diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java | 279 |
1 files changed, 279 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..9c696f245 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -0,0 +1,279 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; +import java.util.Calendar; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Builder for the <code><CreateXMLSignatureRequest></code> structure + * used for requesting a signature under the authentication block from the + * security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class CreateXMLSignatureRequestBuilder implements Constants { + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** + * XML template for the <code><moa:CreateXMLSignatureRequest></code> to be built + */ + private static final String CREATE_XML_SIGNATURE_REQUEST = + "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + + "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl + + " <{3}:KeyboxIdentifier>{1}</{3}:KeyboxIdentifier>" + nl + + " <{3}:DataObjectInfo Structure=''detached''>" + nl + + " <{4}:DataObject Reference=''''/>" + nl + + "{2}" + + " </{3}:DataObjectInfo>" + nl + + " <{3}:SignatureInfo>" + nl + + " <{3}:SignatureEnvironment>" + nl + + " <{4}:XMLContent>{0}</{4}:XMLContent>" + nl + + " </{3}:SignatureEnvironment>" + nl + + " <{3}:SignatureLocation xmlns:saml=''" + SAML_NS_URI + "'' Index=''2''>/saml:Assertion</{3}:SignatureLocation>" + nl + + " </{3}:SignatureInfo>" + nl + + "</{3}:CreateXMLSignatureRequest>"; + + + /** + * Constructor for CreateXMLSignatureRequestBuilder. + */ + public CreateXMLSignatureRequestBuilder() { + super(); + } + + /** + * Builds the <code><CreateXMLSignatureRequest></code>. + * + * @param authBlock String representation of XML authentication block + * @param keyBoxIdentifier the key box identifier which will be used (e.g. CertifiedKeypair) + * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not + * @return String representation of <code><CreateXMLSignatureRequest></code> + */ + public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + String dsigTransformInfosString = ""; + for (int i = 0; i < dsigTransformInfos.length; i++) { + dsigTransformInfosString += dsigTransformInfos[i]; + } + + if (slVersion12) { + + // replace the SecurityLayer namespace prefixes and URIs within the transforms + dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, + SL10_PREFIX, SL12_PREFIX, + SL10_NS_URI, SL12_NS_URI); + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; + + } + + String request = MessageFormat.format( + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, + keyBoxIdentifier, + dsigTransformInfosString, + sl11Prefix, + sl10Prefix, + slNsDeclaration }); + + return request; + } + + /** + * Builds the <code><CreateXMLSignatureRequest></code> for a foreign ID. + * + * @param subject the subject of the foreign certificate + * @param oaParam parameter for the OA + * @param session current session + * @return String representation of <code><CreateXMLSignatureRequest></code> + */ + public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + + String target = session.getTarget(); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + + Calendar cal = Calendar.getInstance(); + String date = DateTimeUtils.buildDate(cal); + String time = DateTimeUtils.buildTime(cal); + + String request = ""; + request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">"; + request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>"; + request += "<sl:DataObjectInfo Structure=\"enveloping\">"; + request += "<sl:DataObject>"; + request += "<sl:XMLContent>"; + + request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">"; + request += "<head>"; + request += "<title>Signatur der Anmeldedaten</title>"; + request += "<style type=\"text/css\" media=\"screen\">"; + request += ".normalstyle { font-size: medium; }"; + request += ".italicstyle { font-size: medium; font-style: italic; }"; + request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: medium; }"; + request += ".h4style{ font-size: large; font-family: Verdana; }"; + request += "</style>"; + +// request += "<style type=\"text/css\" media=\"screen\">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}"; +// request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }"; +// request += ".h4style{ font-family: Verdana; }"; +// request += "table.parameters { font-size: x-small; }"; +// request += "</style>"; + request += "</head>"; + request += "<body>"; + request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; + request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; + request += "<table class=\"parameters\">"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Name:</td>"; + request += "<td class=\"normalstyle\">"; + request += subject; + request += "</td>"; + request += "</tr>"; + request += "</table>"; + request += "<p class=\"titlestyle\">Daten zur Anwendung (Application Data)</p>"; + request += "<table class=\"parameters\">"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Dienst (Service):</td>"; + request += "<td class=\"normalstyle\">"; + // friendlyname from OA + request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + request += "</td>"; + request += "</tr>"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Land (Country):</td>"; + request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; + request += "</tr>"; + request += "</table>"; + request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>"; + request += "<table class=\"parameters\">"; + request += "<tr>"; + request += "<td class=\"italicstyle\">URL:</td>"; + request += "<td class=\"normalstyle\">"; + //public URL prefix from OA + request += oaParam.getPublicURLPrefix(); + request += "</td>"; + request += "</tr>"; + boolean business = oaParam.getBusinessService(); + if (business) { + // OA is businessservice + String identifierType = oaParam.getIdentityLinkDomainIdentifierType(); + String identifier = oaParam.getIdentityLinkDomainIdentifier(); + request += "<tr>"; + request += "<td class=\"italicstyle\">"; + request += identifierType + ":"; + request += "</td>"; + request += "<td class=\"normalstyle\">"; + request += identifier; + request += "</td>"; + request += "</tr>"; + } + else { + // OA is publicservice + request += "<tr>"; + request += "<td class=\"italicstyle\">"; + request += "Sektor (Sector):</td>"; + request += "<td class=\"normalstyle\">"; + request += target + " (" + sectorName + ")"; + request += "</td>"; + request += "</tr>"; + + } + + request += "<tr>"; + request += "<td class=\"italicstyle\">Datum (Date):</td>"; + request += "<td class=\"normalstyle\">"; + request += date; + request += "</td>"; + request += "</tr>"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Zeit (Time):</td>"; + request += "<td class=\"normalstyle\">"; + request += time; + request += "</td>"; + request += "</tr>"; + request += "</table>"; + + request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + + "natürliche Personen (ERnP), damit ich meinen elektronischen " + + "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + + "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + + "Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " + + "ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + + "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + + "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; + + request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " + + "Register of Residents or the Supplementary Register for Natural Persons. I therefore " + + "apply for registration in the Supplementary Register for Natural Persons in order to use " + + "my electronic identity (my electronic ID card) as an Austrian citizen card. I take note " + + "that registration in the Supplementary Register for Natural Persons solely serves keeping " + + "records of those data that are used for validation of unique identity and that those data " + + "is only used for e-government purposes.</p>"; + + +// request += "<p class=\"normalstyle\">I hereby request to access this e-government application by using my " + +// "domestic electronic identity. <br/>" + +// "I further affirm that I am not yet registered with the Austrian Central " + +// "Residents Registry and that I am not obliged to register with the Austrian " + +// "Central Residents Registry according to Austrian law.<br/>" + +// "In the event I am not yet registered with the Supplementary Register, I " + +// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + +// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>"; + + request += "</body>"; + request += "</html>"; + + request += "</sl:XMLContent>"; + request += "</sl:DataObject>"; + request += "<sl:TransformsInfo>"; + request += "<sl:FinalDataMetaInfo>"; + request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>"; + request += "</sl:FinalDataMetaInfo>"; + request += "</sl:TransformsInfo>"; + request += "</sl:DataObjectInfo>"; + request += "</sl:CreateXMLSignatureRequest>"; + + return request; + } +} |