of the HttpURLConnection are: - * <ul> - * <li><code>allowUserInteraction = false</code></li> - * <li><code>doInput = true</code></li> - * <li><code>doOutput = true</code></li> - * <li><code>requestMethod = request.getMethod()</code></li> - * <li><code>useCaches = false</code></li> - * </ul> - * - * @param request the incoming request which shall be forwarded - * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix - * @param realURLPrefix the URL prefix to substitute the public URL prefix - * @param sslSocketFactory factory to be used for creating an SSL socket in case - * of a URL for scheme <code>"https:"</code>; - * <br>if <code>null</code>, the default SSL socket factory would be used - * @param parameters parameters to be forwarded - * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to - * the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code> - * @throws IOException if an I/O exception occurs during opening the connection - * @see java.net.URL#openConnection() - * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory() - */ - public HttpURLConnection buildConnection( - HttpServletRequest request, - String publicURLPrefix, - String realURLPrefix, - SSLSocketFactory sslSocketFactory, - Map parameters) throws IOException; -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java deleted file mode 100644 index ff7787839..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java +++ /dev/null @@ -1,68 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; - -/** - * Factory delivering a {@link ConnectionBuilder} implementation for - * an online application, initialized from configuration data. - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConnectionBuilderFactory { - - /** default connection builder to be used for online application - * where no special implementation of the <code>ConnectionBuilder</code> - * interface is configured - */ - private static ConnectionBuilder defaultConnectionBuilder; - /** mapping from online application public URL prefix to an implementation - * of the <code>ConnectionBuilder</code> interface to be used; - * if no mapping is given for an online application, the - * <code>DefaultConnectionBuilder</code> will be used */ - private static Map connectionBuilderMap; - - /** - * Initializes the <code>ConnectionBuilder</code> map from the configuration data. - * @throws ConfigurationException when the configuration cannot be read, - * or when a class name configured cannot be instantiated - */ - public static void initialize() throws ConfigurationException { - defaultConnectionBuilder = new DefaultConnectionBuilder(); - connectionBuilderMap = new HashMap(); - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; - String publicURLPrefix = oaParam.getPublicURLPrefix(); - String className = oaParam.getConnectionBuilderImpl(); - if (className != null) { - try { - ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance(); - connectionBuilderMap.put(publicURLPrefix, cb); - } - catch (Throwable ex) { - throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); - } - } - } - } - - /** - * Gets the <code>ConnectionBuilder</code> implementation to be used for the given - * online application. - * @param publicURLPrefix public URL prefix of the online application - * @return <code>ConnectionBuilder</code> implementation - */ - public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) { - ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix); - if (cb == null) - return defaultConnectionBuilder; - else - return cb; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java deleted file mode 100644 index 2ac8fe28e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ /dev/null @@ -1,120 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URL; -import java.util.Iterator; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; - -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * Defaultimplementierung von <code>ConnectionBuilder</code>. - * @author Paul Ivancsics - * @version $Id$ - */ -public class DefaultConnectionBuilder implements ConnectionBuilder { - - /** a boolean to disable the HostnameVerification (default = false)*/ - private static boolean disableHostnameVerification = false; - - /** - * Constructor for DefaultConnectionBuilder. - * @throws ConfigurationException on any config error - */ - public DefaultConnectionBuilder() throws ConfigurationException { - disableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); - //TODO undocumented feature - if (disableHostnameVerification) - Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification); - } - - /** - * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection - */ - public HttpURLConnection buildConnection( - HttpServletRequest req, - String publicURLPrefix, - String realURLPrefix, - SSLSocketFactory sslSocketFactory, - Map parameters) - throws IOException { - - String requestedURL = req.getRequestURL().toString(); - // check whether requested URL starts with publicURLPrefix - if (! requestedURL.startsWith(publicURLPrefix)) - throw new IOException(MOAIDMessageProvider.getInstance().getMessage( - "proxy.01", new Object[] {requestedURL, publicURLPrefix})); - // in case of GET request, append query string to requested URL; - // otherwise, HttpURLConnection would perform a POST request - if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { - requestedURL = appendQueryString(requestedURL, parameters); - } - // build real URL in online application - String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); - URL url = new URL(realURLString); - Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); - - HttpURLConnection conn = (HttpURLConnection)url.openConnection(); - conn.setRequestMethod(req.getMethod()); - conn.setDoInput(true); - conn.setDoOutput(true); - //conn.setUseCaches(false); - conn.setAllowUserInteraction(true); - conn.setInstanceFollowRedirects(false); - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { - HttpsURLConnection httpsConn = (HttpsURLConnection) conn; - httpsConn.setSSLSocketFactory(sslSocketFactory); - if (disableHostnameVerification) - httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } - return conn; - } - /** - * @param requestedURL - * @param parameters - * @return - */ - private String appendQueryString(String requestedURL, Map parameters) { - String newURL = requestedURL; - for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) { - String paramName = (String)iter.next(); - String paramValue = (String)parameters.get(paramName); - String paramString = paramName + "=" + paramValue; - if (newURL.indexOf("?") < 0) - newURL = newURL + "?" + paramString; - else - newURL = newURL + "&" + paramString; - } - return newURL; - } - - /** - * @author Stefan Knirsch - * @version $Id$ - * A private class to change the standard HostName verifier to disable the - * Hostname Verification Check - */ - private class HostnameNonVerifier implements HostnameVerifier { - - /** - * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) - */ - public boolean verify(String arg0, String arg1) { - return true; - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java deleted file mode 100644 index 033a74934..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ /dev/null @@ -1,125 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Implementation of interface <code>LoginParameterResolver</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class DefaultLoginParameterResolver implements LoginParameterResolver { - - /** - * Constructor - */ - public DefaultLoginParameterResolver() { - } - - /** - * Configuration mehtod (not used) - */ - public void configure(String configuration) throws LoginParameterResolverException { - } - - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String) - */ - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) { - - Map result = new HashMap(); - - if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) { - String useridPredicate = oaConf.getBasicAuthUserIDMapping(); - String userid = resolveValue(useridPredicate, authData, clientIPAddress); - String passwordPredicate = oaConf.getBasicAuthPasswordMapping(); - String password = resolveValue(passwordPredicate, authData, clientIPAddress); - - try { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - result.put("Authorization", "Basic " + credentials); - } - catch (IOException ignore) { - } - } - else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) { - for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) { - String key = (String) iter.next(); - String predicate = (String) oaConf.getHeaderAuthMapping().get(key); - String resolvedValue = resolveValue(predicate, authData, clientIPAddress); - result.put(key, resolvedValue); - } - } - - return result; - } - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String) - */ - public Map getAuthenticationParameters( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) { - - Map result = new HashMap(); - - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { - for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) { - String key = (String) iter.next(); - String predicate = (String) oaConf.getParamAuthMapping().get(key); - String resolvedValue = resolveValue(predicate, authData, clientIPAddress); - result.put(key, resolvedValue); - } - } - - return result; - } - - /** - * Resolves a login header or parameter value. - * @param predicate header or parameter predicate name from online application configuration - * @param authData authentication data for current login - * @param clientIPAddress client IP address - * @return header or parameter value resolved; <code>null</code> if unknown name is given - */ - private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { - if (predicate.equals(MOAGivenName)) - return authData.getGivenName(); - else if (predicate.equals(MOAFamilyName)) - return authData.getFamilyName(); - else if (predicate.equals(MOADateOfBirth)) - return authData.getDateOfBirth(); - else if (predicate.equals(MOAVPK)) - return authData.getVPK(); - else if (predicate.equals(MOAPublicAuthority)) - if (authData.isPublicAuthority()) - return "true"; - else - return "false"; - else if (predicate.equals(MOABKZ)) - return authData.getPublicAuthorityCode(); - else if (predicate.equals(MOAQualifiedCertificate)) - if (authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - else if (predicate.equals(MOAZMRZahl)) - return authData.getIdentificationValue(); - else if (predicate.equals(MOAIPAddress)) - return clientIPAddress; - else return null; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java deleted file mode 100644 index 434a4f674..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ /dev/null @@ -1,75 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.util.Map; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; - -/** - * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection} - * to the remote online application. - * Utilizes {@link OAConfiguration} and {@link AuthenticationData}. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public interface LoginParameterResolver { - - /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>, - * naming predicates used by the <code>LoginParameterResolver</code>. */ - public static final String MOAGivenName = "MOAGivenName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAFamilyName = "MOAFamilyName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOADateOfBirth = "MOADateOfBirth"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAVPK = "MOAVPK"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAPublicAuthority = "MOAPublicAuthority"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOABKZ = "MOABKZ"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAQualifiedCertificate = - "MOAQualifiedCertificate"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAZMRZahl = "MOAZMRZahl"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAIPAddress = "MOAIPAddress"; - - /** - * Returns authentication headers to be added to a URLConnection. - * - * @param oaConf configuration data - * @param authData authentication data - * @param clientIPAddress client IP address - * @return A map, the keys being header names and values being corresponding header values. - * <br>In case of authentication type <code>"basic-auth"</code>, header fields - * <code>username</code> and <code>password</code>. - * <br>In case of authentication type <code>"header-auth"</code>, header fields - * derived from parameter mapping and authentication data provided. - * <br>Otherwise, an empty map. - */ - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException; - - /** - * Returns request parameters to be added to a URLConnection. - * - * @param oaConf configuration data - * @param authData authentication data - * @param clientIPAddress client IP address - * @return A map, the keys being parameter names and values being corresponding parameter values. - * <br>In case of authentication type <code>"param-auth"</code>, parameters - * derived from parameter mapping and authentication data provided. - * <br>Otherwise, an empty map. - */ - public Map getAuthenticationParameters( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException; - - public void configure(String configuration) throws LoginParameterResolverException; - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java deleted file mode 100644 index 3aa2368bf..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java +++ /dev/null @@ -1,37 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown while proxying a request to the online application - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class LoginParameterResolverException extends MOAIDException { - - /** - * Constructor for LoginParameterResolverException. - * @param messageId - * @param parameters - */ - public LoginParameterResolverException( - String messageId, - Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for LoginParameterResolverException. - * @param messageId - * @param parameters - * @param wrapped - */ - public LoginParameterResolverException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java deleted file mode 100644 index 0db7f66fe..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.lang.reflect.Method; -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; - -/** - * Factory delivering a {@link LoginParameterResolver} implementation for - * an online application, initialized from configuration data. - * @author Paul Ivancsics - * @version $Id$ - */ -public class LoginParameterResolverFactory { - - /** default login parameter resolver to be used for online application - * where no special implementation of the <code>LoginParameterResolver</code> - * interface is configured - */ - private static LoginParameterResolver defaultLoginParameterResolver; - /** mapping from online application public URL prefix to an implementation - * of the <code>LoginParameterResolver</code> interface to be used; - * if no mapping is given for an online application, the - * <code>DefaultLoginParameterResolver</code> will be used */ - private static Map loginParameterResolverMap; - - /** - * Initializes the <code>LoginParameterResolver</code> map from the configuration data. - * @throws ConfigurationException when the configuration cannot be read, - * or when a class name configured cannot be instantiated - */ - public static void initialize() throws ConfigurationException { - defaultLoginParameterResolver = new DefaultLoginParameterResolver(); - loginParameterResolverMap = new HashMap(); - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; - String publicURLPrefix = oaParam.getPublicURLPrefix(); - String className = oaParam.getLoginParameterResolverImpl(); - String configuration = oaParam.getLoginParameterResolverConfiguration(); - - if (className != null) { - try { - Class lprClass = Class.forName(className); - LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); - - Class[] argumentTypes = { String.class }; - Method confMethod = lprClass.getMethod( "configure", argumentTypes ); - - Object[] arguments = { new String(configuration) }; - confMethod.invoke( lpr, arguments ); - - lpr.configure(configuration); - loginParameterResolverMap.put(publicURLPrefix, lpr); - } - catch (LoginParameterResolverException lpex) { - throw new ConfigurationException("config.11", new Object[] {className}, lpex); - } - catch (Throwable ex) { - throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); - } - } - } - } - - /** - * Gets the <code>LoginParameterResolver</code> implementation to be used for the given - * online application. - * @param publicURLPrefix public URL prefix of the online application - * @return <code>LoginParameterResolver</code> implementation - */ - public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) { - LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix); - if (lpr == null) - return defaultLoginParameterResolver; - else - return lpr; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java deleted file mode 100644 index da5d36678..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ /dev/null @@ -1,91 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import iaik.pki.PKIException; -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.io.IOException; -import java.security.GeneralSecurityException; - -import javax.net.ssl.SSLSocketFactory; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Web application initializer - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDProxyInitializer { - - /** - * Initializes the web application components which need initialization: - * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. - */ - public static void initialize() - throws ConfigurationException, IOException, GeneralSecurityException, PKIException { - - Logger.setHierarchy("moa.id.proxy"); - - // Restricts TLS cipher suites - System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); - - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader(); - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } - catch (ClassNotFoundException e) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); - } - - // Initializes the SSLSocketFactory store - SSLUtils.initialize(); - - // Initializes IAIKX509TrustManager logging - String log4jConfigURL = System.getProperty("log4j.configuration"); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - - // Loads the configuration - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload(); - - // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service, - // using configuration data - ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); - if (connParamAuth.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - AxisSecureSocketFactory.initialize(ssf); - } - - // Initializes the Axis secure socket factories for use in calling the online applications, - // using configuration data - OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAProxyParameter oaParam = oaParams[i]; - ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - if (oaConnParam.isHTTPSURL()) - SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - - // Initializes the ConnectionBuilderFactory from configuration data - ConnectionBuilderFactory.initialize(); - - // Initializes the LoginParameterResolverFactory from configuration data - LoginParameterResolverFactory.initialize(); - - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class b/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class Binary files differdeleted file mode 100644 index 49200265a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class +++ /dev/null diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java deleted file mode 100644 index 3f7a6872c..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java +++ /dev/null @@ -1,481 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.File; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import java.io.IOException; -import java.util.*; -//import org.apache.xerces.parsers.AbstractDOMParser; -import org.apache.xerces.parsers.DOMParser; -import org.w3c.dom.*; - -/** - * XMLLoginParameterResolver an implementation of implementation of interface - * <code>LoginParameterResolver</code> - * This implementation used to map identities stored in an XML file to parameters - * which are given to OAs. - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class XMLLoginParameterResolver implements LoginParameterResolver { - - //file which is parsed and interpreted for paremeter resolving. - private String identityFile; - - /** - * inner class used to store mapped parameters - */ - class LPRParams { - - /** - * getter method for parameter Enabled. - * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver - */ - public boolean getEnabled() { - return enabled.booleanValue(); - } - - /** - * getter method for parameter UN (username) - * @return Parameter UN or <code>null</code> not set. - */ - public String getUN() { - return UN; - } - - /** - * getter method for parameter PW (password) - * @return Parameter PW or <code>null</code> not set. - */ - public String getPW() { - return PW; - } - - /** - * getter method for parameter Param1 - * @return Parameter Param1 or <code>null</code> not set. - */ - public String getParam1() { - return Param1; - } - - /** - * getter method for parameter Param2 - * @return Parameter Param2 or <code>null</code> not set. - */ - public String getParam2() { - return Param2; - } - - /** - * getter method for parameter Param3 - * @return Parameter Param3 or <code>null</code> not set. - */ - public String getParam3() { - return Param3; - } - - /** - * Returns a string representation of LPRParams - * - * @return a <code>String</code> representation of this object. - * @see XMLLoginParameterResolver.LPRParams - */ - public String toString() { - return "Enabled: " - + enabled.toString() - + "UN: '" - + UN - + "' PW: '" - + PW - + "' Param1: '" - + Param1 - + "' Param2: '" - + Param2 - + "' Param3: '" - + Param3 - + "'\n"; - } - - //private member variables used - private Boolean enabled = null; - private String UN = null; - private String PW = null; - private String Param1 = null; - private String Param2 = null; - private String Param3 = null; - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - * @param Param1 parameter1 used in HeaderAuthentication and ParameterAuthentication - * @param Param2 parameter2 used in HeaderAuthentication and ParameterAuthentication - * @param Param3 parameter3 used in HeaderAuthentication and ParameterAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { - this.enabled = new Boolean(enabled); - this.UN = UN; - this.PW = PW; - this.Param1 = Param1; - this.Param1 = Param2; - this.Param1 = Param3; - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW) { - this(enabled, UN, PW, null, null, null); - } - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object. - **/ - public XMLLoginParameterResolver() { - bPKMap = new HashMap(); - namedMap = new HashMap(); - } - - /** - * configuration method - * @param configuration enabled enable user mapping to parameter set for the parameter set. - */ - public void configure(String configuration) throws LoginParameterResolverException { - File idFile; - this.identityFile = configuration; - - try { - if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { - Logger.error("XMLLoginParameterResolver could not read '" - + identityFile - + "' " ); - return; - } - Document doc = readXMLFile(identityFile); - buildInfo(doc); - } catch (Throwable ex) { - throw new LoginParameterResolverException("config.11", new Object[] {identityFile}, ex); - } - isConfigured = true; - } - - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException { - Map result = new HashMap(); - - if (!isConfigured) { - throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + - identityFile + "' is not configured!", null); - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; - - //try bPK and named search - userFound = bPKIdentitySearch(bPK, params); - - if(false == userFound) - namedIdentitySearch(famName, givenName, dateOfBirth, params); - - if(false == userFound) - return result; - - //HTTP 401 - Basic Authentication - if (oaConf.getAuthType().equals("basic")) { - userid = params.getUN(); - password = params.getPW(); - - try { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); - result.put("Authorization", "Basic " + credentials); - } catch (IOException ignore) { - } - return result; - } - if (oaConf.getAuthType().equals("header")) { - String key; - String resolvedValue; - result.put("Param1", params.getParam1()); - result.put("Param2", params.getParam2()); - result.put("Param3", params.getParam3()); - return result; - /* for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); - iter.hasNext(); - result.put(key, resolvedValue)) { - key = (String) iter.next(); - String predicate = (String) oaConf.getHeaderAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - */ - } - return result; - } - - public Map getAuthenticationParameters( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) { - - Map result = new HashMap(); - - if (!isConfigured) { - Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); - return result; - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; - - //try bPK and named search - userFound = bPKIdentitySearch(bPK, params); - - if (false == userFound) - namedIdentitySearch(famName, givenName, dateOfBirth, params); - - if (false == userFound) - return result; - - if (oaConf.getAuthType().equals("param")) { - result.put("Param1", params.getParam1()); - result.put("Param2", params.getParam2()); - result.put("Param3", params.getParam3()); - return result; - /* - String key; - String resolvedValue; - for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); - iter.hasNext(); - result.put(key, resolvedValue)) { - key = (String) iter.next(); - String predicate = (String) oaConf.getParamAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - */ - - } - return result; - } - - private static String resolveValue( - String predicate, - AuthenticationData authData, - String clientIPAddress) { - if (predicate.equals("MOAGivenName")) - return authData.getGivenName(); - if (predicate.equals("MOAFamilyName")) - return authData.getFamilyName(); - if (predicate.equals("MOADateOfBirth")) - return authData.getDateOfBirth(); - if (predicate.equals("MOAVPK")) - return authData.getVPK(); - if (predicate.equals("MOAPublicAuthority")) - if (authData.isPublicAuthority()) - return "true"; - else - return "false"; - if (predicate.equals("MOABKZ")) - return authData.getPublicAuthorityCode(); - if (predicate.equals("MOAQualifiedCertificate")) - if (authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - if (predicate.equals("MOAZMRZahl")) - return authData.getIdentificationValue(); - if (predicate.equals("MOAIPAddress")) - return clientIPAddress; - else - return null; - } - - private Document readXMLFile(String fileName) { - Logger.info("XMLLoginParameterResolver: Loading MOA-OA configuration " + fileName); - DOMParser parser = new DOMParser(); - try { - parser.setFeature("http://xml.org/sax/features/validation", true); - parser.setFeature("http://apache.org/xml/features/validation/schema", true); - parser.parse(fileName); - return parser.getDocument(); - } catch (Exception e) { - String msg = e.toString(); - Logger.error("XMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg); - return null; - } - } - - private void buildInfo(Document doc) { - Element root = doc.getDocumentElement(); - NodeList idList = root.getElementsByTagName(XSD_IDELEM); - NodeList paramList = root.getElementsByTagName("Parameters"); - for (int i = 0; i < idList.getLength(); i++) - Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); - - for (int i = 0; i < paramList.getLength(); i++) - Logger.debug( - "XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); - - for (int i = 0; i < idList.getLength(); i++) { - Element tmpElem = (Element) idList.item(i); - NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); - for (int j = 0; j < tmpList.getLength(); j++) - Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); - - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName"); - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug( - "XMLLoginParameterResolver: tmpStr: " - + tmpStr - + " value: " - + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug( - "XMLLoginParameterResolver: attribute UN: " - + tmpElem.getAttribute("UN") - + " attribute PW: " - + tmpElem.getAttribute("PW")); - namedMap.put( - tmpStr, - new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else { - tmpList = tmpElem.getElementsByTagName("bPKIdentity"); - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute("bPK"); - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug( - "XMLLoginParameterResolver: tmpStr: " - + tmpStr - + " value: " - + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug( - "XMLLoginParameterResolver: attribute UN: " - + tmpElem.getAttribute("UN") - + " attribute PW: " - + tmpElem.getAttribute("PW") - + " attribute Param1: " - + tmpElem.getAttribute("Param1")); - bPKMap.put( - tmpStr, - new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else { - Logger.warn( - "XMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found"); - } - } - } - - Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug("bPKMap:" + bPKMap.toString()); - } - - private void buildIdentityInfo(Document doc) { - - } - - - boolean bPKIdentitySearch(String bPK, LPRParams params) { - //search for mapping with bPK of the user - Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); - params = (LPRParams) bPKMap.get(bPK); - if (null == params) { - Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); - return false; - } else if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return true; - } - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); - return false; - } - - boolean namedIdentitySearch( - String famName, - String givenName, - String dateOfBirth, - LPRParams params) { - Logger.info( - "XMLLoginParameterResolver: search for login data for SurName:" - + famName - + " GivenName: " - + givenName); - - params = (LPRParams) namedMap.get(famName + "," + givenName); - if (null == params) { - - Logger.info( - "XMLLoginParameterResolver: params for Surname: " - + famName - + " GivenName: " - + givenName - + " not found!"); - return false; - } - - if (params.getEnabled()) { - Logger.info( - "XMLLoginParameterResolver: SurName:" - + famName - + " GivenName: " - + givenName - + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return true; - } - Logger.info( - "XMLLoginParameterResolver: SurName:" - + famName - + " GivenName: " - + givenName - + "found in list; user is NOT enabled"); - return false; - } - - public static final String XSD_MAPPING = "Mapping"; - - public static final String XSD_DOCELEM = "MOAIdentities"; - public static final String XSD_IDELEM = "Identity"; - public static final String XSD_NAMEDIDELEM = "NamedIdentity"; - public static final String XSD_BPKIDELEM = "bPKIdentity"; - public static final String XSD_PARAMELEM = "Parameters"; - public static final String XML_LPR_CONFIG_PROPERTY_NAME = "moa.id.xmllpr.configuration"; - private Map bPKMap; - private Map namedMap; - private boolean isConfigured = false; -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java deleted file mode 100644 index e0e1fde4a..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ /dev/null @@ -1,55 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.builder; - -import java.text.MessageFormat; -import java.util.Calendar; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; - -/** - * Builder for the <code><samlp:Request></code> used for querying - * the authentication data <code><saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLRequestBuilder implements Constants { - /** samlp-Request template */ - private static final String REQUEST = - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"{0}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{1}\">" + - "<samlp:AssertionArtifact>{2}</samlp:AssertionArtifact>" + - "</samlp:Request>"; - - /** - * Constructor for SAMLRequestBuilder. - */ - public SAMLRequestBuilder() { - super(); - } - - /** - * Builds the <code><samlp:Request></code>. - * @param requestID request ID - * @param samlArtifactBase64 SAML artifact, encoded BASE64 - * @return the DOM element - */ - public Element build(String requestID, String samlArtifactBase64) throws BuildException { - try { - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); - String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); - Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - return requestElem; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"samlp:Request", ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java deleted file mode 100644 index 4e9a72111..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ /dev/null @@ -1,143 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.invoke; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; -import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; -import at.gv.egovernment.moa.id.util.Random; - -/** - * Invoker of - * <ul> - * <li>either the GetAuthenticationData web service of MOA-ID Auth</li> - * <li>or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},</li> - * </ul> - * depending of the configuration. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetAuthenticationDataInvoker { - /** Create a new QName object for the webservice endpoint */ - private static final QName SERVICE_QNAME = new QName("GetAuthenticationData"); - - /** invoked object for API call of MOA-ID Auth */ - private static Object apiServer = null; - /** invoked method for API call of MOA-ID Auth */ - private static Method apiMethod = null; - - /** - * Invokes the service passing domain model objects. - * @param samlArtifact SAML artifact - * @return AuthenticationData object - * @throws ServiceException on any exception thrown - */ - /** - * Get authentication data from the MOA-ID Auth component, - * either via API call or via web service call. - * @param samlArtifact SAML artifact to be used as a parameter - * @return AuthenticationData - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { - - ConnectionParameter authConnParam = - ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); - if (authConnParam == null) { - try { - if (apiServer == null) { - Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer"); - Method getInstanceMethod = serverClass.getMethod("getInstance", null); - apiServer = getInstanceMethod.invoke(null, null); - apiMethod = serverClass.getMethod( - "getAuthenticationData", new Class[] {String.class}); - } - AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact}); - return authData; - } - catch (InvocationTargetException ex) { - Throwable targetEx = ex.getTargetException(); - if (targetEx instanceof AuthenticationException) - throw (AuthenticationException) targetEx; - else - throw new ProxyException("proxy.09", new Object[] {targetEx.toString()}); - } - catch (Throwable ex) { - throw new ProxyException("proxy.09", new Object[] {ex.toString()}); - } - } - else { - Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact); - Element samlpResponse = getAuthenticationData(samlpRequest); - SAMLResponseParser srp = new SAMLResponseParser(samlpResponse); - SAMLStatus status = srp.parseStatusCode(); - if (! "samlp:Success".equals(status.getStatusCode())) { - // on error status throw exception - String code = status.getStatusCode(); - if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) - code += "(" + status.getSubStatusCode() + ")"; - throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()}); - } - return srp.parseAuthenticationData(); - } - } - - /** - * Invokes the service passing DOM elements. - * @param request request DOM element - * @return response DOM element - * @throws ServiceException on any exception thrown - */ - public Element getAuthenticationData(Element request) throws ServiceException { - try { - Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME); - Call call = service.createCall(); - SOAPBodyElement body = - new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] {body}; - Vector responses; - SOAPBodyElement response; - - String endPoint; - ConnectionParameter authConnParam = - ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); - - //If the ConnectionParameter do NOT exist, we throw an exception .... - if (authConnParam!=null) { - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(SERVICE_QNAME, params); - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - else - { - throw new ServiceException("service.01", null); - } - } - catch (Exception ex) { - throw new ServiceException("service.00", new Object[] {ex.toString()}, ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java deleted file mode 100644 index ce0743b3d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ /dev/null @@ -1,145 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parser for the <code><saml:Assertion></code> returned by the - * <code>GetAuthenticationData</code> web service. - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationDataAssertionParser implements Constants { - - /** Prefix for SAML-Xpath-expressions */ - private static String SAML = SAML_PREFIX + ":"; - /** Prefix for PersonData-Xpath-expressions */ - private static String PR = PD_PREFIX + ":"; - /** Prefix for Attribute MajorVersion in an Xpath-expression */ - private static String MAJOR_VERSION_XPATH = - "@MajorVersion"; - /** Prefix for Attribute MinorVersion in an Xpath-expression */ - private static String MINOR_VERSION_XPATH = - "@MinorVersion"; - /** Prefix for Attribute AssertionID in an Xpath-expression */ - private static String ASSERTION_ID_XPATH = - "@AssertionID"; - /** Prefix for Attribute Issuer in an Xpath-expression */ - private static String ISSUER_XPATH = - "@Issuer"; - /** Prefix for Attribute IssueInstant in an Xpath-expression */ - private static String ISSUE_INSTANT_XPATH = - "@IssueInstant"; - /** Prefix for Element AttributeStatement in an Xpath-expression */ - private static String ATTRIBUTESTATEMENT_XPATH = - SAML + "AttributeStatement/"; - /** Prefix for Element NameIdentifier in an Xpath-expression */ - private static String VPK_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Subject/" + - SAML + "NameIdentifier"; - /** Prefix for Element Person in an Xpath-expression */ - private static String PERSONDATA_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"PersonData\"]/" + - SAML + "AttributeValue/" + - PR + "Person/"; - /** Prefix for Element Value in an Xpath-expression */ - private static String ZMRZAHL_XPATH = - PERSONDATA_XPATH + - PR + "Identification/" + - PR + "Value"; - /** Prefix for Element GivenName in an Xpath-expression */ - private static String GIVEN_NAME_XPATH = - PERSONDATA_XPATH + - PR + "Name/" + - PR + "GivenName"; - /** Prefix for Element FamilyName in an Xpath-expression */ - private static String FAMILY_NAME_XPATH = - PERSONDATA_XPATH + - PR + "Name/" + - PR + "FamilyName"; - /** Prefix for Element DateOfBirth in an Xpath-expression */ - private static String DATE_OF_BIRTH_XPATH = - PERSONDATA_XPATH + - PR + "DateOfBirth"; - /** Prefix for Element AttributeValue in an Xpath-expression */ - private static String IS_QUALIFIED_CERT_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" + - SAML + "AttributeValue"; - /** Prefix for Element AttributeValue in an Xpath-expression */ - private static String PUBLIC_AUTHORITY_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" + - SAML + "AttributeValue"; - /** Element samlAssertion represents the SAML:Assertion */ - private Element samlAssertion; - - /** - * Constructor - * @param samlAssertion samlpResponse the <code><samlp:Response></code> as a DOM element - */ - public AuthenticationDataAssertionParser(Element samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Parses the <code><saml:Assertion></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any error - */ - public AuthenticationData parseAuthenticationData() - throws ParseException { - - try { - AuthenticationData authData = new AuthenticationData(); - //ÄNDERN: NUR der Identification-Teil - authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); - authData.setMajorVersion(new Integer( - XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); - authData.setMinorVersion(new Integer( - XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue()); - authData.setAssertionID( - XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, "")); - authData.setIssuer( - XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, "")); - authData.setIssueInstant( - XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); - authData.setVPK( - XPathUtils.getElementValue(samlAssertion, VPK_XPATH, "")); - authData.setIdentificationValue( - XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, "")); - authData.setGivenName( - XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, "")); - authData.setFamilyName( - XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, "")); - authData.setDateOfBirth( - XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, "")); - authData.setQualifiedCertificate(BoolUtils.valueOf( - XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, ""))); - String publicAuthority = - XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null); - if (publicAuthority == null) { - authData.setPublicAuthority(false); - authData.setPublicAuthorityCode(""); - } - else { - authData.setPublicAuthority(true); - if (! publicAuthority.equalsIgnoreCase("true")) - authData.setPublicAuthorityCode(publicAuthority); - } - return authData; - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java deleted file mode 100644 index 9f77578fd..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ /dev/null @@ -1,100 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parser for the <code><samlp:Response></code> returned by the - * <code>GetAuthenticationData</code> web service. - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseParser implements Constants { - /** Element containing the samlResponse */ - private Element samlResponse; - /** Xpath prefix for reaching SAMLP Namespaces */ - private static String SAMLP = SAMLP_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching PersonData Namespaces */ - private static String PR = PD_PREFIX + ":"; - /** Xpath expression for reaching the SAMLP:Response element */ - private static final String ROOT = - "/" + SAMLP + "Response/"; - /** Xpath expression for reaching the SAMLP:Status element */ - private static final String STATUS_XPATH = - ROOT + - SAMLP + "Status/"; - /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */ - private static final String STATUSCODE_XPATH = - STATUS_XPATH + - SAMLP + "StatusCode/@Value"; - /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */ - private static final String SUBSTATUSCODE_XPATH = - STATUS_XPATH + - SAMLP + "StatusCode/" + - SAMLP + "StatusCode/@Value"; - /** Xpath expression for reaching the SAMLP:StatusMessage element */ - private static final String STATUSMESSAGE_XPATH = - STATUS_XPATH + - SAMLP + "StatusMessage"; - /** Xpath expression for reaching the SAML:Assertion element */ - private static String ASSERTION_XPATH = - ROOT + - SAML + "Assertion"; - - /** - * Constructor - * @param samlResponse the <code><samlp:Response></code> as a DOM element - */ - public SAMLResponseParser(Element samlResponse) { - this.samlResponse = samlResponse; - } - - /** - * Parses the <code><samlp:StatusCode></code> from the <code><samlp:Response></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any parsing error - */ - public SAMLStatus parseStatusCode() - throws ParseException { - - SAMLStatus status = new SAMLStatus(); - try { - status.setStatusCode( - XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, "")); - status.setSubStatusCode( - XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, "")); - status.setStatusMessage( - XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, "")); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - return status; - } - - /** - * Parses the <code><saml:Assertion></code> from the <code><samlp:Response></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any parsing error - */ - public AuthenticationData parseAuthenticationData() - throws ParseException { - - Element samlAssertion; - try { - samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData(); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java deleted file mode 100644 index d6ec4951b..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ /dev/null @@ -1,80 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.text.DateFormat; -import java.util.Date; -import java.util.Locale; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for updating the MOA-ID Auth configuration from configuration file - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConfigurationServlet extends HttpServlet { - /** The standard String for DTD Doc-type */ - private static final String DOC_TYPE = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; - - /** - * Handle a HTTP GET request, used to indicated that the MOA - * configuration needs to be updated (reloaded). - * - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - - MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("<head><title>MOA configuration update</title></head>"); - out.println("<body bgcolor=\"#FFFFFF\">"); - try { - MOAIDProxyInitializer.initialize(); - - String message = msg.getMessage("config.00", new Object[] - { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); - Logger.info(message); - - //TODO low-priority: change to ErrorPage - out.println("<p><b>"); - out.println(message); - out.println("</b></p>"); - } catch (Throwable t) { - String errorMessage = msg.getMessage("config.04", null); - Logger.error(errorMessage, t); - out.println("<p><b>"); - out.println(errorMessage); - out.println("</b></p>"); - } - out.println("</body>"); - - out.flush(); - out.close(); - } - - /** - * Do the same as <code>doGet</code>. - * - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - public void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - doGet(request, response); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java deleted file mode 100644 index 0080c010e..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.servlet; - -import at.gv.egovernment.moa.id.MOAIDException; - -/** - * Exception thrown while proxying a request to the online application - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ProxyException extends MOAIDException { - - /** - * Constructor for ProxyException. - * @param messageId - * @param parameters - */ - public ProxyException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ProxyException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ProxyException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java deleted file mode 100644 index 362849fb1..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ /dev/null @@ -1,537 +0,0 @@ -package at.gv.egovernment.moa.id.proxy.servlet; - -import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.io.PrintWriter; -import java.io.StringWriter; -import java.net.HttpURLConnection; -import java.net.URLEncoder; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.CookieManager; -import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; -import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; -import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; -import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Servlet requested for logging in at an online application, - * and then for proxying requests to the online application. - * @author Paul Ivancsics - * @version $Id$ - */ -public class ProxyServlet extends HttpServlet { - /** Name of the Parameter for the Target */ - private static final String PARAM_TARGET = "Target"; - /** Name of the Parameter for the SAMLArtifact */ - private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; - - /** Name of the Attribute for the PublicURLPrefix */ - private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix"; - /** Name of the Attribute for the RealURLPrefix */ - private static final String ATT_REAL_URLPREFIX = "RealURLPrefix"; - /** Name of the Attribute for the SSLSocketFactory */ - private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory"; - /** Name of the Attribute for the LoginHeaders */ - private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; - /** Name of the Attribute for the LoginParameters */ - private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; - - /** - * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) - */ - protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - - Logger.debug("getRequestURL:" + req.getRequestURL().toString()); - try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) - login(req, resp); - else - tunnelRequest(req, resp); - } - catch (MOAIDException ex) { - handleError(resp, ex.toString(), ex); - } - catch (Throwable ex) { - handleError(resp, ex.toString(), ex); - } - } - - /** - * Login to online application at first call of servlet for a user session.<br/> - * <ul> - * <li>Acquires authentication data from the MOA-ID Auth component.</li> - * <li>Reads configuration data for the online application.</li> - * <li>Resolves login parameters.</li> - * <li>Sets up an SSLSocketFactory in case of a secure connection to the online application.</li> - * <li>For a stateless online application, stores data in the HttpSession.</li> - * <li>Tunnels the request to the online application.</li> - * </ul> - * @param req - * @param resp - * @throws ConfigurationException when wrong configuration is encountered - * @throws ProxyException when wrong configuration is encountered - * @throws BuildException while building the request for MOA-ID Auth - * @throws ServiceException while invoking MOA-ID Auth - * @throws ParseException while parsing the response from MOA-ID Auth - */ - private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { - - String samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); - Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); - // String target = req.getParameter(PARAM_TARGET); parameter given but not processed - - // get authentication data from the MOA-ID Auth component - AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); - - String urlRequested = req.getRequestURL().toString(); - - // read configuration data - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested); - if (oaParam == null) { - throw new ProxyException("proxy.02", new Object[] { urlRequested }); - } - String publicURLPrefix = oaParam.getPublicURLPrefix(); - Logger.debug("OA: " + publicURLPrefix); - OAConfiguration oaConf = oaParam.getOaConfiguration(); - ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - String realURLPrefix = oaConnParam.getUrl(); - - // resolve login parameters to be forwarded to online application - LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); - String clientIPAddress = req.getRemoteAddr(); - Map loginHeaders = null; - Map loginParameters = null; - try { - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); - else - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); - - } catch (LoginParameterResolverException ex) { - throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); - } - - // setup SSLSocketFactory for communication with the online application - SSLSocketFactory ssf = null; - if (oaConnParam.isHTTPSURL()) { - try { - ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - catch (Throwable ex) { - throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex); - } - } - - try { - // for stateless online application, store data in HttpSession - String loginType = oaConf.getLoginType(); - Logger.debug("Login type: " + loginType); - if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { - HttpSession session = req.getSession(); - int sessionTimeOut = oaParam.getSessionTimeOut(); - if (sessionTimeOut == 0) - sessionTimeOut = 60 * 60; // default 1 h - session.setMaxInactiveInterval(sessionTimeOut); - session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix); - session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix); - session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); - session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); - session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); - Logger.debug("moa-id-proxy: HTTPSession angelegt"); - } - - // tunnel request to the online application - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - { - Logger.debug("Got 401, trying again"); - - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - } - catch (ProxyException ex) { - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - catch (Throwable ex) { - throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); - } - } - - /** - * Tunnels a request to the stateless online application using data stored in the HTTP session. - * @param req HTTP request - * @param resp HTTP response - * @throws IOException if an I/O error occurs - */ - private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException { - - Logger.debug("Tunnel request (stateless)"); - HttpSession session = req.getSession(false); - if (session == null) - throw new ProxyException("proxy.07", null); - String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); - String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); - SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); - Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); - Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); - if (publicURLPrefix == null || realURLPrefix == null) - throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()}); - - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - { - Logger.debug("Got 401, trying again"); - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - } - -/** - * Tunnels a request to the online application using given URL mapping and SSLSocketFactory. - * This method returns the ResponseCode of the request to the online application. - * @param req HTTP request - * @param resp HTTP response - * @param loginHeaders header field/values to be inserted for purposes of authentication; - * may be <code>null</code> - * @param loginParameters parameter name/values to be inserted for purposes of authentication; - * may be <code>null</code> - * @param publicURLPrefix prefix of request URL to be substituted for the <code>realURLPrefix</code> - * @param realURLPrefix prefix of online application URL to substitute the <code>publicURLPrefix</code> - * @param ssf SSLSocketFactory to use - * @throws IOException if an I/O error occurs - */ -private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf) - throws IOException { - - // collect headers from request - Map headers = new HashMap(); - for (Enumeration enum = req.getHeaderNames(); enum.hasMoreElements();) { - String headerKey = (String) enum.nextElement(); - //We ignore any Basic-Auth-Headers from the client - if (headerKey.equalsIgnoreCase("Authorization")) - { Logger.debug("Ignoring authorization-header from browser: " +req.getHeader(headerKey) ); - } - else - headers.put(headerKey, req.getHeader(headerKey)); - } - // collect login headers, possibly overwriting headers from request - if (loginHeaders != null) { - for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - headers.put(headerKey, loginHeaders.get(headerKey)); - } - } - // collect parameters from request - Map parameters = new HashMap(); - for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements();) { - String paramName = (String) enum.nextElement(); - parameters.put(paramName, req.getParameter(paramName)); - } - // collect login parameters, possibly overwriting parameters from request - if (loginParameters != null) { - for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) { - String paramName = (String) iter.next(); - parameters.put(paramName, loginParameters.get(paramName)); - } - } - - headers.remove("content-length"); - parameters.remove(PARAM_SAMLARTIFACT); - parameters.remove(PARAM_TARGET); - - ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix); - HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters); - - //Set Cookies... - - String cookieString = CookieManager.getInstance().getCookie(req.getSession().getId()); - if (cookieString!=null) - { - //If we get Cookies from Client, we put them throgh if they dont exist/conflict with the stored Cookies - for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerValue = (String) headers.get(headerKey); - if (headerKey.equalsIgnoreCase("Cookie")) - CookieManager.getInstance().saveOldCookies(req.getSession().getId(), headerValue); - } - cookieString = CookieManager.getInstance().getCookie(req.getSession().getId()); - headers.put("cookie", cookieString); - } - - // set headers as request properties of URLConnection - for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerValue = (String) headers.get(headerKey); - conn.setRequestProperty(headerKey, headerValue); - Logger.debug("Req header " + headerKey + ": " + headers.get(headerKey)); - if (Logger.isDebugEnabled() && isBasicAuthenticationHeader(headerKey, headerValue)) { - String credentials = headerValue.substring(6); - String userIDPassword = new String(Base64Utils.decode(credentials, false)); - Logger.debug(":UserID:Password: :" + userIDPassword + ":"); - } - } - // Write out parameters into output stream of URLConnection. - // On GET request, do not send parameters in any case, - // otherwise HttpURLConnection would send a POST. - if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) { - boolean firstParam = true; - StringWriter sb = new StringWriter(); - for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) { - String paramname = (String) iter.next(); - String value = URLEncoder.encode((String) parameters.get(paramname)); - if (firstParam) - firstParam = false; - else - sb.write("&"); - sb.write(paramname); - sb.write("="); - sb.write(value); - Logger.debug("Req param " + paramname + ": " + value); - } - PrintWriter reqOut = new PrintWriter(conn.getOutputStream()); - reqOut.write(sb.toString()); - reqOut.flush(); - reqOut.close(); - } - // connect - conn.connect(); - - // Read response status and content type. - // If the connection returns a 401 disconnect and return - // otherwise the attempt to read data from that connection - // will result in an error - - if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) - { - Logger.debug("Found 401... searching cookies"); - String headerKey; - - int i = 1; - CookieManager cm = CookieManager.getInstance(); - while ((headerKey = conn.getHeaderFieldKey(i)) != null) { - String headerValue = conn.getHeaderField(i); - if (headerKey.equalsIgnoreCase("set-cookie")) - { cm.saveCookie(req.getSession().getId(), headerValue); - cm.add401(req.getSession().getId(),headerValue); - Logger.debug("Cookie " + headerValue); - Logger.debug("CookieSession " + req.getSession().getId()); - } - i++; - } - - conn.disconnect(); - return conn.getResponseCode(); - } - resp.setStatus(conn.getResponseCode()); - resp.setContentType(conn.getContentType()); - - // Read response headers - // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set. - // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests. - // See JavaDoc of javax.servlet.http.HttpServlet: - // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header. - Map respHeaders = new HashMap(); - boolean chunked = false; - String contentLengthKey = null; - String transferEncodingKey = null; - int i = 1; - String headerKey; - while ((headerKey = conn.getHeaderFieldKey(i)) != null) { - String headerValue = conn.getHeaderField(i); - respHeaders.put(headerKey, headerValue); - if (isTransferEncodingChunkedHeader(headerKey, headerValue)) { - chunked = true; - transferEncodingKey = headerKey; - } - CookieManager cm = CookieManager.getInstance(); - if (headerKey.equalsIgnoreCase("set-cookie")) - { cm.saveCookie(req.getSession().getId(), headerValue); - Logger.debug("Cookie " + headerValue); - Logger.debug("CookieSession " + req.getSession().getId()); - } - if ("content-length".equalsIgnoreCase(headerKey)) - contentLengthKey = headerKey; - Logger.debug("Resp header " + headerKey + ": " + headerValue); - i++; - } - if (chunked && contentLengthKey != null) { - respHeaders.remove(transferEncodingKey); - Logger.debug("Resp header " + transferEncodingKey + " REMOVED"); - } - - //Get a Hash-Map of all 401-set-cookies - HashMap cookies401 = CookieManager.getInstance().get401(req.getSession().getId()); - - for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) { - headerKey = (String) iter.next(); - - if (headerKey.equalsIgnoreCase("Set-Cookie")) - { - String headerValue = (String) respHeaders.get(headerKey); - Logger.debug("Found 'Set-Cookie' in ResponseHeaders: " + headerValue); - if(!cookies401.containsKey(headerValue.substring(0, headerValue.indexOf("=")))) - { - // If we dont already have a Set-Cookie-Value for THAT Cookie we create one... - CookieManager.getInstance().add401(req.getSession().getId(), headerValue); - } - } - } - - //write out all Responseheaders != "set-cookie" - for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) { - headerKey = (String) iter.next(); - if (!headerKey.equalsIgnoreCase("Set-Cookie")) - resp.addHeader(headerKey, (String) respHeaders.get(headerKey)); - } - - //write out all Responseheaders = "set-cookie" - cookies401 = CookieManager.getInstance().get401(req.getSession().getId()); - Iterator cookie_i = cookies401.values().iterator(); - while (cookie_i.hasNext()) { - String element = (String) cookie_i.next(); - resp.addHeader("Set-Cookie", element); - } - //Delete all "Set-Cookie" - Values - CookieManager.getInstance().clear401(req.getSession().getId()); - - // read response stream - Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode()); - // Load content unless the server lets us know that the content is NOT MODIFIED... - if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED) - { - BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream()); - Logger.debug("Got Inputstream"); - BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream()); - Logger.debug("Got Outputstream"); - int ch; - while ((ch = respIn.read()) >= 0) - respOut.write(ch); - respOut.close(); - respIn.close(); - } - else - Logger.debug("Found 304 NOT MODIFIED..."); - conn.disconnect(); - Logger.debug("Request done"); - - - return conn.getResponseCode(); -} -/** - * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..." - * - * @param headerKey header name - * @param headerValue header value - * @return true for a basic authentication header - */ -private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) { - if (!"authorization".equalsIgnoreCase(headerKey)) - return false; - if (headerValue.length() < "basic".length()) - return false; - String authenticationSchema = headerValue.substring(0, "basic".length()); - return "basic".equalsIgnoreCase(authenticationSchema); -} -/** - * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked" - * - * @param headerKey header name - * @param headerValue header value - * @return true for a "Transfer-encoding: chunked" header - */ -private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) { - if (!"transfer-encoding".equalsIgnoreCase(headerKey)) - return false; - return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0; -} - -/** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ -public void init(ServletConfig servletConfig) throws ServletException { - try { - MOAIDProxyInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex); - throw new ServletException(ex); - } -} -/** - * Handles an error in proxying the request. - * <ul> - * <li>Logs the error.</li> - * <li>Outputs an HTML error page.</li> - * </ul> - * @param resp the HttpServletResponse - * @param errorMessage error message to be used - * @param ex the exception to be logged - */ -private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) { - Logger.error(errorMessage, ex); - String htmlCode = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" - + "<html><head><title>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</title></head><body>" - + "<h1>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</h1>" - + "<p>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null) - + "</p>" - + "<p>" - + errorMessage - + "</p>" - + "</body></html>"; - resp.setContentType("text/html"); - try { - OutputStream respOut = resp.getOutputStream(); - respOut.write(htmlCode.getBytes()); - respOut.flush(); - } - catch (IOException ioex) { - Logger.error("", ioex); - } -} - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java deleted file mode 100644 index 8967bdbba..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java +++ /dev/null @@ -1,213 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import java.io.BufferedWriter; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.PrintWriter; -import java.net.Socket; -import java.security.GeneralSecurityException; -import java.util.Hashtable; - -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.components.net.BooleanHolder; -import org.apache.axis.components.net.DefaultSocketFactory; -import org.apache.axis.components.net.SecureSocketFactory; -import org.apache.axis.components.net.TransportClientProperties; -import org.apache.axis.components.net.TransportClientPropertiesFactory; -import org.apache.axis.utils.Messages; -import org.apache.axis.utils.XMLUtils; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * Secure socket factory for Axis webs service clients of the MOA-ID component, - * which are the MOA-SP calls from MOA-ID Auth, - * and the MOA-ID Auth calls from MOA-ID Proxy. - * <br/>Use this initialization code:<br/> - * <code> // ConnectionParameter connParam = ... get from ConfigurationProvider - * AxisSecureSocketFactory.initialize(connParam);</code> - * <br/>See the Apache Axis documentation on how to configure this class - * as the default secure socket factory to be used by Axis. - * <br/> - * This code has been copied from <code>JSSESocketFactory</code>, the - * method <code>initialize()</code> has been added. - * - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AxisSecureSocketFactory - extends DefaultSocketFactory implements SecureSocketFactory { - - /** Field sslFactory */ - private static SSLSocketFactory sslFactory; - - /** - * Constructor for AxisSecureSocketFactory. - * @param attributes ??? - */ - public AxisSecureSocketFactory(Hashtable attributes) { - super(attributes); - } - /** - * Initializes the factory by setting the connection parameters to be used for - * setting the secure socket factory, and by setting the system property - * <code>axis.socketSecureFactory</code>. - * @param connParam <code>ConnectionParameter</code> to derive the - * secure socket factory from - */ - public static void initialize(SSLSocketFactory ssf) - throws IOException, GeneralSecurityException { - - Logger.debug("Initialize AxisSecureSocketFactory"); - sslFactory = ssf; - } - - /** - * creates a secure socket - * - * @param host - * @param port - * @param otherHeaders - * @param useFullURL - * - * @return Socket - * @throws Exception - */ - public Socket create( - String host, - int port, - StringBuffer otherHeaders, - BooleanHolder useFullURL) - throws Exception { - if (port == -1) { - port = 443; - } - - TransportClientProperties tcp = - TransportClientPropertiesFactory.create("https"); - - boolean hostInNonProxyList = - isHostInNonProxyList(host, tcp.getNonProxyHosts()); - - Socket sslSocket = null; - if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) { - // direct SSL connection - sslSocket = sslFactory.createSocket(host, port); - } - else { - - // Default proxy port is 80, even for https - int tunnelPort = - (tcp.getProxyPort().length() != 0) - ? Integer.parseInt(tcp.getProxyPort()) - : 80; - if (tunnelPort < 0) - tunnelPort = 80; - - // Create the regular socket connection to the proxy - Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort); - - // The tunnel handshake method (condensed and made reflexive) - OutputStream tunnelOutputStream = tunnel.getOutputStream(); - PrintWriter out = - new PrintWriter( - new BufferedWriter(new OutputStreamWriter(tunnelOutputStream))); - - // More secure version... engage later? - // PasswordAuthentication pa = - // Authenticator.requestPasswordAuthentication( - // InetAddress.getByName(tunnelHost), - // tunnelPort, "SOCK", "Proxy","HTTP"); - // if(pa == null){ - // printDebug("No Authenticator set."); - // }else{ - // printDebug("Using Authenticator."); - // tunnelUser = pa.getUserName(); - // tunnelPassword = new String(pa.getPassword()); - // } - out.print( - "CONNECT " - + host - + ":" - + port - + " HTTP/1.0\r\n" - + "User-Agent: AxisClient"); - if (tcp.getProxyUser().length() != 0 - && tcp.getProxyPassword().length() != 0) { - - // add basic authentication header for the proxy - String encodedPassword = - XMLUtils.base64encode( - (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes()); - - out.print("\nProxy-Authorization: Basic " + encodedPassword); - } - out.print("\nContent-Length: 0"); - out.print("\nPragma: no-cache"); - out.print("\r\n\r\n"); - out.flush(); - InputStream tunnelInputStream = tunnel.getInputStream(); - - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "isNull00", - "tunnelInputStream", - "" + (tunnelInputStream == null))); - } - String replyStr = ""; - - // Make sure to read all the response from the proxy to prevent SSL negotiation failure - // Response message terminated by two sequential newlines - int newlinesSeen = 0; - boolean headerDone = false; /* Done on first newline */ - - while (newlinesSeen < 2) { - int i = tunnelInputStream.read(); - - if (i < 0) { - throw new IOException("Unexpected EOF from proxy"); - } - if (i == '\n') { - headerDone = true; - ++newlinesSeen; - } - else if (i != '\r') { - newlinesSeen = 0; - if (!headerDone) { - replyStr += String.valueOf((char) i); - } - } - } - if (!replyStr.startsWith("HTTP/1.0 200") - && !replyStr.startsWith("HTTP/1.1 200")) { - throw new IOException( - Messages.getMessage( - "cantTunnel00", - new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr })); - } - - // End of condensed reflective tunnel handshake method - sslSocket = sslFactory.createSocket(tunnel, host, port, true); - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "setupTunnel00", - tcp.getProxyHost(), - "" + tunnelPort)); - } - } - - ((SSLSocket) sslSocket).startHandshake(); - if (log.isDebugEnabled()) { - log.debug(Messages.getMessage("createdSSL00")); - } - return sslSocket; - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java deleted file mode 100644 index d31aa6ec1..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java +++ /dev/null @@ -1,58 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import java.util.Locale; - -import at.gv.egovernment.moa.util.Messages; - -/** - * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDMessageProvider { - - /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */ - private static final String[] DEFAULT_MESSAGE_RESOURCES = - { "resources/properties/id_messages" }; - /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */ - private static final Locale[] DEFAULT_MESSAGE_LOCALES = - new Locale[] { new Locale("de", "AT") }; - /** The instance for our singleton */ - private static MOAIDMessageProvider instance; - /** The Messages */ - private Messages messages; - - /** - * Returns the single instance of <code>MOAIDMessageProvider</code>. - * - * @return the single instance of <code>MOAIDMessageProvider</code> - */ - public static MOAIDMessageProvider getInstance() { - if (instance == null) - instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); - return instance; - } - - /** - * Create a <code>MOAIDMessageProvider</code>. - * - * @param resourceNames The names of the resources containing the messages. - * @param locales The corresponding locales. - */ - protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) { - this.messages = new Messages(resourceNames, locales); - } - - /** - * Get the message corresponding to a given message ID. - * - * @param messageId The ID of the message. - * @param parameters The parameters to fill in into the message arguments. - * @return The formatted message. - */ - public String getMessage(String messageId, Object[] parameters) { - return messages.getMessage(messageId, parameters); - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/Random.java b/id.server/src/at/gv/egovernment/moa/id/util/Random.java deleted file mode 100644 index da75b4213..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/Random.java +++ /dev/null @@ -1,22 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import java.util.Date; - -/** - * Random number generator used to generate ID's - * @author Paul Ivancsics - * @version $Id$ - */ -public class Random { - - /** random number generator used */ - private static java.util.Random random = new java.util.Random(new Date().getTime()); - /** - * Creates a new random number, to be used as an ID. - * - * @return random long as a String - */ - public static String nextRandom() { - return "" + random.nextLong(); - } -} diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java deleted file mode 100644 index e0739d941..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java +++ /dev/null @@ -1,160 +0,0 @@ -package at.gv.egovernment.moa.id.util; - -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.io.BufferedInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.Security; -import java.util.HashMap; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl; -import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; -import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StreamUtils; - -import com.sun.net.ssl.HttpsURLConnection; -import com.sun.net.ssl.KeyManager; -import com.sun.net.ssl.SSLContext; -import com.sun.net.ssl.TrustManager; - -/** - * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>. - * This <code>TrustManager</code> implementation features CRL checking.<br/> - * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtils { - - /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ - private static Map sslSocketFactories = new HashMap(); - - /** - * Initializes the SSLSocketFactory store. - */ - public static void initialize() { - sslSocketFactories = new HashMap(); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - } - - /** - * Creates an <code>SSLSocketFactory</code> which utilizes an - * <code>IAIKX509TrustManager</code> for the given trust store, - * and the given key store. - * - * @param conf configuration provider providing a generic properties pointing - * to trusted CA store and certificate store root - * @param connParam connection parameter containing the client key store settings - * to be used in case of client authentication; - * if <code>connParam.getClientKeyStore() == null</code>, client authentication - * is assumed to be disabled - * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the socket factory - * @throws ConfigurationException on invalid configuration data - * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> - */ - public static SSLSocketFactory getSSLSocketFactory( - ConfigurationProvider conf, - ConnectionParameter connParam) - throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - - Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); - // retrieve SSLSocketFactory if already created - SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); - if (ssf != null) - return ssf; - // else create new SSLSocketFactory - String trustStoreURL = conf.getTrustedCACertificates(); - if (trustStoreURL == null) - throw new ConfigurationException( - "config.08", new Object[] {"TrustedCACertificates"}); - String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); - TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( - "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - ssf = ctx.getSocketFactory(); - // store SSLSocketFactory - sslSocketFactories.put(connParam.getUrl(), ssf); - return ssf; - } - - /** - * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, - * using configuration data. - * - * @param conf MOA-ID configuration provider - * @param trustStoreURL trust store URL - * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates - * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code> - * @throws ConfigurationException on invalid configuration data - * @throws IOException on data-reading problems - * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> - */ - public static TrustManager[] getTrustManagers( - ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - PKIConfiguration cfg = null; - if (! PKIFactory.getInstance().isAlreadyConfigured()) - cfg = new PKIConfigurationImpl(conf); - String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); - //not using BoolUtils because default value hast to be true! - boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); - //TODO RS verify SSL Revocation handling - PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); - // This call fixes a bug occuring when PKIConfiguration is - // initialized by the MOA-SP initialization code, in case - // MOA-SP is called by API - MOAIDTrustManager.initializeLoggingContext(); - IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); - tm.init(cfg, profile); - return new TrustManager[] {tm}; - } - /** - * Reads a file, given by URL, into a byte array, - * securing the connection by IAIKX509TrustManager. - * @param connParam containing URL and accepted server certificates - * @param conf ConfigurationProvider for reading - * @return file content - * @throws ConfigurationException on invalid configuration data - * @throws PKIException on invalid configuration data - * @throws IOException on data-reading problems - * @throws GeneralSecurityException on security issues - */ - public static byte[] readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - URL url = new URL(connParam.getUrl()); - HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); - conn.setRequestMethod("GET"); - conn.setDoInput(true); - SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam); - conn.setSSLSocketFactory(sslSocketFactory); - conn.connect(); - InputStream in = new BufferedInputStream(conn.getInputStream()); - byte[] content = StreamUtils.readStream(in); - in.close(); - conn.disconnect(); - return content; - } - -} diff --git a/id.server/src/test/MOAIDTestCase.java b/id.server/src/test/MOAIDTestCase.java deleted file mode 100644 index 725fa1386..000000000 --- a/id.server/src/test/MOAIDTestCase.java +++ /dev/null @@ -1,203 +0,0 @@ -package test; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import javax.xml.transform.TransformerException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -import iaik.ixsil.algorithms.Transform; -import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML; -import iaik.ixsil.exceptions.AlgorithmException; -import iaik.ixsil.exceptions.InitException; -import iaik.ixsil.exceptions.URIException; -import iaik.ixsil.init.IXSILInit; -import iaik.ixsil.util.URI; -import test.at.gv.egovernment.moa.MOATestCase; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDTestCase extends MOATestCase implements Constants { - - public static final String XML_DECL = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>"; - protected static final String nl = "\n"; - - public MOAIDTestCase(String name) { - super(name); - } - - protected void initIxsil() throws InitException, URIException { - IXSILInit.init(new URI("init/properties/init.properties")); - // Switch on debug information - IXSILInit.setPrintDebugLog(true); - } - //STRING <==> STRING - protected void assertXmlEquals(String xml1, String xml2) - throws AlgorithmException, IOException, InitException, URIException{ - initIxsil(); - String canXml1 = canonicalTransform(xml1); - String canXml2 = canonicalTransform(xml2); - assertEquals(canXml1, canXml2); } - // ELEMENT <==> ELEMENT - protected void assertXmlEquals(Element xml1, Element xml2) - throws AlgorithmException, IOException, InitException , URIException, TransformerException{ - initIxsil(); - assertEquals(canonicalTransform(DOMUtils.serializeNode(xml1)),canonicalTransform(DOMUtils.serializeNode(xml2))); - } - // INPUTSTREAM <==> INPUTSTREAM - protected void assertXmlEquals(InputStream xml1, InputStream xml2) - throws AlgorithmException, IOException, InitException , URIException{ - initIxsil(); - assertEquals(canonicalTransform(xml1),canonicalTransform(xml2)); - } - // ELEMENT <==> STRING - protected void assertXmlEquals(Element xml1, String xml2) - throws AlgorithmException, IOException, InitException , URIException, TransformerException { - initIxsil(); - assertEquals(canonicalTransform(xml1),canonicalTransform(xml2)); - } - // ELEMENT <==> INPUTSTREAM - protected void assertXmlEquals(Element xml1, InputStream xml2) - throws AlgorithmException, IOException, InitException , URIException, TransformerException{ - initIxsil(); - assertEquals(canonicalTransform(xml1),canonicalTransform(xml2)); - } - // STRING <==> INPUTSTREAM - protected void assertXmlEquals(String xml1, InputStream xml2) - throws AlgorithmException, IOException, InitException , URIException{ - initIxsil(); - assertEquals(canonicalTransform(xml1),canonicalTransform(xml2)); - } - - /** - * Method canonicalTransform. - * @param input as STRING - * @return String - */ - protected String canonicalTransform(String input) - throws AlgorithmException, IOException { - - Transform tr = new TransformImplExclusiveCanonicalXML(); - InputStream s = new ByteArrayInputStream(input.getBytes("UTF-8")); - tr.setInput(s, null); - ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform(); - return killWhiteSpace(readString(transResult)); - } - /** - * Method canonicalTransform. - * @param input as Element - * @return String - */ - protected String canonicalTransform(Element input) - throws AlgorithmException, IOException { - - Transform tr = new TransformImplExclusiveCanonicalXML(); - tr.setInput(XPathUtils.selectNodeList(input, XPathUtils.ALL_NODES_XPATH), null); - ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform(); - - return killWhiteSpace(readString(transResult)); - } - - /** - * Method canonicalTransform. - * @param input as InputStream - * @return String - */ - protected String canonicalTransform(InputStream input) - throws AlgorithmException, IOException { - - Transform tr = new TransformImplExclusiveCanonicalXML(); tr.setInput(input, null); - ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform(); - - return killWhiteSpace(readString(transResult)); - } - - public static String killWhiteSpace(String input) - { - int start=0; - int ende; - String result; - String middle; - result = input; - do { - start = result.indexOf(">", start); - ende = result.indexOf("<", start); - middle = result.substring(start+1,ende).trim(); - result = result.substring(0,start+1) +middle + result.substring(ende,result.length()); - start++; - } while (result.indexOf("<", ende + 1)>0); - - return result; - } - - /** - * Method killExclusive.: The values startsWith and endsWith will be included into the answer. - * @param input - * @param startsWith - * @param endsWith - * @param newValue - * @return String - */ - public static String killExclusive(String input, String startsWith, String endsWith, String newValue) - { - int start=0; - int ende; - String result; - result = input; - do { - start = result.indexOf(startsWith, start) + startsWith.length(); - ende = result.indexOf(endsWith, start); - result = result.substring(0,start) + newValue + result.substring(ende,result.length()); - start++; - } while (result.indexOf(startsWith, ende + 1)>0); - - return result; - } - - /** - * Method killInclusive. : The values startsWith and endsWith will NOT be included into the answer. - * @param input - * @param startsWith - * @param endsWith - * @param newValue - * @return String - */ - public static String killInclusive(String input, String startsWith, String endsWith, String newValue) - { - int start=0; - int ende; - String result; - result = input; - do { - start = result.indexOf(startsWith, start) + startsWith.length(); - ende = result.indexOf(endsWith, start); - result = result.substring(0,start - startsWith.length() ) + newValue + result.substring(ende + endsWith.length(),result.length()); - start++; - } while (result.indexOf(startsWith, ende + 1)>0); - - return result; - } - - protected String readFile(String filename) throws IOException { - return readFile(filename, "UTF-8"); - } - protected String readFile(String filename, String encoding) throws IOException { - return FileUtils.readFile(filename, encoding); - } - protected String readString(InputStream input) throws IOException - { - return StreamUtils.readStream(input, "UTF-8"); - } - -} diff --git a/id.server/src/test/abnahme/A/Test100StartAuthentication.java b/id.server/src/test/abnahme/A/Test100StartAuthentication.java deleted file mode 100644 index 0d72691aa..000000000 --- a/id.server/src/test/abnahme/A/Test100StartAuthentication.java +++ /dev/null @@ -1,171 +0,0 @@ -package test.abnahme.A; - -import test.abnahme.AbnahmeTestCase; -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.auth.WrongParametersException; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Test100StartAuthentication extends AbnahmeTestCase { - - public Test100StartAuthentication(String name) { - super(name); - } - - public void testA101() throws Exception { - try { - String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL - "gb", //target - "http://localhost:9080/", //oaURL - "file:" + findXmldata("AuthTemplate.html"), - "http://localhost:3495/http-security-layer-request", - null); - htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); - //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); - assertEquals(readXmldata("htmlForm.html"),htmlForm); - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA102() throws Exception { - try { - String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL - "gb", //target - "http://localhost:9080/", //oaURL - null, - "http://localhost:3495/http-security-layer-request", null); - htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); - //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); - assertEquals(readXmldata("htmlForm.html"),htmlForm); - - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA103() throws Exception { - try { - String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL - "gb", //target - "http://localhost:9080/", //oaURL - "file:" + findXmldata("AuthTemplate.html"), - null, - null); - htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); - //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); - assertEquals(readXmldata("htmlForm.html"),htmlForm); - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA151() throws Exception { - try { - try { - server.startAuthentication(null, //authURL - "gb", //target - "http://localhost:9080/", //oaURL - null, null, null); - //assertEquals("",htmlForm); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (WrongParametersException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA152() throws Exception { - try { - try { - server.startAuthentication("http://localhost:8080/auth", //authURL - "gb", "http://localhost:9080/", //oaURL - null, null, null); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA153() throws Exception { - try { - try { - server.startAuthentication("https://localhost:8443/auth", //authURL - "gb", "http://host_not_in_config/", //oaURL - null, null, null); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA154() throws Exception { - try { - try { - server.startAuthentication("https://localhost:8443/auth", //authURL - "gb", null, //oaURL - null, null, null); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (WrongParametersException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA155() throws Exception { - try { - try { - server.startAuthentication("https://localhost:8443/auth", //authURL - null, "http://localhost:9080/", //oaURL - null, null, null); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (WrongParametersException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - //assertEquals("",htmlForm); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - -} diff --git a/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java b/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java deleted file mode 100644 index ed4410521..000000000 --- a/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java +++ /dev/null @@ -1,336 +0,0 @@ -package test.abnahme.A; - -import org.w3c.dom.Element; -import test.abnahme.AbnahmeTestCase; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; -import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Test200VerifyIdentityLink extends AbnahmeTestCase { - - public Test200VerifyIdentityLink(String name) { - super(name); - } - - public void testA201() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - - String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - - VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); - - /* - * HINWEIS: clearSamlAssertion löscht aus einer beliebiegen String-Repräsentation einer XML-Struktur - * AUSSLIESSLICH die Attribute IssueInstand und die AssertionID heraus, von dem her ist diese - * Method hier verwendbar - */ - - assertXmlEquals(clearSamlAssertion(readXmldata("CreateXMLSignatureRequest.xml")), clearSamlAssertion(createXMLSignatureRequest)); - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - - } - public void testA251() throws Exception { - try { - startAuthentication(); - String sessionID = "0"; - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA252() throws Exception { - try { - String sessionID = startAuthentication(); - - server.setSecondsSessionTimeOut(-100); - server.cleanup(); - server.setSecondsSessionTimeOut(1000); - - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA253() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA254() throws Exception { - try { - String sessionID = startAuthentication(); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA255() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - } - catch (ParseException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA256() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA257() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA258() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA259() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA260() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA261() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA262() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - new InfoboxReadResponseParser(infoboxReadResponse).parseIdentityLink(); - // System.out.println(infoboxReadResponse); - - try { - server.verifyIdentityLink(sessionID, infoboxReadResponse); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA263() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - - VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - - // String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse); - // System.out.println(createXMLSignatureRequest); - // String createXMLSignatureResponse = readFile(TESTDATA_ROOT + "xmldata/standard/"+"CreateXMLSignatureResponse.xml"); - // String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - try { - VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), new String[] { "CN=TEST,OU=TEST,O=TEST,C=AT" }, VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); - System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); - fail(this.getName() + " hat KEINE FEHLER geworfen"); - } - catch (ValidateException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } -} diff --git a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java deleted file mode 100644 index d9e69eba4..000000000 --- a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java +++ /dev/null @@ -1,597 +0,0 @@ -package test.abnahme.A; - -import java.util.Calendar; - -import org.w3c.dom.Element; -import test.abnahme.AbnahmeTestCase; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.VPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; -import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ - -public class Test300VerifyAuthBlock extends AbnahmeTestCase { - - public Test300VerifyAuthBlock(String name) { - super(name); - } - - public void testA301() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - //authDataWriter(authData,this.getName()+"new.xml"); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA302() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - //authDataWriter(authData,this.getName()+"new.xml"); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA303() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA304() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA305() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA306() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA307() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA308() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - - } - - public void testA309() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA310() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA311() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA351() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // nicht existierende Session.... - try { - server.verifyAuthenticationBlock("0", createXMLSignatureResponse); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA352() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - server.setSecondsSessionTimeOut(-100); - server.cleanup(); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // abgelaufene Session.... - server.setSecondsSessionTimeOut(1000); - try { - server.verifyAuthenticationBlock("0", createXMLSignatureResponse); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA353() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // Session for VerifyIdentityLink-Aufruf - try { - - server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - fail(); - } - //NOCH SEHR UNSCHÖN..... (fliegt raus im AuthenticationServer, Methode buildAuthenticationData - // ( IdentityLink identityLink = session.getIdentityLink(); ==> liefert dann NULL... - catch (NullPointerException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA354() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // nicht existierende Session.... - - server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - try { - server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA355() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ParseException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA356() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ParseException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA357() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA358() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA359() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA360() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA361() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA362() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA363() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA364() throws Exception { - try { - String sessionID = startAuthentication(); - try { - - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - /* public void testA365() throws Exception { - String sessionID = startAuthentication(); - try { - // wegen sinnlosigkeit gestrichen - initServer(sessionID); - fail(); - } - catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} - }*/ - - public void testA366() throws Exception { - - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} - } - public void testA367() throws Exception { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} - } - - - private AuthenticationData initServer(String sessionID) throws Exception { - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1"); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/"); - String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - AuthenticationData authData = server.getAuthenticationData(samlArtifact); - return authData; - } - - private AuthenticationData initServerWithoutValidateAuthBlock(String sessionID) throws Exception { - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1"); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/"); - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - // parses <CreateXMLSignatureResponse> - CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(); - // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix()); - // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); - // invokes the call - Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); - // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); - // compares the public keys from the identityLink with the AuthBlock - - // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); - return authData; - } - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = new VPKBuilder().buildVPK( - identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget()); - authData.setVPK(vpkBase64); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build( - identityLink, oaParam.getProvideZMRZahl()); - - try { - String ilAssertion = - oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; - String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, prPerson, authBlock, ilAssertion); - authData.setSamlAssertion(samlAssertion); - return authData; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "AuthenticationData", ex.getMessage() }, - ex); - } - } -} diff --git a/id.server/src/test/abnahme/A/Test400GetAuthenticationData.java b/id.server/src/test/abnahme/A/Test400GetAuthenticationData.java deleted file mode 100644 index b05e2b92c..000000000 --- a/id.server/src/test/abnahme/A/Test400GetAuthenticationData.java +++ /dev/null @@ -1,129 +0,0 @@ -package test.abnahme.A; - -import org.w3c.dom.Element; -import test.abnahme.AbnahmeTestCase; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; - -/** - * @author Stefan Knirsch - * @version $Id$ - */ - -public class Test400GetAuthenticationData extends AbnahmeTestCase { - - private String samlArtifact; - - public Test400GetAuthenticationData(String name) { - super(name); - } - - protected void setUp() throws Exception { - super.setUp(); - String sessionID = startAuthentication(); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - server.verifyIdentityLink(sessionID, infoboxReadResponse); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(), "gb", "https://localhost:9443/"); - samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - } - - public void testA401() throws Exception { - try { - - AuthenticationData authData = server.getAuthenticationData(samlArtifact); -// authDataWriter(authData,"NEWA401"); - assertXmlEquals(clearSamlAssertion(authData.getSamlAssertion()), readXmldata("AuthenticationData.xml")); - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA451() throws Exception { - try { - try { - AuthenticationData authData = server.getAuthenticationData("AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi"); - authDataWriter(authData, "A45"); - if (authData != null) - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA452() throws Exception { - try { - server.getAuthenticationData(samlArtifact); - try { - server.getAuthenticationData(samlArtifact); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA453() throws Exception { - try { - server.setSecondsAuthDataTimeOut(-1000); - server.cleanup(); - try { - server.getAuthenticationData(samlArtifact); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA454() throws Exception { - try { - try { - server.getAuthenticationData("blabla123"); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - -} diff --git a/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java b/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java deleted file mode 100644 index f4f37a871..000000000 --- a/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java +++ /dev/null @@ -1,305 +0,0 @@ -package test.abnahme.A; - -import java.io.OutputStream; -import java.net.URL; -import java.security.Security; - -import javax.net.ssl.SSLSocketFactory; - -import test.abnahme.AbnahmeTestCase; - -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.URLEncoder; - -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Test500StartAuthenticationServlet extends AbnahmeTestCase { - - private String testdataRoot = TESTDATA_ROOT + "xmldata/standard/"; - SSLSocketFactory ssf; - public Test500StartAuthenticationServlet(String name) { - super(name); - } - protected void setUp() throws Exception { - super.setUp(); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore"); - System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); - } - - public void testA501() throws Exception { - //NUR einmal für alle folgenden Testfälle - //---------------------------------------- - - //---------------------------------------- - - try { - String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(targetURL, "GET"); - conn.connect(); - int resultCode = conn.getResponseCode(); - String contentType = conn.getHeaderField("Content-Type"); - if (resultCode != 200) - fail("Wrong HTTP-Code"); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html")) - fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type")); - conn.disconnect(); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA502() throws Exception { - try { - String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - int resultCode = conn.getResponseCode(); - String contentType = conn.getHeaderField("Content-Type"); - if (resultCode != 200) - fail("Wrong HTTP-Code: expected '200' and was '" + resultCode + "'"); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html")) - fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type")); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - - conn.disconnect(); - - URL = parseDataURL(result); - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - System.out.println("File gelesen, Daten in Outputstream einpflegen"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes("UTF-8")); - out.flush(); - out.close(); - - System.out.println("Verbinden zu " + URL); - conn.connect(); - resultCode = conn.getResponseCode(); - System.out.println("resultCode :" + resultCode); - String redirectLoc = conn.getHeaderField("Location"); - System.out.println("redirectLoc :" + redirectLoc); - // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein! - if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc)) - fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location")); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml")) - fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type")); - conn.disconnect(); - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA503() throws Exception { - try { - String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - - assertEquals(200,conn.getResponseCode()); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html")) - fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type")); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - URL = parseDataURL(result); - - conn.disconnect(); - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - String redirectLoc = conn.getHeaderField("Location"); - // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein! - if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc)) - fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location")); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml")) - fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type")); - conn.disconnect(); - - conn = giveConnection(redirectLoc, "POST"); - System.out.println("Redirect Location: " + redirectLoc); - String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("XMLResponse=" +createXMLSignatureResponse).getBytes()); - out.flush(); - out.close(); - - System.out.println("Sending Data to " + redirectLoc); - conn.connect(); - - redirectLoc = conn.getHeaderField("Location"); - System.out.println("redirectLoc: " + redirectLoc); - /* RandomAccessFile raf = new RandomAccessFile("C://503.xml", "rw"); - raf.write(StreamUtils.readStream(conn.getInputStream())); - raf.close();*/ - conn.disconnect(); - assertEquals(302, conn.getResponseCode()); - assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact=")); - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA551() throws Exception { - try { - String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", ""); - HttpsURLConnection conn = giveConnection(targetURL, "GET"); - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - assertTrue(result.indexOf("Die Angabe der Parameter ist unvollständig") >= 0); - conn.disconnect(); - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Die Angabe der Parameter ist unvollständig.\n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA552() throws Exception { - try { - String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - int resultCode = conn.getResponseCode(); - assertEquals(200, resultCode); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html")) - fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type")); - conn.disconnect(); - URL = "https://localhost:8443/moa-id-auth/" + "VerifyIdentityLink?MOASessionID=0000"; - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0); - System.out.println("Fehler in testA552 erfolgreich abgefangen: MOASessionID ist unbekannt"); - conn.disconnect(); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA553() throws Exception { - try { - String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - int resultCode = conn.getResponseCode(); - assertEquals(200,resultCode); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html")) - fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type")); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - String MOASessionID = parseSessionIDFromForm(result); - URL = parseDataURL(result); - conn.disconnect(); - - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - result = new String(StreamUtils.readStream(conn.getInputStream())); - String redirectLoc = conn.getHeaderField("Location"); - // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein! - if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc)) - fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location")); - if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml")) - fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type")); - conn.disconnect(); - conn = giveConnection(redirectLoc + "XXX", "POST"); - System.out.println("Redirect Location: " + redirectLoc + "XXX"); - String createXMLSignatureResponse = "XMLResponse=" + URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - - out = conn.getOutputStream(); - out.write(new String("MOASessionID=" + MOASessionID + "&").getBytes()); - out.write(createXMLSignatureResponse.getBytes("UTF-8")); - out.flush(); - out.close(); - System.out.println("Sending Data to " + redirectLoc); - conn.connect(); - resultCode = conn.getResponseCode(); - - result = new String(StreamUtils.readStream(conn.getInputStream())); - conn.disconnect(); - assertEquals(200, resultCode); - assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0); - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - private String parseDataURL(String input) { - String ret = getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\""); - return ret; - } - - private String getSubString(String input, String startsWith, String endsWith) { - return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length())); - } - private String getURL(String authURL, String target, String oaURL) { - return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL; - } - private String parseSessionIDFromForm(String htmlForm) { - String parName = "MOASessionID="; - assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0); - int i1 = htmlForm.indexOf(parName) + parName.length(); - int i2 = htmlForm.indexOf("\"", i1); - assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1); - return htmlForm.substring(i1, i2); - } - - private class HostnameVerifierHack implements HostnameVerifier { - public boolean verify(String arg0, String arg1) { - return true; - } - } - private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception { - URL url = new URL(targetURL); - HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); - conn.setRequestMethod(requestMethod); - conn.setDoInput(true); - conn.setDoOutput(true); - conn.setUseCaches(false); - conn.setAllowUserInteraction(false); - conn.setHostnameVerifier(new HostnameVerifierHack()); - return conn; - } - -}
\ No newline at end of file diff --git a/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java b/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java deleted file mode 100644 index b44852346..000000000 --- a/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java +++ /dev/null @@ -1,281 +0,0 @@ -package test.abnahme.A; - -import java.io.OutputStream; -import java.net.URL; -import java.security.Security; -import java.util.Calendar; -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Element; - -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; - -import test.abnahme.AbnahmeTestCase; - -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.URLDecoder; -import at.gv.egovernment.moa.util.URLEncoder; - -/** - * @author Stefan Knirsch - * @version $Id$ - */ - -public class Test600GetAuthenticationDataService extends AbnahmeTestCase { - - private String moaSessionID; - private String samlArtifact; - private static final QName SERVICE_QNAME = new QName("SignatureCreation"); - - public Test600GetAuthenticationDataService(String name) { - super(name); - } - - protected void setUp() throws Exception { - super.setUp(); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore"); - System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); - } - - public void testA601() throws Exception { - try { - - // Anmelden - String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - String MOASessionID = parseSessionIDFromForm(result); - conn.disconnect(); - - URL = parseDataURL(result); - // Verify Identity Link - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - String redirectLoc = conn.getHeaderField("Location"); - conn.disconnect(); - //Verify Auth Block - conn = giveConnection(redirectLoc, "POST"); - String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); - out.flush(); - out.close(); - conn.connect(); - redirectLoc = conn.getHeaderField("Location"); - samlArtifact = parseSamlArtifact(redirectLoc); - System.out.println("SamlArtifact: " + samlArtifact); - conn.disconnect(); - - assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact=")); - - conn = null; - - SAMLRequestBuilder srb = new SAMLRequestBuilder(); - - Element erg = doCall(srb.build(moaSessionID,URLDecoder.decode(samlArtifact, "UTF-8"))); - result = DOMUtils.serializeNode(erg); - result = killInclusive(result,"IssueInstant=\"","\"",""); - result = killInclusive(result,"AssertionID=\"","\"",""); - result = killInclusive(result,"ResponseID=\"","\"",""); - -// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8")); - - assertEquals(result,readXmldata("GetAuthenticationDataWebServiceResponse.xml")); - - System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA651() throws Exception { - try { - - // Anmelden - String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - String MOASessionID = parseSessionIDFromForm(result); - conn.disconnect(); - - URL = parseDataURL(result); - // Verify Identity Link - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - String redirectLoc = conn.getHeaderField("Location"); - conn.disconnect(); - //Verify Auth Block - conn = giveConnection(redirectLoc, "POST"); - String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); - out.flush(); - out.close(); - conn.connect(); - redirectLoc = conn.getHeaderField("Location"); - samlArtifact = "AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi"; - System.out.println("SamlArtifact: " + samlArtifact); - conn.disconnect(); - - assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact=")); - - conn = null; - - SAMLRequestBuilder srb = new SAMLRequestBuilder(); - Element samlPRequest = srb.build(moaSessionID,samlArtifact); - - assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("unbekanntes SAML-Artifakt")!=-1); - - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt\n-----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA652() throws Exception { - try { - - // Anmelden - String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - String MOASessionID = parseSessionIDFromForm(result); - conn.disconnect(); - - URL = parseDataURL(result); - // Verify Identity Link - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - String redirectLoc = conn.getHeaderField("Location"); - conn.disconnect(); - //Verify Auth Block - conn = giveConnection(redirectLoc, "POST"); - String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); - out.flush(); - out.close(); - conn.connect(); - redirectLoc = conn.getHeaderField("Location"); - samlArtifact = parseSamlArtifact(redirectLoc); - System.out.println("SamlArtifact: " + samlArtifact); - conn.disconnect(); - - assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact=")); - - conn = null; - String request = - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" + - moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" + - DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" + - "</samlp:Request>"; - - Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - - assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("Fehlerhaftes Requestformat")!=-1); -// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8")); - System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehlerhaftes Requestformat\n-----------------------"); } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - protected Element doCall(Element request) - throws Exception { - QName serviceName = new QName("GetAuthenticationData"); - String endPoint = "http://localhost:8080/moa-id-auth/services/GetAuthenticationData"; - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = - new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] {body}; - Vector responses; - SOAPBodyElement response; - - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(params); - response = (SOAPBodyElement) responses.get(0); - - return response.getAsDOM(); - } - - private String parseDataURL(String input) - { - return getSubString(input.substring(input.indexOf("DataURL"),input.length()),"value=\"","\""); - } - private String parseSamlArtifact(String input) - { - return getSubString(input+"@@@","SAMLArtifact=","@@@"); - } - private String getSubString(String input, String startsWith, String endsWith) - { - return input.substring(input.indexOf(startsWith)+startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith)+startsWith.length())); - } - private String getURL(String authURL, String target, String oaURL) - { - return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL; - } - private String parseSessionIDFromForm(String htmlForm) { - String parName = "MOASessionID="; - assertTrue( - "HTML Form enthält keine SessionID", - htmlForm.indexOf(parName) >= 0); - int i1 = htmlForm.indexOf(parName) + parName.length(); - int i2 = htmlForm.indexOf("\"", i1); - assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1); - return htmlForm.substring(i1, i2); - } - private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception { - HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection(); - conn.setRequestMethod(requestMethod); - conn.setDoInput(true); - conn.setDoOutput(true); - conn.setUseCaches(false); - conn.setAllowUserInteraction(false); - conn.setHostnameVerifier(new HostnameVerifierHack()); - return conn; - } - private class HostnameVerifierHack implements HostnameVerifier { - public boolean verify(String arg0, String arg1) { - return true; - } - } -} diff --git a/id.server/src/test/abnahme/A/Test700SelectBKU.java b/id.server/src/test/abnahme/A/Test700SelectBKU.java deleted file mode 100644 index 9cfa47033..000000000 --- a/id.server/src/test/abnahme/A/Test700SelectBKU.java +++ /dev/null @@ -1,63 +0,0 @@ -package test.abnahme.A; - -import test.abnahme.AbnahmeTestCase; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class Test700SelectBKU extends AbnahmeTestCase { - - public Test700SelectBKU(String name) { - super(name); - } - - public void testA701() throws Exception { - try { - String form = server.selectBKU( - "https://localhost:8443/auth", - "gb", - "https://localhost:9443/", - "file:" + getTestCaseDirectory() + "BKUSelectionTemplate.html", - "file:" + getTestCaseDirectory() + "Template.html"); - //writeXmldata("SelectBKUForm_out.html", form.getBytes()); - assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form); - } - catch (Exception ex) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage()); - throw ex; - } - } - public void testA702() throws Exception { - try { - String form = server.selectBKU( - "https://localhost:8443/auth", - "gb", - "https://localhost:9443/", - null, - null); - //writeXmldata("SelectBKUForm_out.html", form.getBytes()); - assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form); - } - catch (Exception ex) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage()); - throw ex; - } - } - public void testA703() throws Exception { - try { - String form = server.selectBKU( - "https://localhost:8443/auth", - "gb", - "https://localhost:9443/", - null, - null); - //writeXmldata("SelectBKUForm_out.html", form.getBytes()); - assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form); - } - catch (Exception ex) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage()); - throw ex; - } - } -} diff --git a/id.server/src/test/abnahme/AbnahmeTestCase.java b/id.server/src/test/abnahme/AbnahmeTestCase.java deleted file mode 100644 index e0e6fc183..000000000 --- a/id.server/src/test/abnahme/AbnahmeTestCase.java +++ /dev/null @@ -1,163 +0,0 @@ -package test.abnahme; - -import java.io.File; -import java.io.IOException; -import java.io.RandomAccessFile; - -import test.MOAIDTestCase; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; - -/** - * Base class for MOA ID test cases. - * - * Provides some utility functions. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class AbnahmeTestCase extends MOAIDTestCase { - - protected static final String TESTDATA_ROOT = "data/abnahme-test/"; - protected static final String TESTDATA_XMLDATA = "data/abnahme-test/xmldata/"; - protected static final String AUTH_ENDPOINT = "http://localhost:8080/moa-id-auth/"; - protected AuthenticationServer server; - - /** - * Constructor for MOATestCase. - * @param arg0 - */ - public AbnahmeTestCase(String name) { - super(name); - } - /** - * Set up a transaction context with a test configuration. - */ - protected void setUp() throws Exception { - - System.out.print("--------S-T-A-R-T----V-O-N----"); - System.out.print(getName().toUpperCase().substring(4,getName().length())); - System.out.print("-----------------------------\n"); - - // Set moa.spss.server.configuration property - System.setProperty("moa.spss.server.configuration",TESTDATA_ROOT + "conf/moa/ConfigurationTest.xml"); - - // Set moa.id.configuration property - String pathname = findXmldata("Configuration.xml"); - System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, pathname); - System.out.println("Konfiguration " + pathname); - AuthConfigurationProvider.reload(); - - server = AuthenticationServer.getInstance(); - } - /** Test case z.B. "A153" */ - protected String getID() { - return getName().toUpperCase().substring(4,getName().length()); - } - /** Test group z.B. "A100" */ - protected String getTestGroup() { - return getID().substring(0, 2) + "00"; - } - /** Test case data directory */ - protected String getTestCaseDirectory() { - return getTestGroupDirectory() + getID() + "/"; - } - /** Test group data directory */ - protected String getTestGroupDirectory() { - return TESTDATA_XMLDATA + getTestGroup() + "/"; - } - /** Finds a file in the xmldata directory */ - protected String findXmldata(String filename) { - String pathname = getTestCaseDirectory() + filename; - if (! new File(pathname).exists()) { - pathname = getTestGroupDirectory() + filename; - if (! new File(pathname).exists()) { - pathname = TESTDATA_XMLDATA + filename; - } - } - return pathname; - } - /** Finds and reads a file in the xmldata directory */ - protected String readXmldata(String filename) throws IOException { - String pathname = findXmldata(filename); - System.out.println("Read file " + pathname); - return readFile(pathname); - } - protected void writeXmldata(String filename, byte[] content) throws Exception { - String pathname = getTestCaseDirectory() + filename; - System.out.println("Write file " + pathname); - RandomAccessFile raf = new RandomAccessFile(pathname, "rw"); - byte[] data = content; - raf.write(data); - raf.setLength(data.length); - raf.close(); - } - - /** - * Creates a session using standard parameters, - * and returns the session ID. - */ - protected String startAuthentication() throws MOAIDException { - return startAuthentication("https://localhost:9443/"); - } - /** - * Creates a session using standard parameters, - * and returns the session ID. - */ - protected String startAuthentication(String oaURL) throws MOAIDException { - String htmlForm = AuthenticationServer.getInstance().startAuthentication( - "https://localhost:8443/auth", - "gb", - oaURL, - null, - null, - null); - String sessionID = parseSessionIDFromForm(htmlForm); - return sessionID; - } - private String parseSessionIDFromForm(String htmlForm) { - String parName = "MOASessionID="; - assertTrue( - "HTML Form enthält keine SessionID", - htmlForm.indexOf(parName) >= 0); - int i1 = htmlForm.indexOf(parName) + parName.length(); - int i2 = i1; - while(i2 < htmlForm.length() && - (htmlForm.charAt(i2) == '-' || (htmlForm.charAt(i2) >= '0' && htmlForm.charAt(i2) <= '9'))) - i2++; - assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1); - return htmlForm.substring(i1, i2); - } - protected String clearSessionID(String htmlForm) { - String sessionID = parseSessionIDFromForm(htmlForm); - int i1 = htmlForm.indexOf(sessionID); - int i2 = i1 + sessionID.length(); - return htmlForm.substring(0, i1) + htmlForm.substring(i2); - } - protected void assertEqualsIgnoreSessionID(String s1, String s2) { - String ss1 = clearSessionID(s1); - String ss2 = clearSessionID(s2); - assertEquals(ss1, ss2); - } - protected void authDataWriter(AuthenticationData authData, String filename) throws Exception - { - writeXmldata("AuthenticationDataNEW.xml", clearSamlAssertion(authData.getSamlAssertion()).getBytes("UTF-8")); - } - - /** - * clearSamlAssertion löscht aus einer beliebiegen String-Repräsentation einer XML-Struktur - * AUSSLIESSLICH die Attribute 'IssueInstant' und 'AssertionID' heraus. - * @param samlAssertion - * @return String - */ - protected String clearSamlAssertion(String samlAssertion) - { - String result = killInclusive(samlAssertion,"IssueInstant='", "'",""); - result = killInclusive(result,"AssertionID='", "'",""); - return result; - } -}
\ No newline at end of file diff --git a/id.server/src/test/abnahme/AllTests.java b/id.server/src/test/abnahme/AllTests.java deleted file mode 100644 index 56a38be28..000000000 --- a/id.server/src/test/abnahme/AllTests.java +++ /dev/null @@ -1,49 +0,0 @@ -package test.abnahme; - -import junit.awtui.TestRunner; -import junit.framework.*; - -import test.abnahme.A.Test100StartAuthentication; -import test.abnahme.A.Test200VerifyIdentityLink; -import test.abnahme.A.Test300VerifyAuthBlock; -import test.abnahme.A.Test400GetAuthenticationData; -import test.abnahme.A.Test500StartAuthenticationServlet; -import test.abnahme.A.Test600GetAuthenticationDataService; -import test.abnahme.A.Test700SelectBKU; -import test.abnahme.C.Test100Konfiguration; -import test.abnahme.P.Test100LoginParameterResolver; - - - - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class AllTests { - - public static Test suite() { - TestSuite suite = new TestSuite(); - - suite.addTestSuite(Test100StartAuthentication.class); - suite.addTestSuite(Test200VerifyIdentityLink.class); - suite.addTestSuite(Test300VerifyAuthBlock.class); - suite.addTestSuite(Test400GetAuthenticationData.class); - suite.addTestSuite(Test500StartAuthenticationServlet.class); - suite.addTestSuite(Test600GetAuthenticationDataService.class); - suite.addTestSuite(Test700SelectBKU.class); - - suite.addTestSuite(Test100LoginParameterResolver.class); - - suite.addTestSuite(Test100Konfiguration.class); - return suite; - } - - public static void main(String[] args) { - try { - TestRunner.run(AllTests.class); - } catch (Exception e) { - e.printStackTrace(); - } - } -} diff --git a/id.server/src/test/abnahme/C/Test100Konfiguration.java b/id.server/src/test/abnahme/C/Test100Konfiguration.java deleted file mode 100644 index 7da5a7449..000000000 --- a/id.server/src/test/abnahme/C/Test100Konfiguration.java +++ /dev/null @@ -1,60 +0,0 @@ -package test.abnahme.C; - -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; - -import test.abnahme.AbnahmeTestCase; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ - -public class Test100Konfiguration extends AbnahmeTestCase { - - public Test100Konfiguration(String name) { - super(name); - } - - public void testC001() throws Exception { - try { - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testC002() throws Exception { - try { - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testC003() throws Exception { - try { - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testC051() throws Exception { - try { - // Set moa.id.configuration property - String pathname = findXmldata("ConfigurationC051.xml"); - System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, pathname); - System.out.println("Konfiguration " + pathname); - AuthConfigurationProvider.reload(); - } - catch (Exception e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - // AuthConfigurationProvider.getInstance().getBKUConnectionParameter().getAcceptedServerCertificates() - } -} diff --git a/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java b/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java deleted file mode 100644 index 8b7b2002f..000000000 --- a/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java +++ /dev/null @@ -1,146 +0,0 @@ -package test.abnahme.P; -import java.util.Map; - -import sun.misc.BASE64Decoder; -import test.abnahme.AbnahmeTestCase; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ - -public class Test100LoginParameterResolver extends AbnahmeTestCase { - - private static final String CLIENT_IP_ADDRESS = "56.246.75.11"; - private OAConfiguration oaConf; - private LoginParameterResolver lpr; - - public Test100LoginParameterResolver(String name) { - super(name); - } - - private void setUp(String publicURLPrefix) - throws Exception { - - // get configuration data - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix); - oaConf = oaParam.getOaConfiguration(); - System.out.println("Parameterübergabe: " + oaConf.getAuthType()); - - // get login parameter resolver - LoginParameterResolverFactory.initialize(); - lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); - } - public void testP101() throws Exception { - try { - // read configuration and set up LoginParameterResolver - setUp("https://testP101:9443/"); - if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) - fail(); - - // assemble authentication data - AuthenticationData authData = new AuthenticationData(); - authData.setFamilyName("Huber"); - authData.setGivenName("Hugo"); - - // resolve login headers - Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS); - - // validate login headers - assertEquals(1, loginHeaders.keySet().size()); - System.out.println("Header Authorization: " + loginHeaders.get("Authorization")); - System.out.println("Decoded UserID:Password " + - new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6)))); - String userIDPassword = "Hugo:Huber"; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - assertEquals("Basic " + credentials, loginHeaders.get("Authorization")); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - - } - public void testP102() throws Exception { - try { - // read configuration and set up LoginParameterResolver - setUp("https://testP102:9443/"); - if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - fail(); - - // assemble authentication data - AuthenticationData authData = new AuthenticationData(); - String DATE_OF_BIRTH = "1963-12-29"; - String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw="; - authData.setDateOfBirth(DATE_OF_BIRTH); - authData.setVPK(VPK); - - // resolve login parameters - Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS); - - // validate login headers - assertEquals(2, loginParameters.keySet().size()); - System.out.println("Param1: " + loginParameters.get("Param1")); - System.out.println("Param2: " + loginParameters.get("Param2")); - assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1")); - assertEquals(VPK, loginParameters.get("Param2")); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testP103() throws Exception { - try { - // read configuration and set up LoginParameterResolver - setUp("https://localhost:9443/"); - if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) - fail(); - - // assemble authentication data - AuthenticationData authData = new AuthenticationData(); - boolean PUBLIC_AUTH = true; - String BKZ = "FinanzamtWien23Leitstelle"; - boolean QUAL_CERT = false; - String ZMR_ZAHL = "3456789012"; - authData.setPublicAuthority(PUBLIC_AUTH); - authData.setPublicAuthorityCode(BKZ); - authData.setQualifiedCertificate(QUAL_CERT); - authData.setIdentificationValue(ZMR_ZAHL); - - // resolve login headers - Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS); - - // validate login headers - assertEquals(5, loginHeaders.keySet().size()); - System.out.println("Header Param1: " + loginHeaders.get("Param1")); - System.out.println("Header Param2: " + loginHeaders.get("Param2")); - System.out.println("Header Param3: " + loginHeaders.get("Param3")); - System.out.println("Header Param4: " + loginHeaders.get("Param4")); - System.out.println("Header Param5: " + loginHeaders.get("Param5")); - assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1")); - assertEquals(BKZ, loginHeaders.get("Param2")); - assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3")); - assertEquals(ZMR_ZAHL, loginHeaders.get("Param4")); - assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5")); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java deleted file mode 100644 index 69ed3d12b..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java +++ /dev/null @@ -1,41 +0,0 @@ -package test.at.gv.egovernment.moa.id; - -import test.at.gv.egovernment.moa.id.auth.AuthenticationServerTest; -import test.at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataServiceTest; -import test.at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationTest; -import test.at.gv.egovernment.moa.id.config.auth.MOAIDAuthConfigurationProviderTest; -import test.at.gv.egovernment.moa.id.config.proxy.MOAIDProxyConfigurationProviderTest; - -import junit.awtui.TestRunner; -import junit.framework.Test; -import junit.framework.TestSuite; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class AllTests { - - public static Test suite() { - TestSuite suite = new TestSuite(); - - suite.addTestSuite(AuthenticationServerTest.class); - suite.addTest(test.at.gv.egovernment.moa.id.auth.builder.AllTests.suite()); - suite.addTest(test.at.gv.egovernment.moa.id.auth.parser.AllTests.suite()); - suite.addTestSuite(GetAuthenticationDataServiceTest.class); - suite.addTestSuite(SignatureVerificationTest.class); - suite.addTestSuite(MOAIDAuthConfigurationProviderTest.class); - suite.addTestSuite(MOAIDProxyConfigurationProviderTest.class); - suite.addTest(test.at.gv.egovernment.moa.id.proxy.AllTests.suite()); - - return suite; - } - - public static void main(String[] args) { - try { - TestRunner.run(AllTests.class); - } catch (Exception e) { - e.printStackTrace(); - } - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java b/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java deleted file mode 100644 index 8309a4f7e..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java +++ /dev/null @@ -1,35 +0,0 @@ -package test.at.gv.egovernment.moa.id; - -import test.MOAIDTestCase; - -import at.gv.egovernment.moa.id.config.ConfigurationProvider; - -/** - * Base class for MOA ID test cases. - * - * Provides some utility functions. - * - * @author Patrick Peck - * @version $Id$ - */ -public class UnitTestCase extends MOAIDTestCase { - - protected static final String TESTDATA_ROOT = "data/test/"; - - /** - * Constructor for MOATestCase. - * @param arg0 - */ - public UnitTestCase(String name) { - super(name); - } - /** - * Set up a transaction context with a test configuration. - */ - protected void setUp() throws Exception { - System.setProperty( - ConfigurationProvider.CONFIG_PROPERTY_NAME, - TESTDATA_ROOT + "conf/ConfigurationTest.xml"); - } - -}
\ No newline at end of file diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java deleted file mode 100644 index 753b2ef12..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java +++ /dev/null @@ -1,50 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.data.AuthenticationData; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationServerTest extends UnitTestCase { - - public AuthenticationServerTest(String name) { - super(name); - } - - public void testStandard() throws Exception { - doTest( - "standard", - "https://localhost:8443/auth", - "gb", - "https://localhost:9443/", - null, - null); - } - public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception { - String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/"; - AuthenticationServer server = AuthenticationServer.getInstance(); - String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null); - String sessionID = parseSessionIDFromForm(htmlForm); - String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml"); - String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse); - String createXMLSignatureRequestShould = readFile(testdataRoot + "CreateXMLSignatureRequest.xml"); - assertXmlEquals(createXMLSignatureRequestShould, createXMLSignatureRequest); - String createXMLSignatureResponse = readFile(testdataRoot + "CreateXMLSignatureResponse.xml"); - String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - AuthenticationData authData = server.getAuthenticationData(samlArtifact); - String authDataShould = readFile(testdataRoot + "AuthenticationDataAssertion.xml"); - assertXmlEquals(authDataShould, authData.getSamlAssertion()); - } - private String parseSessionIDFromForm(String htmlForm) { - String parName = "MOASessionID="; - assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0); - int i1 = htmlForm.indexOf(parName) + parName.length(); - int i2 = htmlForm.indexOf("\"", i1); - assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1); - return htmlForm.substring(i1, i2); - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java deleted file mode 100644 index 4bc7d52d6..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java +++ /dev/null @@ -1,47 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth; - -import java.security.KeyStore; -import java.util.Enumeration; - -import test.at.gv.egovernment.moa.id.UnitTestCase; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.util.KeyStoreUtils; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDAuthInitialiserTest extends UnitTestCase { - - public MOAIDAuthInitialiserTest(String name) { - super(name); - } - - public void testInit() throws Exception - { -// System.setProperty( -// ConfigurationProvider.CONFIG_PROPERTY_NAME,"C://Programme/ApacheGroup/abnahme/conf/moa-id/SampleMOAIDConfiguration.xml"); -// System.setProperty( -// ConfigurationProvider.CONFIG_PROPERTY_NAME,"D://Daten/_Projects/moa_id_maengel/SampleMOAIDConfiguration.xml"); - SSLUtils.initialize(); - - try { - KeyStore s = KeyStoreUtils.loadKeyStore("pkcs12","file:C:/Programme/ApacheGroup/abnahme/cert/keystore.p12","changeit"); - System.out.println(s.getProvider().getClass().getName()); - Enumeration enum = s.aliases(); - while (enum.hasMoreElements()) { - String element = (String) enum.nextElement(); - System.out.print(element+":"); - System.out.println(s.getCertificate(element).getPublicKey().getAlgorithm()); - System.out.println(s.getCertificate(element).getType()); - } - - - System.out.println(s.getCertificate("pc41408").getPublicKey().getFormat()); - - } - catch (Exception e) {e.printStackTrace();}; - - } - - } diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java deleted file mode 100644 index 77dff29aa..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java +++ /dev/null @@ -1,33 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import junit.awtui.TestRunner; -import junit.framework.Test; -import junit.framework.TestSuite; - -/** - * @author patrick - * @version $Id$ - */ -public class AllTests { - - public static Test suite() { - TestSuite suite = new TestSuite(); - - suite.addTestSuite(AuthenticationBlockAssertionBuilderTest.class); - suite.addTestSuite(CreateXMLSignatureBuilderTest.class); - suite.addTestSuite(GetIdentityLinkFormBuilderTest.class); - suite.addTestSuite(InfoboxReadRequestBuilderTest.class); - suite.addTestSuite(PersonDataBuilderTest.class); - suite.addTestSuite(SAMLArtifactBuilderTest.class); - - return suite; - } - - public static void main(String[] args) { - try { - TestRunner.run(AllTests.class); - } catch (Exception e) { - e.printStackTrace(); - } - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java deleted file mode 100644 index 2717ee8c0..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java +++ /dev/null @@ -1,46 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase { - private static final String nl = "\n"; - private static final String ISSUER = "Hugo Mustermann"; - private static final String ISSUE_INSTANT = "2003-03-15T22:50:21+01:00"; - private static final String AUTH_URL = "https://auth.moa.gv.at/"; - private static final String TARGET = "Grundbuch"; - private static final String OA_URL = "https://grundbuch.gv.at/"; - - // wird auch von CreateXMLSignatureBuilderTest verwendet ! - public static final String ASSERTION_SHOULD = -"<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='" + ISSUER + "' IssueInstant='" + ISSUE_INSTANT + "'>" + nl + -" <saml:AttributeStatement>" + nl + -" <saml:Subject>" + nl + -" <saml:NameIdentifier>" + AUTH_URL + "</saml:NameIdentifier>" + nl + -" </saml:Subject>" + nl + -" <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl + -" <saml:AttributeValue>" + TARGET + "</saml:AttributeValue>" + nl + -" </saml:Attribute>" + nl + -" <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl + -" <saml:AttributeValue>" + OA_URL + "</saml:AttributeValue>" + nl + -" </saml:Attribute>" + nl + -" </saml:AttributeStatement>" + nl + -"</saml:Assertion>"; - - public AuthenticationBlockAssertionBuilderTest(String name) { - super(name); - } - - public void testBuild() throws Exception { - AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder(); - String assertionBuilt = builder.build(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, OA_URL); - assertionBuilt = XML_DECL + assertionBuilt; - String assertionShould = XML_DECL + ASSERTION_SHOULD; - assertXmlEquals(assertionShould, assertionBuilt); - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java deleted file mode 100644 index 13f86efee..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java +++ /dev/null @@ -1,58 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class CreateXMLSignatureBuilderTest extends UnitTestCase { - private static final String nl = "\n"; - public static final String TRANSFORMS_INFO = - " <sl10:TransformsInfo>" + nl + - " <dsig:Transforms>" + nl + - " <dsig:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'/>" + nl + - " <dsig:Transform Algorithm='http://www.w3.org/TR/1999/REC-xslt-19991116'>" + nl + -"<xsl:stylesheet version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' >" + nl + -"<xsl:template match='/'>" + nl + -"<html>" + nl + -"<body>" + nl + -"</body>" + nl + -"</html>" + nl + -"</xsl:template>" + nl + -"</xsl:stylesheet>" + nl + - " </dsig:Transform>" + nl + - " </dsig:Transforms>" + nl + - " <sl10:FinalDataMetaInfo>" + nl + - " <sl10:MimeType>text/html</sl10:MimeType>" + nl + - " </sl10:FinalDataMetaInfo>" + nl + - " </sl10:TransformsInfo>" + nl; - public static final String REQUEST_SHOULD = -"<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl + -"<sl11:CreateXMLSignatureRequest xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sl10=\"http://www.buergerkarte.at/namespaces/securitylayer/20020225#\" xmlns:sl11=\"http://www.buergerkarte.at/namespaces/securitylayer/20020831#\">" + nl + -" <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl + -" <sl11:DataObjectInfo Structure=\"detached\">" + nl + -" <sl10:DataObject Reference=\"\"/>" + nl + -TRANSFORMS_INFO + -" </sl11:DataObjectInfo>" + nl + -" <sl11:SignatureInfo>" + nl + -" <sl11:SignatureEnvironment>" + nl + -" <sl10:XMLContent>" + AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD + "</sl10:XMLContent>" + nl + -" </sl11:SignatureEnvironment>" + nl + -" <sl11:SignatureLocation Index=\"2\">/saml:Assertion</sl11:SignatureLocation>" + nl + -" </sl11:SignatureInfo>" + nl + -"</sl11:CreateXMLSignatureRequest>"; - - public CreateXMLSignatureBuilderTest(String name) { - super(name); - } - - public void testBuild() throws Exception { - String request = new CreateXMLSignatureRequestBuilder().build( - AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD, - new String[] {TRANSFORMS_INFO}); - assertXmlEquals(REQUEST_SHOULD, request); - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java deleted file mode 100644 index 9142a8e42..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java +++ /dev/null @@ -1,73 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; - -import junit.framework.TestCase; - -import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetIdentityLinkFormBuilderTest extends TestCase { - private static String nl = "\n"; - public static String FORM = - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + - "<html>" + nl + - "<head>" + nl + - "<title>Auslesen der Personenbindung</title>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"GetIdentityLinkForm\"" + nl + - " action=\"{0}\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"{1}\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"{2}\"/>" + nl + - " <input type=\"submit\" value=\"Auslesen der Personenbindung\"/>" + nl + - "</form>" + nl + - "<form name=\"CertificateInfoForm\"" + nl + - " action=\"{0}\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"{3}\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"{4}\"/>" + nl + - " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + - "</form>" + nl + - "</body>" + nl + - "</html>"; - public static String BKU = - "http://localhost:3495/http-security-layer-request"; - - public void testBuild() throws Exception { - String xmlRequest = new InfoboxReadRequestBuilder().build(); - String dataURL = "https://1.2.3.4/auth/VerifyIdentityLink?MOASessionID=1234567"; - String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); - String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; - String form = new GetIdentityLinkFormBuilder().build(null, null, xmlRequest, dataURL, infoRequest, infoDataURL); - String formShould = MessageFormat.format( - FORM, new Object[] { BKU, xmlRequest, dataURL, infoRequest, infoDataURL }); - assertEquals(formShould, form); - } - public void testBuildCustomBKU() throws Exception { - String xmlRequest = new InfoboxReadRequestBuilder().build(); - String dataURL = "https://1.2.3.4/auth/AuthServlet/StartAuthentication?MOASessionID=1234567"; - String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); - String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; - String bkuURL = "http://bku.at/"; - String form = new GetIdentityLinkFormBuilder().build(null, bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL); - String formShould = MessageFormat.format( - FORM, new Object[] { bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL }); - assertEquals(formShould, form); - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java deleted file mode 100644 index b65fc9ecf..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java +++ /dev/null @@ -1,29 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import org.w3c.dom.Document; -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class InfoboxReadRequestBuilderTest extends UnitTestCase implements Constants { - - public InfoboxReadRequestBuilderTest(String name) { - super(name); - } - - public void testBuild() throws Exception { - InfoboxReadRequestBuilder builder = new InfoboxReadRequestBuilder(); - String xmlBuilt = builder.build(); - Document docBuilt = DOMUtils.parseDocument(xmlBuilt, false, ALL_SCHEMA_LOCATIONS, null); - String xmlBuiltSerialized = DOMUtils.serializeNode(docBuilt); - // xmlShould was generated by Hot:Sign Tester - String xmlShould = "<?xml version='1.0' encoding='utf-8'?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>"; - assertXmlEquals(xmlShould, xmlBuiltSerialized); - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java deleted file mode 100644 index 504679fd5..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java +++ /dev/null @@ -1,51 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.util.Constants; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class PersonDataBuilderTest extends UnitTestCase implements Constants { - - /** - * Constructor for PersonDataBuilderTest. - */ - public PersonDataBuilderTest(String arg) { - super(arg); - } - public void testBuild() throws Exception { - String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml"); - IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); - String xmlPersonData = new PersonDataBuilder().build(il, true); - String xmlPersonDataShould = "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Identification><pr:Value>123456789012</pr:Value><pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type></pr:Identification><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>"; - assertPersonDataEquals(xmlPersonDataShould, xmlPersonData); - } - public void testBuildNoZMRZahl() throws Exception { - String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml"); - IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); - String xmlPersonData = new PersonDataBuilder().build(il, false); - String xmlPersonDataShould = XML_DECL + "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>"; - assertPersonDataEquals(xmlPersonDataShould, xmlPersonData); - } - private void assertPersonDataEquals(String s1, String s2) throws Exception { - String ss1 = insertPrNS(s1); - String ss2 = insertPrNS(s2); - assertXmlEquals(ss1, ss2); - } - private String insertPrNS(String xmlPersonData) { - int startNS = xmlPersonData.indexOf("Person") + "Person".length() + 1; - String s = - xmlPersonData.substring(0, startNS) + - "xmlns:pr=\"" + PD_NS_URI + "\" " + - "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " + - xmlPersonData.substring(startNS); - return s; - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java deleted file mode 100644 index 3ec73ee4c..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java +++ /dev/null @@ -1,52 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; -import at.gv.egovernment.moa.util.Base64Utils; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLArtifactBuilderTest extends UnitTestCase { - - private static final String AUTH_URL = "https://moa.gv.at/auth/"; - private static final String SESSION_ID_1 = "123456"; - private static final String SESSION_ID_2 = "123457"; - private static final String SESSION_ID_3 = "1234567"; - - private SAMLArtifactBuilder builder; - private byte[] artifact1; - private byte[] artifact2; - private byte[] artifact3; - - public SAMLArtifactBuilderTest(String name) { - super(name); - } - protected void setUp() throws Exception { - builder = new SAMLArtifactBuilder(); - artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false); - artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2), false); - artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3), false); - } - - public void testBuildArtifactLength() throws BuildException { - assertEquals(42, artifact1.length); - assertEquals(42, artifact2.length); - assertEquals(42, artifact3.length); - } - public void testBuildSameArtifact() throws Exception { - byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false); - assertEquals(new String(artifact1), new String(artifact1Clone)); - } - public void testBuildDifferentArtifacts() throws BuildException { - String msg = "SAML Artifacts should be different"; - assertFalse(msg, new String(artifact1).equals(new String(artifact2))); - assertFalse(msg, new String(artifact1).equals(new String(artifact3))); - assertFalse(msg, new String(artifact3).equals(new String(artifact2))); - } - - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java deleted file mode 100644 index 5b3bb5906..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java +++ /dev/null @@ -1,93 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.builder; - -import java.io.FileInputStream; -import java.io.RandomAccessFile; - -import org.w3c.dom.Element; -import test.at.gv.egovernment.moa.id.auth.invoke.MOASPSSTestCase; - -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; - - - -/** - * Test case for the signature verification web service. - * - * This test requires a running SignatureVerification web service. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilderTest extends MOASPSSTestCase { - - - private SignatureVerificationInvoker caller; - - public VerifyXMLSignatureRequestBuilderTest(String name) { - super(name); - } - - public void setUp() { - System.setProperty( - ConfigurationProvider.CONFIG_PROPERTY_NAME, - "data/test/conf/ConfigurationTest.xml"); - caller = new SignatureVerificationInvoker(); - } - - public void testVerifyXMLSignatureRequestBuilderIdentityLink() throws Exception { - - RandomAccessFile infoBox = new RandomAccessFile( - "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r"); - byte[] b = new byte[(int) infoBox.length()]; - infoBox.read(b); - infoBox.close(); - String xmlInfoboxReadResponse = new String(b, "UTF-8"); - - - RandomAccessFile vr = new RandomAccessFile( - "data/test/xmldata/standard/VerifyXMLSignatureRequestIdentityLink.xml","r"); - b = new byte[(int) vr.length()]; - vr.read(b); - vr.close(); - String xmlResponse = new String(b, "UTF-8"); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element requestBuild = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID()); - - assertXmlEquals(requestBuild, xmlResponse); - - } - - public void testVerifyXMLSignature2() throws Exception { - - RandomAccessFile s = new RandomAccessFile("data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - s.close(); - String xmlCreateXMLSignatureResponse = new String(b, "UTF-8"); - - CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); - - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID()); - - // check the result - assertXmlEquals(request, new FileInputStream("data/test/xmldata/standard/VerifyXMLSignatureRequestCreateXML.xml")); - - } - } diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java deleted file mode 100644 index 7ae6f70ef..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java +++ /dev/null @@ -1,38 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.invoke; - -import java.security.Security; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -/** - * Base class for end-to-end tests of MOA web-services. - * - * Initializes the test system and provides some properties. - * - * @author Patrick Peck - * @version $Id$ - */ -public class MOASPSSTestCase extends UnitTestCase { - - public MOASPSSTestCase(String name) { - super(name); - } - - - protected void setupSSL() { - System.setProperty("javax.net.debug", "all"); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty( - "java.protocol.handler.pkgs", - "com.sun.net.ssl.internal.www.protocol"); - System.setProperty( - "javax.net.ssl.keyStore", - "data/test/security/client.keystore"); - System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); - System.setProperty( - "javax.net.ssl.trustStore", - "data/test/security/client.keystore"); - System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java deleted file mode 100644 index e56dcde91..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java +++ /dev/null @@ -1,166 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.invoke; - -import java.io.RandomAccessFile; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.util.DOMUtils; - - - -/** - * Test case for the signature verification web service. - * - * This test requires a running SignatureVerification web service. - * - * @author Patrick Peck - * @author Fatemeh Philippi - * @version $Id$ - */ -public class SignatureVerificationTest extends MOASPSSTestCase { - - - private SignatureVerificationInvoker caller; - - public SignatureVerificationTest(String name) { - super(name); - } - - public void setUp() { -System.setProperty( - ConfigurationProvider.CONFIG_PROPERTY_NAME, - "data/test/conf/ConfigurationTest.xml"); - caller = new SignatureVerificationInvoker(); - } - -/* public void testVerifyCMSSignature() throws Exception { - Element request = - parseXml("data/test/xml/VCSQ000.xml").getDocumentElement(); - Element result; - - // call the service - result = caller.verifyXMLSignature(request); - - // check the result - assertEquals("VerifyCMSSignatureResponse", result.getTagName()); - }*/ - - public void testVerifyXMLSignature1() throws Exception { - - //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum - //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080 - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlInfoboxReadResponse =new String(b,"UTF8"); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element request = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID()); - s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithInfoboxReadResponse.xml","rw"); - s.write(DOMUtils.serializeNode(request).getBytes("UTF-8")); - s.close(); -// Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement(); -// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement(); -// call the service - Element response = caller.verifyXMLSignature(request); - VerifyXMLSignatureResponseParser vParser = new VerifyXMLSignatureResponseParser(response); - VerifyXMLSignatureResponse vData = vParser.parseData(); - VerifyXMLSignatureResponseValidator vValidate = VerifyXMLSignatureResponseValidator.getInstance(); - vValidate.validate(vData, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); - vValidate.validateCertificate(vData,idl); - - // check the result - assertXmlEquals(response, request); - - } - - public void testVerifyXMLSignature2() throws Exception { - // Prüft den 2. Aufruf mit dem CreateXMLSIgnatureResponse als Parameter - //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum - //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080 - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlCreateXMLSignatureResponse = new String(b, "UTF8"); - - CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); -// CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); - - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID()); - // Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement(); -// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement(); - Element result; -/*s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithAuthBlock.xml","rw"); - s.write(DOMUtils.serializeNode(request).getBytes("UTF-8")); - s.close();*/ - // call the service - result = caller.verifyXMLSignature(request); - // check the result - assertEquals("VerifyXMLSignatureResponse", result.getTagName()); - - } - - - public void testParseCreateXMLSignatureResponse() throws Exception { - - //Später soll die Datei direkt vom Server geholt werden... - - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/standard/CreateXMLSignatureResponse.xml", - - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlCreateXMLSignatureResponse = new String(b, "UTF-8"); - - CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); - - } - - public void testParseVerifyXMLSignatureResponse() throws Exception { - - //Später soll die Datei direkt vom Server geholt werden... - - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/standard/VerifyXMLSignaterResponse.xml", - - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlVerifyXMLSignatureResponse = new String(b, "UTF-8"); - - VerifyXMLSignatureResponseParser vXMLsrp = new VerifyXMLSignatureResponseParser(xmlVerifyXMLSignatureResponse); - VerifyXMLSignatureResponse vsr = vXMLsrp.parseData(); - - } - - - } diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java deleted file mode 100644 index 84f5110b0..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java +++ /dev/null @@ -1,29 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.parser; - -import junit.awtui.TestRunner; -import junit.framework.Test; -import junit.framework.TestSuite; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class AllTests { - - public static Test suite() { - TestSuite suite = new TestSuite(); - - suite.addTestSuite(IdentityLinkAssertionParserTest.class); - suite.addTestSuite(SAMLArtifactParserTest.class); - - return suite; - } - - public static void main(String[] args) { - try { - TestRunner.run(AllTests.class); - } catch (Exception e) { - e.printStackTrace(); - } - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java deleted file mode 100644 index 77eb360bc..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java +++ /dev/null @@ -1,137 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.parser; - -import iaik.security.rsa.RSAPublicKey; - -import java.io.FileOutputStream; -import java.io.RandomAccessFile; -import java.security.PublicKey; - -import org.w3c.dom.Document; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.parser.ECDSAKeyValueConverter; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class IdentityLinkAssertionParserTest extends UnitTestCase { - - IdentityLinkAssertionParser ilap; - - public IdentityLinkAssertionParserTest(String name) { - super(name); - } - - public void setUp() { - try { - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/testperson1/InfoboxReadResponse.xml", - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlInfoboxReadResponse = new String(b, "UTF-8"); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); - } - catch (Exception e) { - e.printStackTrace(); - } - } - - public void testParseIdentityLink() throws Exception { - IdentityLink idl = ilap.parseIdentityLink(); - System.out.println(idl.getGivenName()); - System.out.println(idl.getFamilyName()); - System.out.println(idl.getDateOfBirth()); - System.out.println(idl.getIdentificationValue()); - - VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder(); - - // Element zurück bekommen: vx.build(idl.getSamlAssertion()); - - IdentityLinkValidator idVali = IdentityLinkValidator.getInstance(); - idVali.validate(idl); - - } - - public void testParseIdentityLinkECC() throws Exception { - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/IL.ResponseToRequest.01.ECDSA.xml", - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlInfoboxReadResponse = new String(b); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - String SAML = irrp.parseSAMLAssertion(); - ilap = new IdentityLinkAssertionParser(SAML); - IdentityLink idl = ilap.parseIdentityLink(); - System.out.println(idl.getGivenName()); - System.out.println(idl.getFamilyName()); - System.out.println(idl.getDateOfBirth()); - System.out.println(idl.getIdentificationValue()); - - VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder(); - - // Element zurück bekommen: vx.build(idl.getSamlAssertion()); - - IdentityLinkValidator idVali = IdentityLinkValidator.getInstance(); - idVali.validate(idl); - - } - - public void testRSAPublicKeys() throws Exception { - if (ilap.getPublicKeys()[0].getClass().getName().equals("iaik.security.rsa.RSAPublicKey")) - { - - for (int i = 0; i < ilap.getPublicKeys().length; i++) { - RSAPublicKey result = (RSAPublicKey)ilap.getPublicKeys()[i]; - System.out.println("RSA Public Key No" + i); - System.out.println("Modulus: " + result.getModulus()); - System.out.println("Exponent: " + result.getPublicExponent()); - } - - } - } - - public void testECDSAPublicKeys() throws Exception { - - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/ECDSAKeyExample.xml", - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String ecdsaKey = new String(b, "UTF-8"); - Document e = DOMUtils.parseDocument(ecdsaKey,true,Constants.ALL_SCHEMA_LOCATIONS, null); - PublicKey p = ECDSAKeyValueConverter.element2ECDSAPublicKey(e.getDocumentElement()); - - } - - - public void testDsigCertificates() throws Exception { - - String[] result = ilap.getCertificates(); - for (int i = 0; i < result.length; i++) { - - System.out.println("DSIG Certificate Length: " + result[i].length() + " No" + i + "\n" + result[i]); - FileOutputStream raf = new FileOutputStream("data/test/certs/cert" + i + ".cer"); - raf.write(result[i].getBytes()); - raf.flush(); - raf.close(); - } - - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java deleted file mode 100644 index 9a878be2c..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java +++ /dev/null @@ -1,67 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.parser; - -import java.io.RandomAccessFile; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class InfoboxReadResponseParserTest extends UnitTestCase { - - IdentityLinkAssertionParser ilap; - - public InfoboxReadResponseParserTest(String name) { - super(name); - } - - public void setUp() { - } - - public void testParseInfoboxReadResponse() throws Exception { - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/testperson1/InfoboxReadResponse.xml", - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlInfoboxReadResponse = new String(b, "UTF-8"); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); - - IdentityLink idl = ilap.parseIdentityLink(); - System.out.println(idl.getGivenName()); - System.out.println(idl.getFamilyName()); - System.out.println(idl.getDateOfBirth()); - System.out.println(idl.getIdentificationValue()); - - } - - public void testParseInfoboxReadResponseError() throws Exception { - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/ErrorResponse.xml", - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlInfoboxReadResponse = new String(b, "UTF-8"); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); - - IdentityLink idl = ilap.parseIdentityLink(); - System.out.println(idl.getGivenName()); - System.out.println(idl.getFamilyName()); - System.out.println(idl.getDateOfBirth()); - System.out.println(idl.getIdentificationValue()); - - } - - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java deleted file mode 100644 index 992e799bd..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java +++ /dev/null @@ -1,55 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.parser; - -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; -import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; -import at.gv.egovernment.moa.id.util.Random; -import test.at.gv.egovernment.moa.id.UnitTestCase; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLArtifactParserTest extends UnitTestCase { - - private static String URL1 = "http://moa.gv.at/auth"; - private static String URL2 = "https://moa.gv.at/auth"; - - public SAMLArtifactParserTest(String name) { - super(name); - } - - public void testParseTypeCode() throws Exception { - String sessionID = Random.nextRandom(); - String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID); - byte[] typeCode = new SAMLArtifactParser(samlArtifact).parseTypeCode(); - assertEquals(typeCode[0], 0); - assertEquals(typeCode[1], 1); - } - public void testParseAssertionHandleSameSessionID() throws Exception { - // SAML artifacts for different authURL's but same sessionID MUST give same assertion handle - String sessionID = Random.nextRandom(); - String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID); - String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID); - String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); - String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); - assertEquals(assertionHandle1, assertionHandle2); - } - public void testParseAssertionHandleSameURL() throws Exception { - // SAML artifacts for same authURL but different sessionID's MUST give different assertion handles - String sessionID1 = Random.nextRandom(); - String sessionID2 = Random.nextRandom(); - String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1); - String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2); - String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); - String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); - assertFalse(assertionHandle1.equals(assertionHandle2)); - } - public void testParseAssertionHandleSameSAMLArtifact() throws Exception { - // SAML artifact parsed twice MUST give same assertion handle each time - String sessionID = Random.nextRandom(); - String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID); - String assertionHandle1 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); - String assertionHandle2 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); - assertEquals(assertionHandle1, assertionHandle2); - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java deleted file mode 100644 index c78651fdb..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java +++ /dev/null @@ -1,91 +0,0 @@ -package test.at.gv.egovernment.moa.id.auth.servlet; - -import org.w3c.dom.Element; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Test case instantiates GetAuthenticationDataService and calls the Request() method. - * It DOES NOT call the web service via Axis. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetAuthenticationDataServiceTest extends UnitTestCase implements Constants { - - private GetAuthenticationDataService service; - - public GetAuthenticationDataServiceTest(String arg0) { - super(arg0); - } - protected void setUp() throws Exception { - service = new GetAuthenticationDataService(); - } - - public void testService2Requests() throws Exception { - String requestString = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + - "<saml:AssertionIDReference>123</saml:AssertionIDReference>" + - "</samlp:Request>"; - Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - Element response = service.Request(new Element[] {request, request})[0]; - assertStatus(response, "samlp:Requester", "samlp:TooManyResponses"); - } - public void testServiceNoSAMLArtifact() throws Exception { - String requestString = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + - "<saml:AssertionIDReference>123</saml:AssertionIDReference>" + - "</samlp:Request>"; - Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - Element response = service.Request(new Element[] {request})[0]; - assertStatus(response, "samlp:Requester", null); - } - public void testService2SAMLArtifacts() throws Exception { - String requestString = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + - "<samlp:AssertionArtifact>123</samlp:AssertionArtifact>" + - "<samlp:AssertionArtifact>456</samlp:AssertionArtifact>" + - "</samlp:Request>"; - Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - Element response = service.Request(new Element[] {request})[0]; - assertStatus(response, "samlp:Requester", "samlp:TooManyResponses"); - } - public void testServiceWrongFormat() throws Exception { - String requestString = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + - "</samlp:Request>"; - Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - Element response = service.Request(new Element[] {request})[0]; - assertStatus(response, "samlp:Requester", null); - } - public void testServiceWrongSAMLArtifact() throws Exception { - String requestString = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + - "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" + - "</samlp:Request>"; - Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - Element response = service.Request(new Element[] {request})[0]; - assertStatus(response, "samlp:Requester", "samlp:ResourceNotRecognized"); - } - private void assertStatus(Element response, String statusCodeShould, String subStatusCodeShould) throws Exception { - Element statusCodeNode = (Element)XPathUtils.selectSingleNode(response, "//samlp:StatusCode"); - String statusCode = statusCodeNode.getAttribute("Value"); - Element subStatusCodeNode = (Element)XPathUtils.selectSingleNode(statusCodeNode, "//samlp:StatusCode/samlp:StatusCode"); - String subStatusCode = subStatusCodeNode == null ? null : subStatusCodeNode.getAttribute("Value"); - System.out.println(statusCode + subStatusCode); - assertEquals(statusCodeShould, statusCode); - assertEquals(subStatusCodeShould, subStatusCode); - } - - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java deleted file mode 100644 index 7935c5179..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java +++ /dev/null @@ -1,112 +0,0 @@ -package test.at.gv.egovernment.moa.id.config.auth; - -import java.util.Map; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; - -/** - * @author Stefan Knirsch - * @version $Id$ - */ -public class MOAIDAuthConfigurationProviderTest extends UnitTestCase { - private AuthConfigurationProvider provider; - - /** - * Constructor for MOAAuthConfigTest. - * @param name - */ - public MOAIDAuthConfigurationProviderTest(String name) { - super(name); - } - - protected void setUp() throws Exception { - - provider = - new AuthConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml"); - - } - public void testGetTransformsInfoFileNames() { - String[] transformsInfoFileNames; - transformsInfoFileNames = provider.getTransformsInfoFileNames(); -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// System.out.println( -// "getTransformsInfoFileNames: " + transformsInfoFileNames[i]); - assertEquals(transformsInfoFileNames[0],"http://StringsecLayerTranformsInfo1"); - assertEquals(transformsInfoFileNames[1],"http://StringsecLayerTranformsInfo2"); -// } - - } - - public void testGetMOASPConnectionParameters() { - ConnectionParameter cp; - cp = provider.getMoaSpConnectionParameter(); - assertEquals(cp.getUrl(),"MOA-SP-URL"); - assertEquals(cp.getAcceptedServerCertificates(),"http://AcceptedServerCertificates"); - assertEquals(cp.getClientKeyStorePassword(),"Keystore Pass"); - assertEquals(cp.getClientKeyStore(),"URLtoClientKeystoreAUTH"); -/* System.out.println(); - System.out.println("getMoaSpConnectionParameter :" + cp.getUrl()); - System.out.println( - "getMoaSpConnectionParameter :" + cp.getAcceptedServerCertificates()); - System.out.println( - "getMoaSpConnectionParameter :" + cp.getClientKeyStorePassword()); - System.out.println( - "getMoaSpConnectionParameter :" + cp.getClientKeyStore());*/ - } - public void testGetMoaSpIdentityLinkTrustProfileID() { - - assertEquals(provider.getMoaSpIdentityLinkTrustProfileID(),"StringVerifyIdentiyLinkTrustID"); - - } - public void testGetMoaSpAuthBlockTrustProfileID() { - assertEquals(provider.getMoaSpAuthBlockTrustProfileID(),"StringVerifyAuthBlockTransformID"); - } - - public void testGetMoaSpAuthBlockVerifyTransformsInfoIDs() { - String[] result = provider.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - assertEquals(result[0],"StringVerifyTransformsInfoID1"); - assertEquals(result[1],"StringVerifyTransformsInfoID2"); - - } - - public void testGetOnlineApplicationAuthParameter() { - OAAuthParameter[] result = provider.getOnlineApplicationParameters(); - - assertEquals(result[0].getPublicURLPrefix(),"StringOALoginURL"); - assertEquals(result[0].getProvideZMRZahl(),false); - assertEquals(result[0].getProvideAuthBlock(),false); - assertEquals(result[0].getProvideIdentityLink(),false); - - assertEquals(result[1].getPublicURLPrefix(),"StringOALoginURL2"); - assertEquals(result[1].getProvideZMRZahl(),true); - assertEquals(result[1].getProvideAuthBlock(),true); - assertEquals(result[1].getProvideIdentityLink(),true); - - -/* for (int i = 0; i < result.length; i++) { - System.out.println(); - System.out.println("getOnlineApplicationParameters Url: " + result[i].getUrl()); - System.out.println("getOnlineApplicationParameters ProvideZMRZahl: " + result[i].getProvideZMRZahl()); - System.out.println("getOnlineApplicationParameters ProvideAuthBlock: " + result[i].getProvideAuthBlock()); - System.out.println("getOnlineApplicationParameters ProvideIdentityLink: " + result[i].getProvideIdentityLink()); - }*/ - } - - public void testGetGenericConfiguration() { - Map result = provider.getGenericConfiguration(); - assertEquals(result.containsKey("Generic Name 1"),true); - assertEquals(result.containsKey("Generic Name 2"),true); - assertEquals(result.get("Generic Name 1"),"Value1"); - assertEquals(result.get("Generic Name 2"),"Value2"); - /* for (Iterator iter = result.keySet().iterator(); iter.hasNext();) { - String element = (String) iter.next(); - System.out.println("getGenericConfiguration Key:" + element); - System.out.println("getGenericConfiguration Value:" + result.get(element)); - }*/ - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java deleted file mode 100644 index 12eddf8c3..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java +++ /dev/null @@ -1,127 +0,0 @@ -package test.at.gv.egovernment.moa.id.config.proxy; - -import java.util.Map; - -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - - - -/** - * @author Stefan Knirsch - * @version $Id$ - */ -public class MOAIDProxyConfigurationProviderTest extends UnitTestCase { - private ProxyConfigurationProvider provider; - - /** - * Constructor for MOAProxyConfigTest. - * @param name - */ - public MOAIDProxyConfigurationProviderTest(String name) { - super(name); - } - - protected void setUp() throws Exception { - - provider = -// new ProxyConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml"); - new ProxyConfigurationProvider("data/deploy/conf/moa-id/ConfigurationTest.xml"); - } - public void testGetAuthComponentConnectionParameter() - { - ConnectionParameter cp; - cp = provider.getAuthComponentConnectionParameter(); - assertEquals(cp.getUrl(),"AuthComponentURL"); - assertEquals( cp.getAcceptedServerCertificates(),"http://www.altova.com"); - assertEquals(cp.getClientKeyStorePassword(),"String"); - assertEquals(cp.getClientKeyStore(),"http://www.altova.com"); - /* System.out.println(); - System.out.println("getProxyComponentConnectionParameter :" + cp.getUrl()); - System.out.println( - "getProxyComponentConnectionParameter :" + cp.getAcceptedServerCertificates()); - System.out.println( - "getProxyComponentConnectionParameter :" + cp.getClientKeyStorePassword()); - System.out.println( - "getProxyComponentConnectionParameter :" + cp.getClientKeyStore());*/ -} - - public void testGetOAProxyParameter() { - OAProxyParameter[] result = provider.getOnlineApplicationParameters(); - - assertEquals("http://localhost:9080/", result[0].getPublicURLPrefix()); - assertEquals("file:data/test/conf/OAConfParamAuth.xml", result[0].getConfigFileURL()); - assertEquals(10, result[0].getSessionTimeOut()); - assertEquals("StringloginParameterResolverImpl1", result[0].getLoginParameterResolverImpl()); - assertEquals("StringconnectionBuilderImpl1", result[0].getConnectionBuilderImpl()); - - assertEquals("ProxyComponentURL", result[0].getConnectionParameter().getUrl()); - assertEquals("url:AcceptedServerCertificates", result[0].getConnectionParameter().getAcceptedServerCertificates()); - assertEquals("URL:toClientKeystoreOA", result[0].getConnectionParameter().getClientKeyStore()); - assertEquals("ClientKeystoreOAPAss", result[0].getConnectionParameter().getClientKeyStorePassword()); - - assertEquals("StringOALoginURL2", result[1].getPublicURLPrefix()); - assertEquals("file:data/test/conf/OAConfHeaderAuth.xml", result[1].getConfigFileURL()); - assertEquals(20, result[1].getSessionTimeOut()); - assertEquals("StringloginParameterResolverImpl2",result[1].getLoginParameterResolverImpl()); - assertEquals("StringconnectionBuilderImpl2", result[1].getConnectionBuilderImpl()); - - assertEquals("ProxyComponentURL2", result[1].getConnectionParameter().getUrl()); - assertEquals("url:AcceptedServerCertificates2", result[1].getConnectionParameter().getAcceptedServerCertificates()); - assertEquals("URL:toClientKeystoreOA2", result[1].getConnectionParameter().getClientKeyStore()); - assertEquals("ClientKeystoreOAPAss2", result[1].getConnectionParameter().getClientKeyStorePassword()); - - assertEquals("StringOALoginURL3", result[2].getPublicURLPrefix()); - assertEquals("file:data/test/conf/OAConfBasicAuth.xml", result[2].getConfigFileURL()); - assertEquals(20, result[2].getSessionTimeOut()); - assertEquals("StringloginParameterResolverImpl3",result[2].getLoginParameterResolverImpl()); - assertEquals("StringconnectionBuilderImpl3", result[2].getConnectionBuilderImpl()); - - assertEquals("ProxyComponentURL3", result[2].getConnectionParameter().getUrl()); - assertEquals("url:AcceptedServerCertificates3", result[2].getConnectionParameter().getAcceptedServerCertificates()); - assertEquals("URL:toClientKeystoreOA3", result[2].getConnectionParameter().getClientKeyStore()); - assertEquals("ClientKeystoreOAPAss3", result[2].getConnectionParameter().getClientKeyStorePassword()); - } - - public void testGetGenericConfiguration() { - Map result = provider.getGenericConfiguration(); - assertEquals(true, result.containsKey("authenticationSessionTimeOut")); - assertEquals(true, result.containsKey("authenticationDataTimeOut")); - assertEquals("600", result.get("authenticationSessionTimeOut")); - assertEquals("120", result.get("authenticationDataTimeOut")); - } - - public void testOAConfigurationProvider() throws Exception - { - OAProxyParameter[] result = provider.getOnlineApplicationParameters(); - // für jeden Parameter müsste theoretisch bereits ein Provider instanziiert worden sein, - // aus diesem Grund braucht man NICHT mehr die File-URL anzugeben, PublicURLPrefix reicht - - // sollte ParamAuth sein - OAConfiguration oac1 = result[0].getOaConfiguration(); - assertEquals(OAConfiguration.PARAM_AUTH, oac1.getAuthType()); - assertEquals("MOADateOfBirth", oac1.getParamAuthMapping().get("Param1")); - assertEquals("MOAVPK", oac1.getParamAuthMapping().get("Param2")); - // sollte HeaderAuth sein - OAConfiguration oac2 = result[1].getOaConfiguration(); - assertEquals(OAConfiguration.HEADER_AUTH, oac2.getAuthType()); - assertEquals("MOAPublicAuthority", oac2.getHeaderAuthMapping().get("Param1")); - assertEquals("MOABKZ", oac2.getHeaderAuthMapping().get("Param2")); - assertEquals("MOAQualifiedCertificate", oac2.getHeaderAuthMapping().get("Param3")); - assertEquals("MOAZMRZahl", oac2.getHeaderAuthMapping().get("Param4")); - assertEquals("MOAIPAddress", oac2.getHeaderAuthMapping().get("Param5")); - - // sollte BasicAuth sein - OAConfiguration oac3 = result[2].getOaConfiguration(); - assertEquals(OAConfiguration.BASIC_AUTH, oac3.getAuthType()); - assertEquals("MOAGivenName", oac3.getBasicAuthUserIDMapping()); - assertEquals("MOAFamilyName", oac3.getBasicAuthPasswordMapping()); - //Fehlerfall: - - - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java deleted file mode 100644 index 2dd6cd35e..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java +++ /dev/null @@ -1,31 +0,0 @@ -package test.at.gv.egovernment.moa.id.proxy; - -import test.at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilderTest; -import test.at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParserTest; -import junit.awtui.TestRunner; -import junit.framework.Test; -import junit.framework.TestSuite; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class AllTests { - - public static Test suite() { - TestSuite suite = new TestSuite(); - - suite.addTestSuite(SAMLRequestBuilderTest.class); - suite.addTestSuite(SAMLResponseParserTest.class); - - return suite; - } - - public static void main(String[] args) { - try { - TestRunner.run(AllTests.class); - } catch (Exception e) { - e.printStackTrace(); - } - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java deleted file mode 100644 index aec14ce1c..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java +++ /dev/null @@ -1,462 +0,0 @@ -package test.at.gv.egovernment.moa.id.proxy.builder; - -import java.io.PrintStream; -import java.util.ArrayList; - -import org.w3c.dom.Element; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.w3c.dom.Text; - -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * @author Administrator - * - * To change this generated comment edit the template variable "typecomment": - * Window>Preferences>Java>Templates. - * To enable and disable the creation of type comments go to - * Window>Preferences>Java>Code Generation. - */ -public class DOMTreeCompare { - - boolean debug = true; - - private static PrintStream Log = null; - - static - { - Log = System.out; - } - - public boolean compareElements(Element root1, Element root2) - { - //Log.println("----- Compare Elements:"+root1.getNodeName()+" "+root2.getNodeName()); - filterTree(root1); - filterTree(root2); - return compareNodes(root1,root2,0,"root/",false); - } - - private boolean compareNodes(Node n1, Node n2, int level,String path,boolean attribute) - { - /*try { - Log.println(DOMUtils.serializeNode(n1)); - } - catch(Exception e) - { - e.printStackTrace(); - }*/ - boolean equal = false; - //Log.println("----- Compare Node "+level+":"+n1+" "+n2); - //Log.println("----- Compare Node "+level+":"+n1.getNodeName()+" "+n2.getNodeName()); - //Log.println("----- Checking:"+path+getPathString(n1)); - NodeList nl1 = n1.getChildNodes(); - NodeList nl2 = n2.getChildNodes(); - - int size1 = nl1.getLength(); - int size2 = nl2.getLength(); - - if(debug)display_one(n1); - if(debug)display_one(n2); - - - if(debug) - if(n1.getNodeName().equals("Base64Content") && n2.getNodeName().equals("Base64Content")) - { - try { - Log.println("CONT:"+new String(Base64Utils.decode(strip(n1.getChildNodes().item(0).getNodeValue()),false))); - Log.println("CONT:"+new String(Base64Utils.decode(strip(n2.getChildNodes().item(0).getNodeValue()),false))); - } - catch(Exception e) - { - e.printStackTrace(); - } - } - - if(size1 != size2) - { - Log.println("----- Anzahl der Kinder nicht gleich:"+path+getPathString(n1)+":"+getPathString(n2)); - return false; - } - - equal = compareNodeExact(n1,n2,level,path+getPathString(n1)+"/"); - if(!equal) - { - Log.println("----- Knoten sind nicht identisch:"+path+getPathString(n1)); - return false; - } - - if(n1.hasAttributes() || n2.hasAttributes()) - { - equal = compareNodeAttriubtes(n1,n2,level+1,path+getPathString(n1)+"/(a)"); - if(!equal) - { - Log.println("----- Attribute stimmen nicht überein:"+path+getPathString(n1)); - return false; - } - } - if(size1==0) - { - return true; - } - - for(int counter=0;counter<size1;counter++) - { - boolean found = false; - Node comp_n1 = nl1.item(counter); - - //if(comp_n1==null) return false; - - Node comp_n2 = null; - size2 = nl2.getLength(); - for(int counter2=0;counter2<size2;counter2++) - { - comp_n2 = nl2.item(counter2); - - /*equal = compareNodeExact(comp_n1,comp_n2,level+1); - if(equal) return false;*/ - //Log.println("COMP_N1:"+comp_n1); - //Log.println("COMP_N2:"+comp_n2); - equal = compareNodes(comp_n1,comp_n2,level+1,path+getPathString(comp_n1)+"/",false); - if(equal) - { - n2.removeChild(comp_n2); - counter2=size2; - nl2 = n2.getChildNodes(); - size2 = nl2.getLength(); - } - - } - - if(!equal) - { - Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(comp_n1)); - return false; - } - } - return true; - } - - private boolean compareNodeExact(Node n1,Node n2,int level,String path) - { - if(n1.getNodeType() == Node.TEXT_NODE) - { - Text textnode = (Text)n1; - /*Log.println("----- *****"+textnode.getNodeName()); - Log.println("----- *****"+textnode.getParentNode().getNodeName()); - Log.println("----- *****"+textnode.getNodeValue());*/ - } - - //Log.println("----- Checking:"+path); - String n1_name = n1.getNodeName(); - String n2_name = n2.getNodeName(); - /*Log.println("----- !!!!!"+n1.getNodeName()); - Log.println("----- !!!!!"+n1.getNodeValue()); - Log.println("----- !!!!!"+n1.getLocalName()); - Log.println("----- !!!!!"+n1.getPrefix()); - Log.println("----- !!!!!"+n1.getNextSibling()); - Log.println("----- !!!!!"+n1.getPreviousSibling());*/ - - //Log.println("----- Compare Node "+level+":"+n1_name+" "+n2_name); - if(!((n1_name==null && n2_name==null) || - (n1_name!=null && n2_name!=null && n1_name.equals(n2_name)))) - { - Log.println("----- Name stimmt nicht überein:"+path); - return false; - } - - //Log.println("----- Compare Node "+level+":"+n1.getNodeType()+" "+n2.getNodeType()); - if(n1.getNodeType() != n2.getNodeType()) - { - Log.println("----- Knotentyp stimmt nicht überein:"+path); - return false; - } - - String n1_ns = n1.getPrefix(); - String n2_ns = n2.getPrefix(); - //Log.println("----- Compare Node "+level+":"+n1_ns+" "+n2_ns); - if(!((n1_ns==null && n2_ns==null) || - (n1_ns!=null && n2_ns!=null && n1_ns.equals(n2_ns)))) - { - Log.println("----- NameSpace stimmt nicht überein:"+path); - return false; - } - - String n1_value = n1.getNodeValue(); - String n2_value = n2.getNodeValue(); - - boolean special = false; - special = specialValues(n1_value,n2_value,path); - if(special) return true; - - //Log.println("----- Compare Node "+level+":"+n1_value+" "+n2_value); - if(!((n1_value==null && n2_value==null) || - (n1_value!=null && n2_value!=null && n1_value.equals(n2_value)))) - { - Log.println("----- Wert stimmt nicht überein:"+path); - Log.println("----- Value1:\n"+n1_value); - Log.println("----- Value2:\n"+n2_value); - return false; - } - - - return true; - } - - private boolean compareNodeAttriubtesWithoutSize(Node n1, Node n2, int level,String path) - { - return true; - } - - private boolean compareNodeAttriubtes(Node n1, Node n2, int level,String path) - { - //Log.println("----- Compare NodeAttributes "+level+":"+n1.getNodeName()+" "+n2.getNodeName()); - Element n1elem = (Element)n1; - Element n2elem = (Element)n2; - - NamedNodeMap nnm1 = n1.getAttributes(); - NamedNodeMap nnm2 = n2.getAttributes(); - - int size1 = 0; - int size2 = 0; - - boolean specialattrs = specialAttributesSize(path); - - if(!specialattrs) - { - - if(nnm1==null && nnm2==null) return true; - if(nnm1==null || nnm2==null) - { - Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1)); - return false; - } - size1 = nnm1.getLength(); - size2 = nnm2.getLength(); - - if(size1 != size2) - { - Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1)); - return false; - } - - } - else - { - return compareNodeAttriubtesWithoutSize(n1,n2,level,path); - } - - for(int counter=0;counter<size1;counter++) - { - Node attribute_node1 = nnm1.item(counter); - Node attribute_node2 = nnm2.item(counter); - - String attr1_name = attribute_node1.getNodeName(); - String attr2_name = attribute_node2.getNodeName(); - - String value1 = n1elem.getAttribute(attr1_name); - String value2 = n2elem.getAttribute(attr2_name); - - boolean special = false; - - special = specialAttributes(path,attr1_name,value1,attr2_name,value2); - if(special) - { - return special; - } - - if(!value1.equals(value2)) - { - Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(n1)); - return false; - } - } - - return true; - } - - private boolean checkNode(Node base,String name) - { - if(base.getNodeName().equals(name)) - { - return true; - } - - NodeList children = base.getChildNodes(); - int size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - boolean found = checkNode(children.item(counter),name); - if(found) return true; - } - return false; - } - - private void display_one(Node base) - { - int att_size=0; - if(base.getAttributes()!=null) - { - att_size=base.getAttributes().getLength(); - } - if(base.getNodeName().equals("#text")) - Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")"); - else - Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size); - } - - private void display(Node base) - { - display(base,1); - } - - private void display(Node base,int level) - { - String spacer = ""; - for(int counter=0;counter<level;counter++) - { - spacer+=" "; - } - - int att_size=0; - if(base.getAttributes()!=null) - { - att_size=base.getAttributes().getLength(); - } - if(base.getNodeName().equals("#text")) - Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")"); - else - Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size); - - NodeList children = base.getChildNodes(); - int size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - display(children.item(counter),level+1); - } - } - - private void filterTree(Node base) - { - ArrayList removeList = new ArrayList(); - - NodeList children = base.getChildNodes(); - int size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - Node child1 = children.item(counter); - if(child1.getNodeType() == Node.TEXT_NODE && child1.getNodeValue().trim().equals("")) - { - removeList.add(child1); - } - } - - size = removeList.size(); - for(int counter=0;counter<size;counter++) - { - base.removeChild((Node)removeList.get(counter)); - } - - children = base.getChildNodes(); - size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - filterTree(children.item(counter)); - } - - } - - private String getPathString(Node n) - { - if(n.getNodeType()==Node.TEXT_NODE) - { - return n.getParentNode().getNodeName()+"(text)"; - } - else - { - return n.getNodeName(); - } - - } - - public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) - { - //if(value1.startsWith("reference-") && value2.startsWith("reference-")) return true; - //if(value1.startsWith("signature-") && value2.startsWith("signature-")) return true; - - return false; - } - - public boolean specialAttributesSize(String path) - { - //if(path.endsWith("/xsl:template/(a)")) return true; - return false; - } - - public boolean specialValues(String value1,String value2,String path) - { - - //Log.println(path); - /*if(ignoreSignatureValue) - { - if(path.endsWith("/dsig:SignatureValue(text)/")) - { - return true; - } - } - else - { - if(path.endsWith("/dsig:SignatureValue(text)/")) - { - String stripped_1 = strip(value1); - String stripped_2 = strip(value2); - return stripped_1.equals(stripped_2); - } - }*/ - - return false; - } - - private String strip(String input) - { - String output = replaceStringAll(input," ",""); - output = replaceStringAll(output,"\n",""); - output = replaceStringAll(output,"\r",""); - return output; - } - - private static String replaceStringAll( - String input, - String oldPart, - String newPart) - { - - String erg = null; - - int pos = input.indexOf(oldPart); - if(pos==-1) return input; - - while(true) - { - - //First Part - pos = input.indexOf(oldPart); - if(pos==-1) break; - erg = input.substring(0, pos); - - //Insert new Part - erg += newPart; - - //insert REST - erg - += input.substring( - input.indexOf(oldPart) + oldPart.length(), - input.length()); - - input = erg; - } - return erg; - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java deleted file mode 100644 index b6eda3c39..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java +++ /dev/null @@ -1,32 +0,0 @@ -package test.at.gv.egovernment.moa.id.proxy.builder; - -import org.w3c.dom.Element; - -import test.at.gv.egovernment.moa.id.UnitTestCase; -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.util.DOMUtils; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLRequestBuilderTest extends UnitTestCase { - - public SAMLRequestBuilderTest(String arg0) { - super(arg0); - } - - public void testBuild() throws Exception { - String requestID = "123"; - String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890"); - String REQUEST_SHOULD = "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" + - requestID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"IGNORE\">" + - "<samlp:AssertionArtifact>" + samlArtifact + "</samlp:AssertionArtifact>" + - "</samlp:Request>"; - Element request = new SAMLRequestBuilder().build(requestID, samlArtifact); - Element requestShould = DOMUtils.parseDocument(REQUEST_SHOULD, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - assertTrue(new SAMLRequestCompare().compareElements(requestShould, request)); - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java deleted file mode 100644 index 5685129a1..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java +++ /dev/null @@ -1,19 +0,0 @@ -package test.at.gv.egovernment.moa.id.proxy.builder; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLRequestCompare extends test.at.gv.egovernment.moa.id.proxy.builder.DOMTreeCompare { - - - /* - * @see at.gv.egovernment.moa.util.SAMLRequestCompare#specialAttributes(java.lang.String, java.lang.String) - */ - public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) { - if(attr1_name.equals("IssueInstant")) - return true; - return false; - } - -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java deleted file mode 100644 index 39e7240d1..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java +++ /dev/null @@ -1,180 +0,0 @@ -package test.at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseParserTest extends UnitTestCase { - - public SAMLResponseParserTest(String arg0) { - super(arg0); - } - - public void testParse() throws Exception { - String samlResponse = - "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + - "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" + - " ResponseID=\"\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-03-29T06:00:00+02:00\">" + - "<samlp:Status>" + - "<samlp:StatusCode Value=\"samlp:Success\"><samlp:StatusCode Value=\"samlp:Success\"></samlp:StatusCode></samlp:StatusCode>" + - "<samlp:StatusMessage>Ollas leiwand</samlp:StatusMessage>" + - "</samlp:Status>" + -"<saml:Assertion xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"-4633313027464114584\" Issuer=\"http://localhost:8080/moa-id-auth/\" IssueInstant=\"2003-04-02T14:55:42+02:00\">" + - "<saml:AttributeStatement>" + - "<saml:Subject>" + - "<saml:NameIdentifier NameQualifier=\"http://reference.e-government.gv.at/names/vpk/20020221#\">MTk2OC0xMC0yMmdi</saml:NameIdentifier>" + - "<saml:SubjectConfirmation>" + - "<saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>" + - "<saml:SubjectConfirmationData>" + - "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"any\" Issuer=\"Hermann Muster\" IssueInstant=\"2003-04-02T14:55:27+02:00\">" + - "<saml:AttributeStatement>" + - "<saml:Subject>" + - "<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>" + - "</saml:Subject>" + - "<saml:Attribute AttributeName=\"Geschäftsbereich\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + - "<saml:AttributeValue>gb</saml:AttributeValue>" + - "</saml:Attribute>" + - "<saml:Attribute AttributeName=\"OA\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + - "<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>" + - "</saml:Attribute>" + - "</saml:AttributeStatement>" + - "</saml:Assertion>" + - "<saml:Assertion AssertionID=\"zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474\" IssueInstant=\"2003-02-12T20:28:34.474\" Issuer=\"http://zmr.bmi.gv.at/zmra/names#Issuer\" MajorVersion=\"1\" MinorVersion=\"0\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" + - "<saml:AttributeStatement>" + - "<saml:Subject>" + - "<saml:SubjectConfirmation>" + - "<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>" + - "<saml:SubjectConfirmationData>" + - "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" + - "<pr:Identification>" + - "<pr:Value>123456789012</pr:Value>" + - "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" + - "</pr:Identification>" + - "<pr:Name>" + - "<pr:GivenName>Hermann</pr:GivenName>" + - "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" + - "</pr:Name>" + - "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" + - "</pr:Person>" + - "</saml:SubjectConfirmationData>" + - "</saml:SubjectConfirmation>" + - "</saml:Subject>" + - "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" + - "<saml:AttributeValue>" + - "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + - "<dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>" + - "<dsig:Exponent>AQAB</dsig:Exponent>" + - "</dsig:RSAKeyValue>" + - "</saml:AttributeValue>" + - "</saml:Attribute>" + - "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" + - "<saml:AttributeValue>" + - "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + - "<dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>" + - "<dsig:Exponent>AQAB</dsig:Exponent>" + - "</dsig:RSAKeyValue>" + - "</saml:AttributeValue>" + - "</saml:Attribute>" + - "</saml:AttributeStatement>" + - "<dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + - "<dsig:SignedInfo>" + - "<dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" + - "<dsig:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" + - "<dsig:Reference URI=\"\">" + - "<dsig:Transforms>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" + - "<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>" + - "</dsig:Transform>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" + - "</dsig:Transforms>" + - "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + - "<dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>" + - "</dsig:Reference>" + - "<dsig:Reference Type=\"http://www.w3.org/2000/09/xmldsig#Manifest\" URI=\"\">" + - "<dsig:Transforms>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" + - "<dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>" + - "</dsig:Transform>" + - "</dsig:Transforms>" + - "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + - "<dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>" + - "</dsig:Reference>" + - "</dsig:SignedInfo>" + - "<dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>" + - "<dsig:KeyInfo>" + - "<dsig:X509Data>" + - "<dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>" + - "<dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>" + - "<dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>" + - "</dsig:X509Data>" + - "</dsig:KeyInfo>" + - "<dsig:Object>" + - "<dsig:Manifest>" + - "<dsig:Reference URI=\"\">" + - "<dsig:Transforms>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" + - "</dsig:Transforms>" + - "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + - "<dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>" + - "</dsig:Reference>" + - "</dsig:Manifest>" + - "</dsig:Object>" + - "</dsig:Signature>" + - "</saml:Assertion>" + - "</saml:SubjectConfirmationData>" + - "</saml:SubjectConfirmation>" + - "</saml:Subject>" + - "<saml:Attribute AttributeName=\"PersonData\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\">" + - "<saml:AttributeValue>" + - "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" + - "<pr:Identification>" + - "<pr:Value>123456789012</pr:Value>" + - "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" + - "</pr:Identification>" + - "<pr:Name>" + - "<pr:GivenName>Hermann</pr:GivenName>" + - "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" + - "</pr:Name>" + - "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" + - "</pr:Person>" + - "</saml:AttributeValue>" + - "</saml:Attribute>" + - "<saml:Attribute AttributeName=\"isQualifiedCertificate\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + - "<saml:AttributeValue>true</saml:AttributeValue>" + - "</saml:Attribute>" + - "</saml:AttributeStatement>" + -"</saml:Assertion>" + - "</samlp:Response>"; - - Element samlResponseElem = - DOMUtils.parseDocument(samlResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - SAMLResponseParser parser = new SAMLResponseParser(samlResponseElem); - SAMLStatus status = parser.parseStatusCode(); - assertEquals("samlp:Success", status.getStatusCode()); - assertEquals("samlp:Success", status.getSubStatusCode()); - assertEquals("Ollas leiwand", status.getStatusMessage()); - AuthenticationData authData = parser.parseAuthenticationData(); - assertEquals(1, authData.getMajorVersion()); - assertEquals(0, authData.getMinorVersion()); - assertEquals("-4633313027464114584", authData.getAssertionID()); - assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer()); - assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant()); - assertEquals("123456789012", authData.getIdentificationValue()); - assertEquals("MTk2OC0xMC0yMmdi", authData.getVPK()); - assertEquals("Hermann", authData.getGivenName()); - assertEquals("Muster", authData.getFamilyName()); - assertEquals("1968-10-22", authData.getDateOfBirth()); - assertTrue(authData.isQualifiedCertificate()); - assertFalse(authData.isPublicAuthority()); - } -} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java b/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java deleted file mode 100644 index 351ca0bd5..000000000 --- a/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java +++ /dev/null @@ -1,92 +0,0 @@ -package test.at.gv.egovernment.moa.id.util; - -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.net.URL; -import java.security.Security; - -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSocketFactory; - -import com.sun.net.ssl.HttpsURLConnection; - -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; -import at.gv.egovernment.moa.id.util.SSLUtils; -import test.at.gv.egovernment.moa.id.UnitTestCase; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtilsTest extends UnitTestCase { - - public SSLUtilsTest(String name) { - super(name); - } - - protected void setUp() throws Exception { - //System.setProperty("javax.net.debug", "all"); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - IAIKX509TrustManager.initLog(new LoggerConfigImpl("file:" + TESTDATA_ROOT + "conf/log4j.properties")); - System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5"); - } - - public void testVerisignOK() throws Exception { - doTestOA("conf/ConfigurationTest.xml", "http://verisign.moa.gv.at/", true, null); - } - public void testATrustOK() throws Exception { - doTestOA("conf/ConfigurationTest.xml", "http://a-trust.moa.gv.at/", true, null); - } - public void testBaltimoreOK() throws Exception { - doTestOA("conf/ConfigurationTest.xml", "http://baltimore.moa.gv.at/", true, null); - } - public void testCIOOK() throws Exception { - doTestOA("conf/ConfigurationTest.xml", "http://cio.moa.gv.at/", true, null); - } - public void testMOASPOK() throws Exception { - System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, - TESTDATA_ROOT + "conf/ConfigurationTest.xml"); - ConnectionParameter connParam = AuthConfigurationProvider.getInstance().getMoaSpConnectionParameter(); - doTest(connParam, true, null); - } - private void doTestOA(String configFile, String publicURLPrefix, boolean shouldOK, String exMessageFragment) throws Exception { - System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, - TESTDATA_ROOT + configFile); - ProxyConfigurationProvider proxyConf = - ProxyConfigurationProvider.getInstance(); - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix); - ConnectionParameter connParam = oaParam.getConnectionParameter(); - doTest(connParam, shouldOK, exMessageFragment); - } - private void doTest(ConnectionParameter connParam, boolean shouldOK, String exMessageFragment) throws Exception { - SSLUtils.initialize(); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, connParam); - URL url = new URL(connParam.getUrl()); - HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); - conn.setRequestMethod("GET"); - conn.setDoInput(true); - conn.setDoOutput(true); - conn.setUseCaches(false); - conn.setAllowUserInteraction(false); - conn.setSSLSocketFactory(ssf); - try { - conn.connect(); - assertTrue(shouldOK); - assertEquals(200, conn.getResponseCode()); - conn.disconnect(); - } - catch (SSLException ex) { - ex.printStackTrace(); - assertFalse(shouldOK); - assertTrue(ex.getMessage().indexOf(exMessageFragment) >= 0); - } - } - -} diff --git a/id.server/src/test/lasttest/Dispatcher.java b/id.server/src/test/lasttest/Dispatcher.java deleted file mode 100644 index ad8f10fb4..000000000 --- a/id.server/src/test/lasttest/Dispatcher.java +++ /dev/null @@ -1,64 +0,0 @@ -package test.lasttest; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Dispatcher extends Thread { - private LasttestClient parent = null; - private int max; - private int turns; - private int turn_counter; - private int turn; - private int time; - private long sum; - private int turnnum; - - public Dispatcher(LasttestClient parent, int max, int turns, int time, long sum) { - this.parent = parent; - this.max = max; - this.turns = turns; - this.time = time; - this.sum = sum; - turnnum=0; - } - - public void run() { - this.setPriority(Thread.NORM_PRIORITY + 1); - System.out.println("Dispatcher wird gestartet..."); - TestThread[] old_reqs = buildRequests(0); - for (turn_counter = 0; turns == 0 ? true : (turn_counter < turns); turn_counter++) { - try { -// LasttestClient.Log.write(("Starte Durchlauf " + turn_counter + "\n").getBytes()); - } - catch (Exception e) {} - -// System.out.println("Starte Durchlauf " + turn_counter); - turn = turn_counter; - if (turns == 0) - turn_counter--; - TestThread[] reqs = buildRequests(turn_counter); - for (int counter = 0; counter < max; counter++) { - old_reqs[counter].start(); - } - old_reqs = reqs; - try { - Thread.sleep(time); - } - catch (Exception e) { - e.printStackTrace(); - } - } - parent.stop = true; - } - - public TestThread[] buildRequests(int turnNo) { - TestThread[] ret = new TestThread[max]; - for (int counter = 0; counter < max; counter++) { -// turnnum ++; - ret[counter] = new TestThread(parent, turnNo); - } - return ret; - } -} diff --git a/id.server/src/test/lasttest/HostnameVerifierHack.java b/id.server/src/test/lasttest/HostnameVerifierHack.java deleted file mode 100644 index cf34b621a..000000000 --- a/id.server/src/test/lasttest/HostnameVerifierHack.java +++ /dev/null @@ -1,13 +0,0 @@ -package test.lasttest; - -import com.sun.net.ssl.HostnameVerifier; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class HostnameVerifierHack implements HostnameVerifier{ - public boolean verify(String arg0, String arg1) { - return true; - }} diff --git a/id.server/src/test/lasttest/LasttestClient.java b/id.server/src/test/lasttest/LasttestClient.java deleted file mode 100644 index bad5161ba..000000000 --- a/id.server/src/test/lasttest/LasttestClient.java +++ /dev/null @@ -1,218 +0,0 @@ -package test.lasttest; - -import java.io.FileOutputStream; -import java.io.OutputStream; -import java.io.PrintStream; -import java.security.Security; -import java.util.Date; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.URLDecoder; -import at.gv.egovernment.moa.util.URLEncoder; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * @author Sven - * - * To change this generated comment edit the template variable "typecomment": - * Window>Preferences>Java>Templates. - * To enable and disable the creation of type comments go to - * Window>Preferences>Java>Code Generation. - * - * Aufruf: Requestdatei (==null), ServerURL, Anzahl der Requests pro Sekunde, Anzahl der Wiederholungen - * z.b. "data/CX0/TestGeneratorCX0.001.Req.xml" "http://127.0.0.1:8080/" 5 100 - * - * ==> GEÄNDERT: ersten 2 Parameter gekillt... nur noch 5 100 - */ -public class LasttestClient { - - protected static final String TESTDATA_ROOT = "data/abnahme-test/"; - protected static final String MOA_AUTH_SERVER = "https://localhost:8443/moa-id-auth/"; - protected AuthenticationServer server; - - public int max_thread_count = 300; - public int thread_counter = 0; - public int error_count = 0; - public int turns = 0; - public long sum = 0; - public long max = 0; - public long min = Long.MAX_VALUE; - - public static PrintStream Log = null; - - public boolean stop = false; - - public static final String trustStore = "javax.net.ssl.trustStore"; - public static final String trustStorePassword = "javax.net.ssl.trustStorePassword"; - public static final String handler = "java.protocol.handler.pkgs"; - - public void startTest(int req_per_second, int turns, int time) throws Exception { - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore"); - System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); - - System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, TESTDATA_ROOT + "xmldata/L000/Configuration.xml"); - - AuthConfigurationProvider.reload(); - - this.turns = turns; - - boolean result = new TestThread(this,0).doRequest(0);// doTestRequest(); - if (result) { - System.out.println("TestRequest OK. Lasttest wird gestartet."); - sum=0; - max=0; - Dispatcher dp = new Dispatcher(this, req_per_second, turns, time, sum); - dp.start(); - while (!stop) { - try { - Log.println(new String(("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")"))); - Log.flush(); - } - catch (Exception e) {} - - System.out.println("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")"); - Thread.sleep(10000); - } - System.out.println("Fehler:" + error_count + " (Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")"); - } - else { - System.out.println("TestRequest lieferte einen Fehler. Lasttest wird nicht gestartet."); - } - } - - - public boolean doTestRequest() throws Exception { - - try { - - TestThread tt = new TestThread(null,0); - - // Anmelden - String URL = tt.getURL(MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/"); - HttpsURLConnection conn = tt.giveConnection(URL, "GET"); - - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - String MOASessionID = tt.parseSessionIDFromForm(result); - conn.disconnect(); - - URL = tt.parseDataURL(result); - // Verify Identity Link - conn = tt.giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = tt.readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - String redirectLoc = conn.getHeaderField("Location"); - conn.disconnect(); - //Verify Auth Block - conn = tt.giveConnection(redirectLoc, "POST"); - String createXMLSignatureResponse = URLEncoder.encode(tt.readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); - out.flush(); - out.close(); - conn.connect(); - redirectLoc = conn.getHeaderField("Location"); - String samlArtifact = tt.parseSamlArtifact(redirectLoc); - System.out.println("SamlArtifact: " + samlArtifact); - - conn.disconnect(); - - conn = null; - - SAMLRequestBuilder srb = new SAMLRequestBuilder(); - - Element erg = tt.doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")),MOA_AUTH_SERVER); - result = DOMUtils.serializeNode(erg); - if (result.indexOf("saml:Assertion")<0) - { - System.err.println("Falsche Antwort vom Webservice:\n" + result); - throw new Exception("Falsche Antwort vom Webservice"); - - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN LASTTEST :" + e.getLocalizedMessage()); - throw e; - } - - return true; - - } - - public String replaceString(String input, String oldPart, String newPart) throws Exception { - String erg = null; - - //First Part - erg = input.substring(0, input.indexOf(oldPart)); - //Insert new Part - erg += newPart; - - //insert REST - erg += input.substring(input.indexOf(oldPart) + oldPart.length(), input.length()); - - return erg; - } - - public static void main(String[] args) throws Exception { - Log = new PrintStream(new FileOutputStream("C:/Lasttest.log")); - int time = 0; - int sek = 0; - int turns = 0; - - if (args.length != 3) { - System.out.println("Parameteranzahl falsch. Bitte verwenden Sie die Syntax <Request_pro_Zeiteinheit(Zahl)> <Anzahl_der_Durchläufe(Zahl oder INF)> <Zeit_zwischen_Aufrufen_in_ms(Zahl)>"); - return; - } - - try { - sek = Integer.parseInt(args[0]); - time = Integer.parseInt(args[2]); - if (args[1].equals("INF")) { - turns = 0; - } - else - turns = Integer.parseInt(args[1]); - } - catch (NumberFormatException e) { - System.out.println("Einer der Parameter (Requestanzahl oder Testanzahl) ist keine Zahl !"); - return; - } - - System.out.println("Starte Lastest mit folgenden Parametern ..."); - System.out.println("ServerURL: " + MOA_AUTH_SERVER); - double reqPerSek = sek*1000; - System.out.println("Requests pro Sekunde: " + reqPerSek/time); - System.out.println("Durchläufe: " + (turns == 0 ? "INF" : turns + "")); - - Log.println("Starte Lastest mit folgenden Parametern ..."); - Log.println("ServerURL: " + MOA_AUTH_SERVER); - Log.println("Requests pro Sekunde: " + reqPerSek / time); - Log.println("Durchläufe: " + (turns == 0 ? "INF" : turns + "")); - - - try { - LasttestClient lc = new LasttestClient(); - //lc.startTest("data/CX0/TestGeneratorCX0.001.Req.xml","http://161.106.2.255:8080/",10,1000); - lc.startTest(sek, turns, time); - } - catch (Exception e) { - e.printStackTrace(); - } - } -} - diff --git a/id.server/src/test/lasttest/TestThread.java b/id.server/src/test/lasttest/TestThread.java deleted file mode 100644 index 0d2973c7f..000000000 --- a/id.server/src/test/lasttest/TestThread.java +++ /dev/null @@ -1,251 +0,0 @@ -package test.lasttest; - -import java.io.OutputStream; -import java.net.URL; -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.URLDecoder; -import at.gv.egovernment.moa.util.URLEncoder; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class TestThread extends Thread { - private LasttestClient parent = null; - private int turn_no; - private Dispatcher disp = null; - - public TestThread( LasttestClient parent, int durchlauf_nr) { - turn_no = durchlauf_nr; - this.parent = parent; - - } - - protected Element doCall(Element request, String server) throws Exception { - - /* QName serviceName = new QName("GetAuthenticationData"); - - String endPoint = server + "services/GetAuthenticationData"; - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - - System.out.println(DOMUtils.serializeNode(body.getAsDOM())); - call.setTargetEndpointAddress(endPoint); - System.out.println("Rufe WS auf: " + endPoint); - responses = (Vector) call.invoke(params); - System.out.println("WS aufgerufen."); - response = (SOAPBodyElement) responses.get(0); - System.out.println(DOMUtils.serializeNode(response.getAsDOM())); - return response.getAsDOM();*/ - - QName serviceName = new QName("GetAuthenticationData"); - String endPoint = server + "services/GetAuthenticationData"; - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore"); - System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(params); - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - - public boolean doRequest(int turnNo) throws Exception { - long start = System.currentTimeMillis(); - - try { - LasttestClient.Log.write(("Starte Durchlauf " + turnNo + "\n").getBytes()); - } - catch (Exception e) {} - - System.out.println("Starte Durchlauf " + turnNo); - // Anmelden - String URL = getURL(LasttestClient.MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - /* - * FOR DEBUG ONLY - */ - // System.out.println(URL); - // System.out.println(result); - //---------------- - - String MOASessionID = parseSessionIDFromForm(result); - conn.disconnect(); - - URL = parseDataURL(result); - // Verify Identity Link - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - - /* - * FOR DEBUG ONLY - */ - // System.out.println(URL); - // System.out.println(new String(StreamUtils.readStream(conn.getInputStream()))); - //---------------- - - String redirectLoc = conn.getHeaderField("Location"); - conn.disconnect(); - //Verify Auth Block - conn = giveConnection(redirectLoc, "POST"); - String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); - out.flush(); - out.close(); - conn.connect(); - redirectLoc = conn.getHeaderField("Location"); - - /* - * FOR DEBUG ONLY - */ - // System.out.println(redirectLoc); - // System.out.println(new String(StreamUtils.readStream(conn.getInputStream()))); - //---------------- - String samlArtifact = parseSamlArtifact(redirectLoc); - - // System.out.println("SamlArtifact: " + samlArtifact); - - AxisSecureSocketFactory.initialize(conn.getSSLSocketFactory()); - conn.disconnect(); - - conn = null; - - SAMLRequestBuilder srb = new SAMLRequestBuilder(); - - doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")), LasttestClient.MOA_AUTH_SERVER); - // writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8")); - - long end = System.currentTimeMillis(); - long diff = end - start; - parent.sum +=diff; - if (parent.max < diff) { - parent.max = diff; - } - if (parent.min > diff) { - parent.min = diff; - } - if (turnNo>0) { - long totalmem = Runtime.getRuntime().totalMemory(); - long freemem = Runtime.getRuntime().freeMemory(); - try { - LasttestClient.Log.write(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem + "\n").getBytes()); - LasttestClient.Log.flush(); - } - catch (Exception e) {} - System.out.println(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem)); - } - return true; - - } - - public String getSubString(String input, String startsWith, String endsWith) { - return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length())); - } - - public String getURL(String authURL, String target, String oaURL) { - return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL; - } - - public HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception { - HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection(); - conn.setRequestMethod(requestMethod); - conn.setDoInput(true); - conn.setDoOutput(true); - conn.setUseCaches(false); - conn.setAllowUserInteraction(false); - conn.setHostnameVerifier(new HostnameVerifierHack()); - return conn; - } - - public String killInclusive(String input, String startsWith, String endsWith, String newValue) { - int start = 0; - int ende; - String result; - result = input; - do { - start = result.indexOf(startsWith, start) + startsWith.length(); - ende = result.indexOf(endsWith, start); - result = result.substring(0, start - startsWith.length()) + newValue + result.substring(ende + endsWith.length(), result.length()); - start++; - } - while (result.indexOf(startsWith, ende + 1) > 0); - - return result; - } - - public String parseDataURL(String input) { - return getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\""); - } - - public String parseSamlArtifact(String input) { -// System.out.println(input); - return getSubString(input + "@@@", "SAMLArtifact=", "@@@"); - } - - public String parseSessionIDFromForm(String htmlForm) { - String parName = "MOASessionID="; - int i1 = htmlForm.indexOf(parName) + parName.length(); - int i2 = htmlForm.indexOf("\"", i1); - return htmlForm.substring(i1, i2); - } - - public String readXmldata(String filename) throws Exception { - - return FileUtils.readFile(LasttestClient.TESTDATA_ROOT + "xmldata/L000/" + filename, "UTF-8"); - } - - /** - * @see java.lang.Runnable#run() - */ - public void run() { - parent.thread_counter++; - - try { - if (!doRequest(turn_no)) { - parent.error_count++; - } - } - catch (Exception e) { - e.printStackTrace(); - parent.error_count++; - } - parent.thread_counter--; - } - -} |