diff options
Diffstat (limited to 'id.server')
3 files changed, 318 insertions, 256 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 43c018e76..c4483b250 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -4,7 +4,6 @@ import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; -import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.Principal; import java.util.ArrayList; @@ -13,7 +12,6 @@ import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Vector; import org.w3c.dom.Attr; @@ -28,8 +26,6 @@ import at.gv.egovernment.moa.id.auth.data.SchemaImpl; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -54,158 +50,116 @@ public class ConfigurationBuilder { // XPath namespace prefix shortcuts // /** an XPATH-Expression */ - private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; + protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; /** an XPATH-Expression */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; + protected static final String DSIG = Constants.DSIG_PREFIX + ":"; // // chaining mode constants appearing in the configuration file // /** an XPATH-Expression */ - private static final String CM_CHAINING = "chaining"; + protected static final String CM_CHAINING = "chaining"; /** an XPATH-Expression */ - private static final String CM_PKIX = "pkix"; + protected static final String CM_PKIX = "pkix"; /** an XPATH-Expression */ - private static final String DEFAULT_ENCODING = "UTF-8"; - - /** - * Default online application configuration file name - * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>). - */ - public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; + protected static final String DEFAULT_ENCODING = "UTF-8"; // // XPath expressions to select certain parts of the configuration // /** an XPATH-Expression */ - private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; - /** an XPATH-Expression */ - private static final String ROOTOA = "/" + CONF + "Configuration/"; + protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; + /** an XPATH-Expression */ - private static final String AUTH_BKU_XPATH = + protected static final String AUTH_BKU_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; /** an XPATH-Expression */ - private static final String AUTH_BKUSELECT_TEMPLATE_XPATH = + protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; /** an XPATH-Expression */ - private static final String AUTH_TEMPLATE_XPATH = + protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_XPATH = + protected static final String AUTH_MOA_SP_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = + protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = + protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; /** an XPATH-Expression */ - private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = + protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; /** an XPATH-Expression */ - private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = + protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; /** an XPATH-Expression */ public static final String AUTH_VERIFY_INFOBOXES_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes"; - - /** an XPATH-Expression */ - private static final String PROXY_AUTH_XPATH = - ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; - + /** an XPATH-Expression */ - private static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; + protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; /** an XPATH-Expression */ - private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; + protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; + protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; + protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH = + protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH = CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = + protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = CONF + "Templates/" + CONF + "Template/@URL"; /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; - /** an XPATH-Expression */ - private static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; + protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; + protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; - /** an XPATH-Expression */ - private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; - /** an XPATH-Expression */ - private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; - /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_URL_XPATH = + protected static final String CONNECTION_PARAMETER_URL_XPATH = CONF + "ConnectionParameter/@URL"; /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = + protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = + protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; /** an XPATH-Expression */ - private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = + protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; /** an XPATH-Expression */ - private static final String GENERIC_CONFIGURATION_XPATH = + protected static final String GENERIC_CONFIGURATION_XPATH = ROOT + CONF + "GenericConfiguration"; + /** an XPATH-Expression */ - private static final String OACONF_LOGIN_TYPE_XPATH = - ROOTOA + CONF + "LoginType"; - /** an XPATH-Expression */ - private static final String OACONF_BINDING_TYPE_XPATH = - ROOTOA + CONF + "Binding"; - /** an XPATH-Expression */ - private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = - ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; - /** an XPATH-Expression */ - private static final String OACONF_USER_ID_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; - /** an XPATH-Expression */ - private static final String OACONF_PASSWORD_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; - /** an XPATH-Expression */ - private static final String OACONF_HEADER_AUTH_HEADER_XPATH = - ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; - /** an XPATH-Expression */ - private static final String CHAINING_MODES_XPATH = + protected static final String CHAINING_MODES_XPATH = ROOT + CONF + "ChainingModes"; /** an XPATH-Expression */ - private static final String CHAINING_MODES_DEFAULT_XPATH = + protected static final String CHAINING_MODES_DEFAULT_XPATH = CHAINING_MODES_XPATH + "/@systemDefaultMode"; /** an XPATH-Expression */ - private static final String TRUST_ANCHOR_XPATH = + protected static final String TRUST_ANCHOR_XPATH = ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; /** an XPATH-Expression */ - private static final String ISSUER_XPATH = DSIG + "X509IssuerName"; + protected static final String ISSUER_XPATH = DSIG + "X509IssuerName"; /** an XPATH-Expression */ - private static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; + protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; /** an XPATH-Expression */ - private static final String TRUSTED_CA_CERTIFICATES_XPATH = + protected static final String TRUSTED_CA_CERTIFICATES_XPATH = ROOT + CONF + "TrustedCACertificates"; /** an XPATH-Expression */ - private static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile"; + protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile"; /** an XPATH-Expression */ - private static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID"; + protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID"; /** an XPATH-Expression */ - private static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; + protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; @@ -213,10 +167,10 @@ public class ConfigurationBuilder { /** * main configuration file directory name used to configure MOA-ID */ - private String rootConfigFileDir_; + protected String rootConfigFileDir_; /** The root element of the MOA-ID configuration */ - private Element configElem_; + protected Element configElem_; /** * Creates a new <code>MOAConfigurationProvider</code>. @@ -536,7 +490,7 @@ public class ConfigurationBuilder { * or, if no template is specified within the online appliacation, * the default url. Both may be <code>null</code>. */ - private String buildTemplateURL(Element oaAAuthComponent, String xpathExpr, String defaultURL) { + protected String buildTemplateURL(Element oaAAuthComponent, String xpathExpr, String defaultURL) { String templateURL = XPathUtils.getAttributeValue(oaAAuthComponent, xpathExpr, defaultURL); if (templateURL != null) { templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_); @@ -544,18 +498,7 @@ public class ConfigurationBuilder { return templateURL; } - /** - * Build a bean containing all information about the ProxyComponent - * @return The ConnectionParameter for the Proxy Component - */ - public ConnectionParameter buildAuthComponentConnectionParameter() - { - - Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH); - if (connectionParameter==null) return null; - return buildConnectionParameter(connectionParameter); - - } + /** * Method buildConnectionParameter: internal Method for creating a * ConnectionParameter object with all data found in the incoming element @@ -591,52 +534,7 @@ public class ConfigurationBuilder { return result; } - /** - * Build an array of OnlineApplication Parameter Beans containing information - * about the proxy component - * @return An OAProxyParameter array containing beans - * with all relevant information for the proxy component of the online - * application - */ - public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ - - List oA_list = new ArrayList(); - NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); - - for (int i = 0; i < OAIter.getLength(); i++) { - Element oAElem = (Element) OAIter.item(i); - OAProxyParameter oap = new OAProxyParameter(); - - oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); - oap.setOaType(oAElem.getAttribute("type")); - Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); - if (proxyComponentElem != null) { - oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); - oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_)); - // default session time out: 3600 sec = 1 h - oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); - oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); - oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); - oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_)); - oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); - - ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); - oap.setConnectionParameter(conPara); - OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); - oap.setOaConfiguration(oaConf); - - oA_list.add(oap); - } - } - OAProxyParameter[] result = - new OAProxyParameter[oA_list.size()]; - oA_list.toArray(result); - - return result; - - } - /** * Build the mapping of generic configuration properties. * @@ -661,107 +559,7 @@ public class ConfigurationBuilder { return genericConfiguration; } - /** - * Method buildOAConfiguration. - * - * Build an {@link OAConfiguration} Object from the given configuration DOM element - * - * @param root - * @return OAConfiguration - * @throws ConfigurationException - */ - public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ - - OAConfiguration oaConfiguration = new OAConfiguration(); - - //The LoginType hast to be "stateless" or "stateful" to be valid - - oaConfiguration.setLoginType( - XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); - - oaConfiguration.setBinding( - XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL)); - - //Try to build the Parameter Auth Parameters - NodeIterator paramAuthIter = - XPathUtils.selectNodeIterator( - root, - OACONF_PARAM_AUTH_PARAMETER_XPATH); - Element paramAuthElem; - HashMap paramAuthMap = new HashMap(); - while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { - String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); - String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); - if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert f�r Parameter per HeaderAuthentication"}); - paramAuthMap.put(name, value); - } - oaConfiguration.setParamAuthMapping(paramAuthMap); - // Try to build the BasicAuthParameters - oaConfiguration.setBasicAuthUserIDMapping( - XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); - oaConfiguration.setBasicAuthPasswordMapping( - XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); - - //Try to build the Parameter Auth Parameters - NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); - - Element headerAuthElem; - HashMap headerAuthMap = new HashMap(); - while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { - String name = - XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); - String value = - XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); - // Contains Key (Neue Config-Exception: doppelte werte) - if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert f�r Parameter per HeaderAuthentication"}); - headerAuthMap.put(name, value); - } - oaConfiguration.setHeaderAuthMapping(headerAuthMap); - - if (paramAuthMap.size() == 0) { - if (oaConfiguration.getBasicAuthUserIDMapping() == null) { - oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); - - return oaConfiguration; - } - - /** - * Reads the configuration file of the online application, and creates a DOM tree from it. - * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given, - * uses default configuration file location. - * - * @param oap configuration data of online application, meant for use by MOA-ID-PROXY - * @return Element DOM tree root element - * @throws ConfigurationException on any exception thrown - */ - private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException - { - try { - String configFileURL = oap.getConfigFileURL(); - if (configFileURL == null) { - // use default config file URL, when config file URL is not given - configFileURL = oap.getConnectionParameter().getUrl(); - if (configFileURL.charAt(configFileURL.length() - 1) != '/') - configFileURL += "/"; - configFileURL += DEFAULT_OA_CONFIG_FILENAME; - } - Logger.info("Loading MOA-OA configuration " + configFileURL); - Element configElem = DOMUtils.parseXmlValidating( - new ByteArrayInputStream(FileUtils.readURL(configFileURL))); - return configElem; - } - catch (Throwable t) { - throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); - } - } + /** * Returns the default chaining mode from the configuration. @@ -809,7 +607,7 @@ public class ConfigurationBuilder { * @return The issuer and serial number contained in the <code>root</code> * element or <code>null</code> if could not be built for any reason. */ - private IssuerAndSerial buildIssuerAndSerial(Element root) { + protected IssuerAndSerial buildIssuerAndSerial(Element root) { String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); @@ -839,7 +637,7 @@ public class ConfigurationBuilder { * interface. * @see iaik.pki.pathvalidation.ChainingModes */ - private String translateChainingMode(String chainingMode) { + protected String translateChainingMode(String chainingMode) { if (chainingMode.equals(CM_CHAINING)) { return ChainingModes.CHAIN_MODE; } else if (chainingMode.equals(CM_PKIX)) { @@ -863,7 +661,7 @@ public class ConfigurationBuilder { * company. * @return */ - private String buildIdentityLinkDomainIdentifier(Element number) { + protected String buildIdentityLinkDomainIdentifier(Element number) { if (number == null) { return null; } @@ -1080,7 +878,7 @@ public class ConfigurationBuilder { // various utility methods // - private static void warn(String messageId, Object[] parameters) { + protected static void warn(String messageId, Object[] parameters) { Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); } @@ -1090,7 +888,7 @@ public class ConfigurationBuilder { * @param args for the logger * @param t as throwabl */ - private static void warn(String messageId, Object[] args, Throwable t) { + protected static void warn(String messageId, Object[] args, Throwable t) { Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t); } } diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java new file mode 100644 index 000000000..ebb06dd3d --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -0,0 +1,265 @@ +// Copyright (C) 2002 IAIK +// http://jce.iaik.tugraz.at +// +// Copyright (C) 2007 Stiftung Secure Information and +// Communication Technologies SIC +// http://www.sic.st +// +// All rights reserved. +// +// This source is provided for inspection purposes and recompilation only, +// unless specified differently in a contract with IAIK. This source has to +// be kept in strict confidence and must not be disclosed to any third party +// under any circumstances. Redistribution in source and binary forms, with +// or without modification, are <not> permitted in any case! +// +// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +// SUCH DAMAGE. + +package at.gv.egovernment.moa.id.config.proxy; + +import java.io.ByteArrayInputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +public class ProxyConfigurationBuilder extends ConfigurationBuilder { + + /** + * Default online application configuration file name + * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>). + */ + public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; + + /** an XPATH-Expression */ + private static final String PROXY_AUTH_XPATH = + ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; + /** an XPATH-Expression */ + protected static final String ROOTOA = "/" + CONF + "Configuration/"; + /** an XPATH-Expression */ + private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; + /** an XPATH-Expression */ + private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; + /** an XPATH-Expression */ + private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; + /** an XPATH-Expression */ + private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; + /** an XPATH-Expression */ + private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; + /** an XPATH-Expression */ + private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; + /** an XPATH-Expression */ + private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; + /** an XPATH-Expression */ + protected static final String OACONF_LOGIN_TYPE_XPATH = + ROOTOA + CONF + "LoginType"; + /** an XPATH-Expression */ + protected static final String OACONF_BINDING_TYPE_XPATH = + ROOTOA + CONF + "Binding"; + /** an XPATH-Expression */ + protected static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = + ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; + /** an XPATH-Expression */ + protected static final String OACONF_USER_ID_XPATH = + ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; + /** an XPATH-Expression */ + protected static final String OACONF_PASSWORD_XPATH = + ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; + /** an XPATH-Expression */ + protected static final String OACONF_HEADER_AUTH_HEADER_XPATH = + ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; + + /** + * Creates a new <code>MOAConfigurationProvider</code>. + * + * @param configElem The root element of the MOA-ID configuration. + */ + public ProxyConfigurationBuilder(Element configElem, String rootConfigDir) { + super(configElem, rootConfigDir); + } + + /** + * Method buildOAConfiguration. + * + * Build an {@link OAConfiguration} Object from the given configuration DOM element + * + * @param root + * @return OAConfiguration + * @throws ConfigurationException + */ + public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ + + OAConfiguration oaConfiguration = new OAConfiguration(); + + //The LoginType hast to be "stateless" or "stateful" to be valid + + oaConfiguration.setLoginType( + XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); + + oaConfiguration.setBinding( + XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL)); + + //Try to build the Parameter Auth Parameters + NodeIterator paramAuthIter = + XPathUtils.selectNodeIterator( + root, + OACONF_PARAM_AUTH_PARAMETER_XPATH); + Element paramAuthElem; + HashMap paramAuthMap = new HashMap(); + while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { + String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); + String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); + if (paramAuthMap.containsKey(name)) + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert f�r Parameter per HeaderAuthentication"}); + paramAuthMap.put(name, value); + } + oaConfiguration.setParamAuthMapping(paramAuthMap); + // Try to build the BasicAuthParameters + oaConfiguration.setBasicAuthUserIDMapping( + XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); + oaConfiguration.setBasicAuthPasswordMapping( + XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); + + //Try to build the Parameter Auth Parameters + NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); + + Element headerAuthElem; + HashMap headerAuthMap = new HashMap(); + while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { + String name = + XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); + String value = + XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); + // Contains Key (Neue Config-Exception: doppelte werte) + if (headerAuthMap.containsKey(name)) + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert f�r Parameter per HeaderAuthentication"}); + headerAuthMap.put(name, value); + } + oaConfiguration.setHeaderAuthMapping(headerAuthMap); + + if (paramAuthMap.size() == 0) { + if (oaConfiguration.getBasicAuthUserIDMapping() == null) { + oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); + } + else + oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); + } + else + oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); + + return oaConfiguration; + } + + + /** + * Build an array of OnlineApplication Parameter Beans containing information + * about the proxy component + * @return An OAProxyParameter array containing beans + * with all relevant information for the proxy component of the online + * application + */ + public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ + + List oA_list = new ArrayList(); + NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); + + for (int i = 0; i < OAIter.getLength(); i++) { + Element oAElem = (Element) OAIter.item(i); + + Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); + if (proxyComponentElem != null) { + OAProxyParameter oap = new OAProxyParameter(); + + oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); + oap.setOaType(oAElem.getAttribute("type")); + oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); + oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_)); + // default session time out: 3600 sec = 1 h + oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); + oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); + oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); + oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_)); + oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); + + ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); + oap.setConnectionParameter(conPara); + + OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); + oap.setOaConfiguration(oaConf); + + oA_list.add(oap); + } + } + OAProxyParameter[] result = + new OAProxyParameter[oA_list.size()]; + oA_list.toArray(result); + + return result; + + } + + /** + * Reads the configuration file of the online application, and creates a DOM tree from it. + * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given, + * uses default configuration file location. + * + * @param oap configuration data of online application, meant for use by MOA-ID-PROXY + * @return Element DOM tree root element + * @throws ConfigurationException on any exception thrown + */ + private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException + { + try { + String configFileURL = oap.getConfigFileURL(); + if (configFileURL == null) { + // use default config file URL, when config file URL is not given + configFileURL = oap.getConnectionParameter().getUrl(); + if (configFileURL.charAt(configFileURL.length() - 1) != '/') + configFileURL += "/"; + configFileURL += DEFAULT_OA_CONFIG_FILENAME; + } + Logger.info("Loading MOA-OA configuration " + configFileURL); + Element configElem = DOMUtils.parseXmlValidating( + new ByteArrayInputStream(FileUtils.readURL(configFileURL))); + return configElem; + } + catch (Throwable t) { + throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); + } + } + + /** + * Build a bean containing all information about the ProxyComponent + * @return The ConnectionParameter for the Proxy Component + */ + public ConnectionParameter buildAuthComponentConnectionParameter() + { + + Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH); + if (connectionParameter==null) return null; + return buildConnectionParameter(connectionParameter); + + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index fdb7e6f55..572ce5708 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -7,7 +7,6 @@ import java.net.MalformedURLException; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -101,7 +100,7 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { private void load(String fileName) throws ConfigurationException { FileInputStream stream = null; Element configElem; - ConfigurationBuilder builder; + ProxyConfigurationBuilder builder; try { // load the main config file @@ -130,12 +129,12 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { } // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); + builder = new ProxyConfigurationBuilder(configElem, rootConfigFileDir); authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); - + onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); for(int i = 0; i < onlineApplicationProxyParameter.length; i++) { - onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); + onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); } genericConfiguration = builder.buildGenericConfiguration(); |