diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator')
19 files changed, 4491 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java new file mode 100644 index 000000000..dfad29e50 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -0,0 +1,312 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import java.util.Iterator; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * + * This class is used to validate an {@link CreateXMLSignatureResponse} + * returned by the security layer. + * This class implements the Singleton pattern. + * @author Stefan Knirsch + * @version $Id$ + */ +public class CreateXMLSignatureResponseValidator { + + + /** Xpath expression to the dsig:Signature element */ + private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + + + /** Singleton instance. <code>null</code>, if none has been created. */ + private static CreateXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton CreateXMLSignatureResponseValidator. + * @return an instance of CreateXMLSignatureResponseValidator + * @throws ValidateException if no instance can be created + */ + public static synchronized CreateXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new CreateXMLSignatureResponseValidator(); + } + return instance; + } + + + /** + * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} + * @param createXMLSignatureResponse + * @param session + * @throws ValidateException + */ + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + throws ValidateException { + + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + + String gbTarget = session.getTarget(); + String oaURL = session.getPublicOAURLPrefix(); + boolean businessService = session.getBusinessService(); + + IdentityLink identityLink = session.getIdentityLink(); + + Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); + String issuer = samlAssertion.getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + // replace ' in name with ' + issuer = issuer.replaceAll("'", "'"); + + String issueInstant = samlAssertion.getAttribute("IssueInstant"); + if (!issueInstant.equals(session.getIssueInstant())) { + throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); + } + + String name = identityLink.getName(); + + if (!issuer.equals(name)) { + throw new ValidateException("validator.33", new Object[] {issuer, name}); + } + + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); + + boolean foundOA = false; + boolean foundGB = false; + boolean foundWBPK = false; + int offset = 0; + + // check number of SAML aatributes + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + int extendedSAMLAttributesNum = 0; + if (extendedSAMLAttributes != null) { + extendedSAMLAttributesNum = extendedSAMLAttributes.size(); + } + int expectedSAMLAttributeNumber = + AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum; + if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; + int actualSAMLAttributeNumber = samlAttributes.length; + if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { + Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + + expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); + throw new ValidateException( + "validator.36", + new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); + } + + SAMLAttribute samlAttribute; + if (session.getSAMLAttributeGebeORwbpk()) { + // check the first attribute ("Geschaeftsbereich" or "wbPK") + samlAttribute = samlAttributes[0]; + if (businessService) { + if (!samlAttribute.getName().equals("wbPK")) { + if (samlAttribute.getName().equals("Geschaeftsbereich")) { + throw new ValidateException("validator.26", null); + } else { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)}); + } + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundWBPK = true; + try { + Element attrValue = (Element)samlAttribute.getValue(); + String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue(); + String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue(); + if (!value.equals(identityLink.getIdentificationValue())) { + throw new ValidateException("validator.28", null); + } + if (!type.equals(identityLink.getIdentificationType())) { + throw new ValidateException("validator.28", null); + } + } catch (Exception ex) { + throw new ValidateException("validator.29", null); + } + } else { + throw new ValidateException("validator.30", null); + } + } else { + if (!samlAttribute.getName().equals("Geschaeftsbereich")) { + if (samlAttribute.getName().equals("wbPK")) { + throw new ValidateException("validator.26", null); + } else { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)}); + } + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundGB = true; + String targetFriendlyName = session.getTargetFriendlyName(); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget); + if (StringUtils.isEmpty(sectorName)) { + if (targetFriendlyName != null) + sectorName = targetFriendlyName; + } + gbTarget = gbTarget + " (" + sectorName + ")"; + //gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; + + if (!gbTarget.equals((String)samlAttribute.getValue())) { + throw new ValidateException("validator.13", null); + } + } else { + throw new ValidateException("validator.12", null); + } + } + } else { + offset--; + } + + // check the second attribute (must be "OA") + samlAttribute = samlAttributes[1 + offset]; + if (!samlAttribute.getName().equals("OA")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); + } + } else { + throw new ValidateException("validator.15", null); + } + + // check the third attribute (must be "Geburtsdatum") + samlAttribute = samlAttributes[2 + offset]; + if (!samlAttribute.getName().equals("Geburtsdatum")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) { + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // now check the extended SAML attributes + int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; + if (extendedSAMLAttributes != null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + samlAttribute = samlAttributes[i]; + String actualName = samlAttribute.getName(); + String expectedName = extendedSAMLAttribute.getName(); + if (!actualName.equals(expectedName)) { + throw new ValidateException( + "validator.38", + new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); + } + String actualNamespace = samlAttribute.getNamespace(); + String expectedNamespace = extendedSAMLAttribute.getNameSpace(); + if (!actualNamespace.equals(expectedNamespace)) { + throw new ValidateException( + "validator.38", + new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); + } + Object expectedValue = extendedSAMLAttribute.getValue(); + Object actualValue = samlAttribute.getValue(); + try { + if (expectedValue instanceof String) { + // replace \r\n because text might be base64-encoded + String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); + expValue = StringUtils.replaceAll(expValue,"\n",""); + String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); + actValue = StringUtils.replaceAll(actValue,"\n",""); + if (!expValue.equals(actValue)) { + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); + } + } else if (expectedValue instanceof Element) { + // only check the name of the element + String actualElementName = ((Element)actualValue).getNodeName(); + String expectedElementName = ((Element)expectedValue).getNodeName(); + if (!(expectedElementName.equals(actualElementName))){ + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); + } + } else { + // should not happen + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); + } + } catch (ClassCastException e) { + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); + } + i++; + } + } + + + if (!foundOA) throw new ValidateException("validator.14", null); + if (businessService) { + if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) throw new ValidateException("validator.31", null); + } else { + if (!foundGB) throw new ValidateException("validator.11", null); + } + + //Check if dsig:Signature exists +// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); +// if (nl.getLength() != 1) { +// throw new ValidateException("validator.05", null); +// } + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); + if (dsigSignature == null) { + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java new file mode 100644 index 000000000..a4b98c4c8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -0,0 +1,186 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * This class is used to validate an {@link IdentityLink} + * returned by the security layer + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class IdentityLinkValidator implements Constants { + + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching PersonData Namespaces */ + private static final String PDATA = PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = DSIG_PREFIX + ":"; + /** Xpath prefix for reaching ECDSA Namespaces */ + private static final String ECDSA = ECDSA_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ""; + /** Xpath expression to the SAML:SubjectConfirmationData element */ + private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Subject/" + + SAML + + "SubjectConfirmation/" + + SAML + + "SubjectConfirmationData"; +/** Xpath expression to the PersonData:Person element */ + private static final String PERSON_XPATH = + SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; + /** Xpath expression to the SAML:Attribute element */ + private static final String ATTRIBUTE_XPATH = + ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; + /** Xpath expression to the SAML:AttributeName attribute */ + private static final String ATTRIBUTE_NAME_XPATH = + ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; + /** Xpath expression to the SAML:AttributeNamespace attribute */ + private static final String ATTRIBUTE_NAMESPACE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/@AttributeNamespace"; + /** Xpath expression to the SAML:AttributeValue element */ + private static final String ATTRIBUTE_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue"; + + /** Singleton instance. <code>null</code>, if none has been created. */ + private static IdentityLinkValidator instance; + + /** + * Constructor for a singleton IdentityLinkValidator. + * @return a new IdentityLinkValidator instance + * @throws ValidateException if no instance can be created + */ + public static synchronized IdentityLinkValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new IdentityLinkValidator(); + } + return instance; + } + + /** + * Method validate. Validates the {@link IdentityLink} + * @param identityLink The identityLink to validate + * @throws ValidateException on any validation error + */ + public void validate(IdentityLink identityLink) throws ValidateException { + + Element samlAssertion = identityLink.getSamlAssertion(); + //Search the SAML:ASSERTION Object (A2.054) + if (samlAssertion == null) { + throw new ValidateException("validator.00", null); + } + + // Check how many saml:Assertion/saml:AttributeStatement/ + // saml:Subject/ saml:SubjectConfirmation/ + // saml:SubjectConfirmationData/pr:Person of type + // PhysicalPersonType exist (A2.056) + NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH); + // If we have just one Person-Element we don't need to check the attributes + int counterPhysicalPersonType = 0; + if (nl.getLength() > 1) + for (int i = 0; i < nl.getLength(); i++) { + String xsiType = + ((Element) nl.item(i)) + .getAttributeNodeNS( + "http://www.w3.org/2001/XMLSchema-instance", + "type") + .getNodeValue(); + // We have to check if xsiType contains "PhysicalPersonType" + // An equal-check will fail because of the Namespace-prefix of the attribute value + if (xsiType.indexOf("PhysicalPersonType") > -1) + counterPhysicalPersonType++; + } + if (counterPhysicalPersonType > 1) + throw new ValidateException("validator.01", null); + + //Check the SAML:ATTRIBUTES + nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH); + for (int i = 0; i < nl.getLength(); i++) { + String attributeName = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeName", + null); + String attributeNS = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeNamespace", + null); + if (attributeName.equals("CitizenPublicKey")) { + + if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") || + attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) { + Element attributeValue = + (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue"); + if (attributeValue == null) + throw new ValidateException("validator.02", null); + + } + else + throw new ValidateException("validator.03", new Object [] {attributeNS} ); + } + else + throw new ValidateException("validator.04", new Object [] {attributeName} ); + } + + //Check if dsig:Signature exists + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature"); + if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java new file mode 100644 index 000000000..7d951d65f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -0,0 +1,105 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import java.util.Map; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; + +/** + * Validates an InfoboxReadResponse. + * An implementing class has to validate the content of the InfoboxReadResponse + * according to the type specific rules and guidelines of the underlying + * application. + */ +public interface InfoboxValidator { + + /** + * This method validates an InfoboxReadResponse. + * The method validates the content of the passed <code>infoboxReadResponse</code> + * according to the type specific rules and guidelines of the underlying + * application. + * + * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams + * Parameters} needed by the validator. + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (InfoboxValidatorParams params) + throws ValidateException; + + /** + * This method is used to do intermediate processing before signing the auth block. + * If a infobox validator threw a form to gather user input, this method is used + * to validate this input. In no further input is needed the form must be empty to + * proceed, and also a valid <code>InfoboxValidationResult</code> is necessary. + * If more input is needed, the validator can build a new form and it is then shown + * to the citizen. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param parameters the parameters got returned by the input fields + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Map parameters) + throws ValidateException; + + /** + * This method is used to do post processing after signing the auth block. + * The method validates the content of the <code>infoboxReadResponse</code + * against the passed <code>samlAssertion</code> if needed. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param samlAssertion the SAML assertion needed by the validator + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Element samlAssertion) + throws ValidateException; + + /** + * form for user interaction for intermediate processing of infobox validation + * + * @return answer form of the servlet request. + */ + public String getForm(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java new file mode 100644 index 000000000..7ac3a15dd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java @@ -0,0 +1,64 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while validating an incoming XML structure + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ValidateException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = -3784899738402848497L; + +/** + * Constructor for ValidateException. + * @param messageId + * @param parameters + */ + public ValidateException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ValidateException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ValidateException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java new file mode 100644 index 000000000..90282a28c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -0,0 +1,205 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import iaik.asn1.structures.Name; +import iaik.security.ecc.ecdsa.ECPublicKey; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * This class is used to validate an {@link VerifyXMLSignatureResponse} + * returned by MOA-SPSS + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureResponseValidator { + + /** Identification string for checking identity link */ + public static final String CHECK_IDENTITY_LINK = "IdentityLink"; + /** Identification string for checking authentication block */ + public static final String CHECK_AUTH_BLOCK = "AuthBlock"; + + /** Singleton instance. <code>null</code>, if none has been created. */ + private static VerifyXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton VerifyXMLSignatureResponseValidator. + */ + public static synchronized VerifyXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new VerifyXMLSignatureResponseValidator(); + } + return instance; + } + + /** + * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. + * + * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code> + * @param identityLinkSignersSubjectDNNames subject names configured + * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated + * @param ignoreManifestValidationResult specifies whether the validation result of the + * manifest has to be ignored (identityLink validation if + * the OA is a business service) or not + * @throws ValidateException on any validation error + */ + public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, + List identityLinkSignersSubjectDNNames, + String whatToCheck, + boolean ignoreManifestValidationResult) + throws ValidateException { + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) + throw new ValidateException("validator.06", null); + + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { + String checkFailedReason =""; + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); + + if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); + else + throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); + } + + if (ignoreManifestValidationResult) { + Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); + } else { + if (verifyXMLSignatureResponse.isXmlDSIGManigest()) + if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) + throw new ValidateException("validator.08", null); + } + + + // Check the signature manifest only when verifying the signed AUTHBlock + if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { + if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { + throw new ValidateException("validator.50", null); + } + } + + //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not + if (identityLinkSignersSubjectDNNames != null) { + String subjectDN = ""; + X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); + try { + subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); + } + catch (RFC2253NameParserException e) { + throw new ValidateException("validator.17", null); + } + //System.out.println("subjectDN: " + subjectDN); + // check the authorisation to sign the identity link + if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { + // subject DN check failed, try OID check: + try { + if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) { + throw new ValidateException("validator.18", new Object[] { subjectDN }); + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check failed, but OID check successfully passed."); + } + } catch (X509ExtensionInitException e) { + throw new ValidateException("validator.49", null); + } + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check successfully passed."); + } + + } + } + + /** + * Method validateCertificate. + * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse + * @param idl The Identitylink + * @throws ValidateException + */ + public void validateCertificate( + VerifyXMLSignatureResponse verifyXMLSignatureResponse, + IdentityLink idl) + throws ValidateException { + + X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); + PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); + + PublicKey pubKeySignature = x509Response.getPublicKey(); + + boolean found = false; + for (int i = 0; i < pubKeysIdentityLink.length; i++) { + + //compare RSAPublicKeys + if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && + (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { + + RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; + RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; + + if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) + && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) + found = true; + } + + //compare ECDSAPublicKeys + if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) && + (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) { + + ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature; + ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i]; + + if(ecdsakey.equals(ecdsaPubKeySignature)) + found = true; + } + } + + if (!found) + throw new ValidateException("validator.09", null); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java new file mode 100644 index 000000000..c8020cda4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -0,0 +1,87 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.util.Map; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +
+/**
+ * Input processor for infobox validators.
+ */
+public interface ParepInputProcessor {
+
+ /**
+ * Initialize user input processing. This function must initialize the
+ * processor to remember its state. Fixed values for the current authentication
+ * session are set here.
+ *
+ * @param representationID The id of the provided standardized mandate
+ * @param parepConfiguration The configuration of the party representation validator
+ * @param rpFamilyName The family name of the representative
+ * @param rpGivenName
+ * @param rpDateOfBirth
+ * @param request CreateMandateRequest containing the representative and the mandator
+ */
+
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request);
+
+ /**
+ * Starting point of user input processing. This function must initialize the
+ * processor and remember its state.
+ *
+ * @param physical Is person a physical person selected
+ * @param familyName The family name of the mandator
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName The address of the physical person
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @return The initial user input form
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue);
+
+ /**
+ * Validation after the user submitted form
+ *
+ * @param parameters Returned input field values
+ * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data
+ * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error.
+ */
+ public String validate(Map parameters, String extErrortext);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java new file mode 100644 index 000000000..576d9c358 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -0,0 +1,323 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Implements the standard party representation infobox validator input processor
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ParepInputProcessorImpl implements ParepInputProcessor{
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID;
+
+ /** contains the configuration of the owning validator */
+ private ParepConfiguration parepConfiguration;
+
+ /** Family name of the representative */
+ private String rpFamilyName;
+
+ /** Given name of the representative */
+ private String rpGivenName;
+
+ /** The representatives date of birth */
+ private String rpDateOfBirth;
+
+ /** The current CreateMandateRequest to the SZR-gateway */
+ private CreateMandateRequest request;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest)
+ */
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request)
+ {
+ // Initialization
+ this.representationID = representationID;
+ this.parepConfiguration = parepConfiguration;
+ this.rpFamilyName = rpFamilyName;
+ this.rpGivenName = rpGivenName;
+ this.rpDateOfBirth = rpDateOfBirth;
+ this.request = request;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+ {
+ // Load the form
+ String form = loadForm(
+ physical, familyName, givenName, dateOfBirth,
+ streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue, "");
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ } catch (SZRGWClientException e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+ */
+ public String validate(Map parameters, String extErrortext)
+ {
+
+ // Process the gotten parameters
+ String form = null;
+ boolean formNecessary = false;
+ if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+ String locErrortext = "Folgende Parameter fehlen: ";
+
+ String familyName = (String) parameters.get("familyname_");
+ if (null == familyName) familyName ="";
+ String givenName = (String) parameters.get("givenname_");
+ if (null == givenName) givenName ="";
+ boolean physical = "true".equals(parameters.get("physical_"));
+ String dobday = (String) parameters.get("dobday_");
+ if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+ String dobmonth = (String) parameters.get("dobmonth_");
+ if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+ String dobyear = (String) parameters.get("dobyear_");
+ if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+ String dateOfBirth = "";
+ dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+ dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+ dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+ dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+ String cbFullName = (String) parameters.get("fullname_");
+ if (null == cbFullName) cbFullName ="";
+ String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
+ if (null == cbIdentificationType) cbIdentificationType ="";
+ String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
+ if (null == cbIdentificationValue) cbIdentificationValue ="";
+ String postalCode = (String) parameters.get("postalcode_");
+ if (null == postalCode) postalCode ="";
+ String municipality = (String) parameters.get("municipality_");
+ if (null == municipality) municipality ="";
+ String streetName = (String) parameters.get("streetname_");
+ if (null == streetName) streetName ="";
+ String buildingNumber = (String) parameters.get("buildingnumber_");
+ if (null == buildingNumber) buildingNumber ="";
+ String unit = (String) parameters.get("unit_");
+ if (null == unit) unit ="";
+
+ if (physical) {
+ if (ParepUtils.isEmpty(familyName)) {
+ formNecessary = true;
+ locErrortext = locErrortext + "Familienname";
+ }
+ if (ParepUtils.isEmpty(givenName)) {
+ formNecessary = true;
+ if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Vorname";
+ }
+ // Auf existierendes Datum prüfen
+ SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+ format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+ try {
+ format.parse(dateOfBirth);
+ }
+ catch(ParseException pe)
+ {
+ formNecessary = true;
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "korrektes Geburtsdatum";
+ }
+ } else {
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ if (ParepUtils.isEmpty(cbFullName)) {
+ locErrortext = locErrortext + "Name der Organisation";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationType)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Auswahl des Registers";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationValue)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+ }
+ }
+ }
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ if (formNecessary) {
+ // Daten noch nicht vollständig oder anderer Fehler
+ if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+ String error = "";
+ if (!ParepUtils.isEmpty(extErrortext)) {
+ error = extErrortext;
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+ }
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+ if (!ParepUtils.isEmpty(error)) {
+ error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
+ }
+ form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+ if (form == null) {
+ return null;
+ }
+ } else {
+ return ""; // everything is ok
+ }
+ } catch (Exception e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /**
+ * Loads the empty user input form and replaces tag occurences with given variables
+ *
+ * @param physical
+ * @param familyName
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @param errorText
+ * @return
+ */
+ private String loadForm(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+ {
+ String form = "";
+ try {
+ String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+ InputStream instream = null;
+ File file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ fileName = parepConfiguration.getFullDirectoryName(fileName);
+ if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
+ file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ //else load a named resource in our classloader.
+ instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+ if (instream == null) {
+ Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+ return null;
+ }
+ }
+ }
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.dumpInputOutputStream(instream, bos);
+ form = bos.toString("UTF-8");
+ } catch(Exception e) {
+ Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+ }
+
+ if (!ParepUtils.isEmpty(form)) {
+ boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+ boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+ boolean reducedSelection = (!physEnabled || !cbEnabled);
+ if (reducedSelection) {
+ physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+ }
+ if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+ form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+ form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+ form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+ form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+ form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+ //darf zw. phys. und jur. Person gewählt werden:
+ //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+ form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+ form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+ form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+ form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+ form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+ form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+ form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+ form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+ form = ParepUtils.replaceAll(form, "<unit>", unit);
+ form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+ form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+ form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+ form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+ form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+ form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+ form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+ }
+ return form;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java new file mode 100644 index 000000000..5eeaa5d3d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -0,0 +1,740 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; + +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; +
+/**
+ * This class implements a set of utility methods.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepUtils {
+
+ /**
+ * Determines whether a string is null or empty
+ *
+ * @param str the string to check.
+ * @return <code>true</code> if the string is null or empty,
+ * <code>false</code> otherwise.
+ */
+ public static boolean isEmpty(String str) {
+ return str == null || "".equals(str);
+ }
+
+ /**
+ * Reads a XML document from an input stream (namespace-aware).
+ *
+ * @param is
+ * the input stream to read from.
+ * @return the read XML document.
+ * @throws SZRGWClientException
+ * if an error occurs reading the document from the input stream.
+ */
+ public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+ f.setNamespaceAware(true);
+ return f.newDocumentBuilder().parse(is);
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /*
+ *
+ */
+ public static String extractRepresentativeID(Element mandate) throws ValidateException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+ if (resultNode != null) {
+ // because following line is not ready for JDK 1.4.x we need to get the childnode;
+ // return resultNode.getTextContent();
+ Node textNode = resultNode.getFirstChild();
+ if (textNode != null) {
+ return textNode.getNodeValue();
+ }
+ }
+ return null;
+ } catch (Exception e) {
+ throw new ValidateException("validator.62", null);
+ }
+ }
+
+
+ /**
+ * Dumps all bytes from an input stream to the given output stream.
+ *
+ * @param is
+ * the input stream to dump from.
+ * @param os
+ * the output stream to dump to.
+ * @throws IOException
+ * if an error occurs while dumping.
+ */
+ public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException {
+ if (is == null) {
+ return;
+ }
+ int ch;
+ while ((ch = is.read()) != -1) {
+ os.write(ch);
+ }
+ }
+
+ /**
+ * Gets a string that represents the date a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing date from.
+ * @return the issuing date of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing date of the
+ * mandate.
+ */
+ public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode);
+
+ if (dateNode == null) {
+ throw new Exception("Date in Mandate-Issued not found.");
+ }
+ return dateNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Gets a string that represents the place a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing place from.
+ * @return the issuing place of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing place of the
+ * mandate.
+ */
+ public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode);
+
+ if (placeNode == null) {
+ throw new Exception("Place in Mandate-Issued not found.");
+ }
+ return placeNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the textual description of the mandate.
+ *
+ * @param mandate
+ * the mandate to extract the textual description from.
+ * @return the textual description of the mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the textual description.
+ */
+ public static String getMandateContent(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode);
+
+ if (contentNode == null) {
+ throw new Exception("Content in Mandate not found.");
+ }
+ return contentNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the md:Mandator element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the md:Mandator from.
+ * @return the md:Mandator element.
+ * @throws SZRGWClientException
+ * if an error occurs extracting the md:Mandator element.
+ */
+ public static Element extractMandator(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode);
+ if (mandator == null) {
+ // if we got the Mandator itself
+ if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate;
+ }
+ if (mandator == null)
+ return null;
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Tells wether a mandator is a physical person or not.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return <code>true<code> if the mandator is a physical person, <code>false</code> otherwise.
+ */
+ public static boolean isPhysicalPerson(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ + String s = DOMUtils.serializeNode(mandator); +
+ // check if physical person
+ Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + +
+ // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
+ // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
+ return physicalPerson != null;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ /**
+ * Extracts the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPersonOfMandate(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode);
+ }
+ if (person == null) return null;
+ String nsPrefix = person.getPrefix();
+ String nsUri = person.getNamespaceURI();
+ Element personClone = (Element) person.cloneNode(true);
+ personClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return personClone;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Benerates the </code>pr:Person</code> element form a
+ * <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element of a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:Person</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPrPersonOfMandate(Element mandate) throws ParseException {
+
+ try {
+ Document document = ParepUtils.createEmptyDocument();
+ Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI);
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode);
+ }
+ if (person != null) {
+ root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName());
+ if (person != null) {
+ NodeList nl = person.getChildNodes();
+ for (int i = 0; i < nl.getLength(); i++) {
+ Node testNode = nl.item(i);
+ if (Node.ELEMENT_NODE == testNode.getNodeType()) {
+ root.appendChild(document.importNode(testNode, true));
+ }
+ }
+ }
+ }
+
+ return root;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Extracts the name of the mandator as a string representation.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return the mandator name as a string.
+ */
+ public static String extractMandatorName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ // first check if physical person
+ Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+ if (name != null) {
+ String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue();
+ String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue();
+
+ return givenName + " " + familyName;
+ }
+
+ // check if corporate body
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode);
+ if (fullName != null) {
+ return fullName.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ //e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts specific text of an element of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the resulting text of the mandator element.
+ */
+ public static String extractText(Element mandator, String xpath) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode);
+ if (textNode == null)
+ return null;
+ return textNode.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the date of birth of the mandator of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the dob of the mandator.
+ */
+ public static String extractMandatorDateOfBirth(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode);
+ if (dobName == null)
+ return null;
+ return dobName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the full name of the mandators corporate body of a given
+ * md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the full name of the mandator.
+ */
+ public static String extractMandatorFullName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode);
+ if (fullName == null)
+ return null;
+ return fullName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the identification value of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification value.
+ */
+ public static String extractMandatorWbpk(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValue != null) {
+ return idValue.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts the identification type of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification type.
+ */
+ public static String extractMandatorIdentificationType(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idType != null) {
+ return idType.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /*
+ *
+ */
+ public static String getIdentification(Element personElement, String element) throws ParseException {
+ try {
+
+ Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode)
+ .getNodeValue();
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /*
+ *
+ */
+ private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Serializes a XML element to a given output stream.
+ *
+ * @param element
+ * the XML element to serialize.
+ * @param out
+ * the output streamt o serialize to.
+ * @throws IOException
+ * if an I/O error occurs during serialization.
+ */
+ public static void serializeElement(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(false);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format);
+ serializer.serialize(element);
+ }
+
+ public static void saveStringToFile(String str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str.getBytes());
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveBytesToFile(byte[] str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str);
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveElementToFile(Element elem, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ serializeElementWithoutEncoding(elem, fos);
+ fos.flush();
+ fos.close();
+ }
+
+ /**
+ * Creates an empty XML document.
+ *
+ * @return a newly created empty XML document.
+ * @throws SZRGWClientException
+ * if an error occurs creating the empty document.
+ */
+ public static Document createEmptyDocument() throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ return factory.newDocumentBuilder().newDocument();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+
+ /**
+ * Tells if the Validator of an Infobox is enabled. If the corresponding application
+ * specific configuration element <code>EnableInfoboxValidator</code> is missing, a default value <code>true</code> is assumed
+ *
+ * @param applicationSpecificParams
+ * the XML element of the infobox configuration.
+ * @return the boolean value of the determination.
+ * @throws ConfigurationException
+ * if an error occurs reading the configuration.
+ */
+ public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException {
+ try {
+ Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+
+ //ParepUtils.serializeElement(applicationSpecificParams, System.out);
+ Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX
+ + ":EnableInfoboxValidator/text()", nameSpaceNode);
+ if (validatorEnabledNode != null) {
+ return BoolUtils.valueOf(validatorEnabledNode.getNodeValue());
+ }
+ return true;
+ } catch (Exception e) {
+ // e.printStackTrace();
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+
+ /**
+ * Delivers a String with the description of the register which is described
+ * through the identification Type of a corporate body of the persondata schema
+ *
+ * @param identificationType
+ * the identification type.
+ * @return the register description.
+ */
+ public static String getRegisterString(String identificationType) {
+ String corporateBase = Constants.URN_PREFIX_BASEID + "+";
+ if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null;
+ String register = identificationType.substring(corporateBase.length());
+ if (ParepUtils.isEmpty(register)) return null;
+ if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
+ if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ return null;
+ }
+
+ /**
+ * Hides Stammzahlen in the given element
+ *
+ * @param hideElement The element where Stammzahlen should be replaced.
+ * @param businessApplication For decision whether to calc a bPK or wbPK.
+ * @param target Target for calculating a bPK.
+ * @param registerID Necessary string for calculating a wbPK (example <code>FN+4096i</code>).
+ * @param blank Switch for behaviour.
+ * <code>true</code> if Stammzahlen are blinded. All occurences will be replaced by empty strings.
+ * <code>false</code> calculates (w)bPKs and changes also the <code>pr:Identifivation/pr:Type</code> elements.
+ * @return The element where Stammzahlen are hidden.
+ */
+ public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank)
+ throws BuildException {
+ try {
+ if (hideElement != null) {
+ Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode);
+ for (int i = 0; i < identifications.getLength(); i++) {
+ Element identificationElement = (Element) identifications.item(i);
+ Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) {
+ Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) {
+ Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden.");
+ throw new BuildException("builder.02", null);
+ }
+ if (blank) {
+ idValueNode.setNodeValue("");
+ } else {
+ String idValue = idValueNode.getNodeValue();
+ if (businessApplication) {
+ // wbPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID);
+ String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID);
+ idValueNode.setNodeValue(bpkBase64);
+
+ } else {
+ // bPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK);
+ String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target);
+ idValueNode.setNodeValue(bpkBase64);
+ }
+ }
+ }
+ }
+ }
+ } catch (Exception e) {
+ throw new BuildException("builder.02", null);
+ }
+ return hideElement;
+ }
+
+ /**
+ * Replaces each substring of string <code>s</code> that matches the given
+ * <code>search</code> string by the given <code>replace</code> string.
+ *
+ * @param s The string where the replacement should take place.
+ * @param search The pattern that should be replaced.
+ * @param replace The string that should replace all each <code>search</code>
+ * string within <code>s</code>.
+ * @return A string where all occurrence of <code>search</code> are
+ * replaced with <code>replace</code>.
+ */
+ public static String replaceAll (String s, String search, String replace) {
+ if (replace==null) replace = "";
+ return StringUtils.replaceAll(s, search, replace);
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml"));
+// Element mandatorElement = extractMandator(mandate.getDocumentElement());
+// System.out.println(extractMandatorName(mandatorElement));
+// System.out.println(extractMandatorDateOfBirth(mandatorElement));
+// System.out.println(extractMandatorWbpk(mandatorElement));
+// //serializeElement(mandatorElement, System.out);
+// serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out);
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java new file mode 100644 index 000000000..7bd6f5e28 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -0,0 +1,607 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a MOA-ID Infobox Validator for validating
+ * a standardized XML mandate using the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ */
+public class ParepValidator implements InfoboxValidator {
+
+ /** activates debug settings */
+ private boolean PAREP_DEBUG = false;
+
+ /** contains the parameters the validator initially was called with */
+ private InfoboxValidatorParams params = null;
+
+ /** contains the configuration of the validator */
+ private ParepConfiguration parepConfiguration = null;
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID = null;
+
+ /** holds the information of the SZR-request */
+ private CreateMandateRequest request = null;
+
+ /** List of extended SAML attributes. */
+ private Vector extendedSamlAttributes = new Vector();
+
+ /** the class which processes the user input */
+ private ParepInputProcessor inputProcessor = null;
+
+ /** The form if user input is necessary */
+ private String form = null;
+
+ /** unspecified error of parep-validator (must not know more about)*/
+ private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten";
+
+ /** Default class to gather remaining mandator data. */
+ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+
+ /** Default template to gather remaining mandator data. */
+ public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+
+ /** kind of representation text in AUTH block*/
+ public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)";
+
+ /** Names of the produced SAML-attributes. */
+ public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+ public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+ public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+ public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; + public final static String EXT_SAML_MANDATE_OID = "OID"; + + /** */ + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+
+ /** register and register number for non physical persons - the domain identifier for business applications*/
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+
+ /**
+ * Parses the XML configuration element and creates the validators configuration
+ * Use this function if you want to preconfigure the validator.
+ *
+ * @param configElem
+ * the XML configuration element to parse.
+ * @throws ConfigurationException
+ * if an error occurs during the configuration process
+ */
+ public void Configure(Element configElem) throws ConfigurationException {
+ if (this.parepConfiguration == null) {
+ Logger.debug("Lade Konfiguration.");
+ parepConfiguration = new ParepConfiguration(configElem);
+ Logger.debug("Konfiguration erfolgreich geladen.");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+ */
+ public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+
+ try {
+ Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+ this.params = params;
+
+ Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+ // ParepUtils.serializeElement(mandate, System.out);
+ this.representationID = ParepUtils.extractRepresentativeID(mandate);
+ if (ParepUtils.isEmpty(representationID)) {
+ validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+ return validationResult;
+ }
+
+ // Überprüfen der Identifikation (Type/Value).
+ String identificationType = this.params.getIdentificationType();
+ String identificationValue = this.params.getIdentificationValue();
+ if (this.params.getBusinessApplication()) {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+ return validationResult;
+
+ } else {
+ Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+ }
+ } else {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+ if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ } else {
+ Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+ }
+ } else {
+ if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+ identificationType = Constants.URN_PREFIX_CDID;
+ String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+ identificationValue = bpkBase64;
+ Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+ } else {
+ Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+ }
+ }
+ }
+
+ Configure(this.params.getApplicationSpecificParams());
+ // check if we have a configured party representative for that
+ if (!parepConfiguration.isPartyRepresentative(representationID)) {
+ Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ }
+
+ // Vertreter
+ this.request = new CreateMandateRequest();
+ request.setRepresentative(this.params, identificationType, identificationValue);
+ // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+ //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+
+ Logger.debug("Prüfe vorausgefüllte Daten...");
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ boolean formNecessary = false;
+ // Vertretener (erstes Vorkommen)
+ Element mandator = ParepUtils.extractMandator(mandate);
+ if (mandator != null) {
+ // ParepUtils.serializeElement(mandator, System.out);
+ // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+
+ }
+ if (physical) {
+ if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+ formNecessary = true;
+ }
+ } else {
+ if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ }
+ }
+
+ //Zeigen wir, dass die Daten übernommen wurden:
+ if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+
+ // Input processor
+ this.form = "";
+ if (formNecessary) {
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.start(
+ physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ } else {
+ // Request vorbereiten mit vorgegebenen Daten
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ }
+
+
+ // ParepUtils.serializeElement(request.getMandator(), System.out);
+ // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
+ validationResult.setValid(true);
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+ */
+ public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+ Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+ if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+
+ // Input processor
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.validate(parameters, null);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+ return validationResult;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+ */
+ public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+ this.form = "";
+ try {
+
+
+ request.setSignature(samlAssertion);
+
+//DPO debug
+// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+// String id = representationID;
+// CreateMandateResponse response;
+// if (true) {
+// if (this.params.getHideStammzahl()) {
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
+// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
+// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
+// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// }
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+
+ //ParepUtils.serializeElement(request.toElement(), System.out);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+
+ // configure szrgw client
+ Logger.debug("Lade SZR-GW Client.");
+ SZRGWClient client = new SZRGWClient();
+ // System.out.println("Parameters: " + cfg.getConnectionParameters());
+ Logger.debug("Initialisiere Verbindung...");
+ ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+ // Logger.debug("Connection Parameters: " + connectionParameters);
+ Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ }
+
+ Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
+ CreateMandateResponse response;
+ Element requ = request.toElement();
+ try {
+ response = client.createMandateResponse(requ);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ client = new SZRGWClient(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ response = client.createMandateResponse(requ);
+ }
+ Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
+ if (response.getResultCode()==2000) {
+ if(response.getMandate()==null) {
+ Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+
+
+ //DPO debug output (2lines)
+ String id = representationID;
+ if (id.equals("*")) id="standardisiert";
+
+ Element mandate = response.getMandate();
+ // Replace Stammzahlen
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+ if (this.params.getHideStammzahl()) {
+ ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
+ }
+
+ extendedSamlAttributes.clear();
+ // Vollmacht
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+ } else {
+ String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+ String responseInfo = response.getInfo();
+ if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ validationResult.setErrorMessage(errorMsg);
+ } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
+ // Person not found
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ switch (response.getResultCode()) {
+ case 5230:
+ errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben.";
+ break;
+ case 5231:
+ errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben.";
+ break;
+ default:
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ }
+ this.form = inputProcessor.validate(generateParameters(), errorMsg);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ validationResult.setValid(true);
+ } else {
+ // Do not inform the user too much
+ Logger.error(errorMsg);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ }
+
+ }
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /**
+ * provides the primary infobox token of the given list.
+ *
+ * @param infoBoxTokens
+ * the list of infobox tokens.
+ * @return
+ * the XML element of the primary token.
+ * @throws ValidateException
+ * if an error occurs or list is not suitable.
+ */
+ public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+ if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+ throw new ValidateException("validator.62", null);
+ }
+ for (int i = 0; i < infoBoxTokens.size(); i++) {
+ InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+ if (token.isPrimary()) {
+ return token.getXMLToken();
+ }
+ }
+ throw new ValidateException("validator.62", null);
+ }
+
+ /*
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+ ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+ extendedSamlAttributes.copyInto(ret);
+ Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+ return ret;
+ }
+
+
+ /**
+ * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+ */
+ public String getForm() {
+ return this.form;
+ }
+
+ /**
+ * Gets the user form input processor (class) assigned to the current party representative
+ * If the method is called for the first time it initializes the input processor.
+ *
+ * @return The user form input processor
+ */
+ private ParepInputProcessor getInputProcessor() {
+
+ if (this.inputProcessor!=null) return inputProcessor;
+ String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+ ParepInputProcessor inputProcessor = null;
+ try {
+ Class inputProcessorClass = Class.forName(inputProcessorName);
+ inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+ inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+ } catch (Exception e) {
+ Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+ }
+ this.inputProcessor = inputProcessor;
+ return inputProcessor;
+ }
+
+ /**
+ * Generates the parameter list, which is needed to simulate a return from
+ * an user form.
+ *
+ * @return the form parameters
+ */
+ private Map generateParameters() {
+ Map parameters = new HashMap();
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ try {
+ // Vertretener (erstes Vorkommen)
+ Element mandator = request.getMandator();
+ if (mandator != null) {
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+ }
+ } catch (Exception e) {
+ Logger.error("Could not extract Mandator form SZR-gateway request");
+ }
+ parameters.put("familyname_", familyName);
+ parameters.put("givenname_", givenName);
+ parameters.put("dateofbirth_", dateOfBirth);
+ parameters.put("dobyear_", dateOfBirth.substring(0,4));
+ parameters.put("dobmonth_", dateOfBirth.substring(5,7));
+ parameters.put("dobday_", dateOfBirth.substring(8,10));
+ parameters.put("physical_", physical ? "true" : "false");
+ parameters.put("fullname_", cbFullName);
+ parameters.put("cbidentificationtype_", cbIdentificationType);
+ parameters.put("cbidentificationvalue_", cbIdentificationValue);
+ parameters.put("postalcode_", postalCode);
+ parameters.put("municipality_", municipality);
+ parameters.put("streetname_", streetName);
+ parameters.put("buildingnumber_", buildingNumber);
+ parameters.put("unit_", unit);
+ return parameters;
+ }
+
+ /**
+ * Adds the AUTH block related SAML attributes to the validation result.
+ * This is needed always before the AUTH block is to be signed, because the
+ * name of the mandator has to be set
+ */
+ private void addAuthBlockExtendedSamlAttributes() {
+ extendedSamlAttributes.clear();
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ Element mandator = request.getMandator();
+ // Name
+ String name = ParepUtils.extractMandatorName(mandator);
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ // Geburtsdatum
+ String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+ if (dob != null && !"".equals(dob)) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ // (w)bpk
+ String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+ if (!ParepUtils.isEmpty(wbpk)) {
+ if (!ParepUtils.isPhysicalPerson(mandator)){
+ String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+ if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ } else if (this.params.getBusinessApplication()) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ }
+ }
+
+// public static void main(String[] args) throws Exception {
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java new file mode 100644 index 000000000..fc845f579 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -0,0 +1,183 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class PartyRepresentative {
+
+ /** Object Identifier **/
+ private String oid;
+
+ private boolean representPhysicalParty;
+
+ private boolean representCorporateParty;
+
+ /**
+ * Text for representation description in SAML Assertion (Auth-Block)
+ * */
+ private String representationText;
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter connectionParameters = null;
+
+ private String inputProcessorClass = null;
+ private String inputProcessorTemplate = null;
+
+ /**
+ * Constructor
+ */
+public PartyRepresentative() {
+ this.oid = null;
+ this.representPhysicalParty = false;
+ this.representCorporateParty = false;
+ this.connectionParameters = null;
+ this.representationText = null;
+}
+
+/**
+ * Constructor
+ */
+ public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) {
+ this.oid = null;
+ this.representPhysicalParty = representPhysicalParty;
+ this.representCorporateParty = representCorporateParty;
+ this.connectionParameters = null;
+ this.representationText = null;
+ this.inputProcessorClass = null;
+ this.inputProcessorTemplate = null;
+ }
+
+ /**
+ * @return the oid
+ */
+ public String getOid() {
+ return oid;
+ }
+
+ /**
+ * @param oid the oid to set
+ */
+ public void setOid(String oid) {
+ this.oid = oid;
+ }
+
+ /**
+ * @return the representPhysicalParty
+ */
+ public boolean isRepresentingPhysicalParty() {
+ return representPhysicalParty;
+ }
+
+ /**
+ * @param representPhysicalParty the representPhysicalParty to set
+ */
+ public void setRepresentingPhysicalParty(boolean representPhysicalParty) {
+ this.representPhysicalParty = representPhysicalParty;
+ }
+
+ /**
+ * @return the representCorporateParty
+ */
+ public boolean isRepresentingCorporateParty() {
+ return representCorporateParty;
+ }
+
+ /**
+ * @param representCorporateParty the representCorporateParty to set
+ */
+ public void setRepresentingCorporateParty(boolean representCorporateParty) {
+ this.representCorporateParty = representCorporateParty;
+ }
+
+ /**
+ * @return the connectionParameters
+ */
+ public ConnectionParameter getConnectionParameters() {
+ return connectionParameters;
+ }
+
+ /**
+ * @param connectionParameters the connectionParameters to set
+ */
+ public void setConnectionParameters(ConnectionParameter connectionParameters) {
+ this.connectionParameters = connectionParameters;
+ }
+
+
+ /**
+ * @return the representationText
+ */
+ public String getRepresentationText() {
+ return representationText;
+ }
+
+
+ /**
+ * @param representationText the representationText to set
+ */
+ public void setRepresentationText(String representationText) {
+ this.representationText = representationText;
+ }
+
+ /**
+ * @return the inputProcessorClass
+ */
+ public String getInputProcessorClass() {
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param inputProcessorClass the inputProcessorClass to set
+ */
+ public void setInputProcessorClass(String inputProcessorClass) {
+ this.inputProcessorClass = inputProcessorClass;
+ }
+
+ /**
+ * @return the inputProcessorTemplate
+ */
+ public String getInputProcessorTemplate() {
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param inputProcessorTemplate the inputProcessorTemplate to set
+ */
+ public void setInputProcessorTemplate(String inputProcessorTemplate) {
+ this.inputProcessorTemplate = inputProcessorTemplate;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java new file mode 100644 index 000000000..eae5dba05 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java @@ -0,0 +1,62 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+
+import org.w3c.dom.Element; +
+
+/**
+ * This class implements a SZR-gateway GetIdentityLink Response.
+ *
+ */
+public class CreateIdentityLinkResponse {
+
+ private Element assertion;
+ private String error;
+ private boolean isError;
+
+ public Element getAssertion() {
+ return assertion;
+ }
+ public String getError() {
+ return error;
+ }
+
+ public void setAssertion(Element assertion) {
+ isError = false;
+ this.assertion = assertion;
+ }
+ public void setError(String error) {
+ isError = true;
+ this.error = error;
+ }
+
+ public boolean isError() {
+ return isError;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java new file mode 100644 index 000000000..53f786eb3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -0,0 +1,281 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.util.ArrayList; +import java.util.List; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.util.Constants; +
+/**
+ * This class implements a detailed CreateMandateRequest that
+ * will be sent to SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateRequest {
+
+ /**
+ * The Request.
+ */
+ private Document document;
+
+ /**
+ * List of mandate representatives as XML element.
+ */
+ private List representatives;
+
+ /**
+ * The mandator.
+ */
+ private Element mandator;
+
+ /**
+ * The representative.
+ */
+ private Element representative;
+
+ /**
+ * The signature to verify by the SZR-gateway
+ */
+ private Element signature;
+
+
+
+ /**
+ * Creates the CreateMandateRequest element that will
+ * be sent to SZR-gateway
+ *
+ * @return the CreateMandateRequest element.
+ */
+ public Element toElement() throws SZRGWClientException{
+
+ this.document = ParepUtils.createEmptyDocument();
+ Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST);
+ root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true));
+ if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true));
+ if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true));
+
+ return root;
+ }
+
+ /**
+ * Adds a representative.
+ *
+ * @param representative an XML representative to add.
+ */
+ public void addRepresentative(Element representative) {
+ if (representatives == null) {
+ representatives = new ArrayList();
+ }
+ representatives.add(representative);
+ }
+
+ /**
+ * Gets the representative.
+ *
+ * @return the representative.
+ */
+ public Element getRepresentative() {
+ return representative;
+ }
+
+ /**
+ * Gets the mandator.
+ *
+ * @return the mandator.
+ */
+ public Element getMandator() {
+ return mandator;
+ }
+
+ /**
+ * Sets the mandator.
+ *
+ * @param mandator the mandator.
+ */
+ public void setMandator(Element mandator) {
+ this.mandator = mandator;
+ }
+
+ /**
+ * Sets the Mandator.
+ *
+ * @param familyName the family name of the mandator.
+ */
+ public void setMandator(String familyName, String givenName, String dateOfBirth,
+ String postalCode, String municipality, String streetName, String buildingNumber, String unit,
+ boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException {
+
+ Document mandatorDocument = ParepUtils.createEmptyDocument();
+
+ Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR);
+// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ if (physical) {
+ Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON);
+ physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName));
+ physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth));
+ mandatorElem.appendChild(physicalPersonElem);
+ Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit);
+ if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement);
+ } else {
+ Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY);
+ corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue));
+ corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName));
+ mandatorElem.appendChild(corporateBodyElem);
+ }
+
+
+ this.mandator = mandatorElem;
+ }
+
+ private Element createPersonDataElem(Document document, String elementName, String elementValue) {
+ Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName);
+ Node value = document.createTextNode(elementValue);
+ elem.appendChild(value);
+ return elem;
+ }
+
+ private Element createIdentificationElem(Document document, String identificationType, String identificationValue) {
+ Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION);
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue));
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType));
+ return identificationElem;
+ }
+ private Element createNameElem(Document document, String givenName, String familyName) {
+ Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME);
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName));
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName));
+ return nameElem;
+ }
+ private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) {
+
+ if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName)
+ && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null;
+ Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS);
+
+ if (!ParepUtils.isEmpty(postalCode)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode));
+ }
+ if (!ParepUtils.isEmpty(municipality)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality));
+ }
+ if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) {
+ Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS);
+
+ if (!ParepUtils.isEmpty(streetName)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName));
+ }
+ if (!ParepUtils.isEmpty(buildingNumber)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber));
+ }
+ if (!ParepUtils.isEmpty(unit)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit));
+ }
+ postalAddressElem.appendChild(deliveryAddressElem);
+ }
+ return postalAddressElem;
+ }
+
+
+
+ /**
+ * Sets the Representative.
+ *
+ * @param params InfoboxValidatorParams contain the data of the representative.
+ * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid).
+ * @param identificationValue the identification value (bPK).
+ */
+ public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException {
+
+ Document representativeDocument = ParepUtils.createEmptyDocument();
+
+ Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ //Old Version 0.0.1 of SZR-Gateway
+// representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
+// representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
+// representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
+
+ //New since version 0.0.2 of SZR-Gateway:
+ // we need to send an identity link and must replace its identification value
+ representativeElem.appendChild(representativeElem.getOwnerDocument().importNode(params.getIdentityLink(), true));
+ try {
+ Element nameSpaceNode = representativeElem.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ Node identificationValueNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (identificationValueNode != null) {
+ identificationValueNode.setNodeValue(identificationValue);
+ } else {
+ throw new SZRGWClientException("validator.63", null);
+ }
+ Node identificationTypeNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (identificationTypeNode != null) {
+ identificationTypeNode.setNodeValue(identificationType);
+ } else {
+ throw new SZRGWClientException("validator.63", null);
+ }
+ } catch (Exception e) {
+ throw new SZRGWClientException("validator.63", null);
+ }
+ this.representative = representativeElem;
+ }
+
+ /**
+ * @return the signature
+ */
+ public Element getSignature() {
+ return signature;
+ }
+
+ /**
+ * @param signature the signature to set
+ */
+ public void setSignature(Element signature) throws SZRGWClientException{
+ Document signatureDocument = ParepUtils.createEmptyDocument();
+ Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature");
+ //SZR-gateway takes the first Signature
+ //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature");
+ signatureElem.appendChild(signatureDocument.importNode(signature, true));
+ this.signature = signatureElem;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java new file mode 100644 index 000000000..40867536c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -0,0 +1,159 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway CreateMandate Response.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateResponse {
+
+ /**
+ * Result code of the request.
+ */
+ private int resultCode;
+
+ /**
+ * Description of the result.
+ */
+ private String resultInfo;
+
+ /**
+ * The returned mandate.
+ */
+ private Element mandate;
+
+ /**
+ * @return the resultCode
+ */
+ public int getResultCode() {
+ return resultCode;
+ }
+
+ /**
+ * @param resultCode the resultCode to set
+ */
+ public void setResultCode(String resultCode) {
+ if (resultCode!=null) {
+ this.resultCode = Integer.parseInt(resultCode);
+ } else {
+ this.resultCode = 0;
+ }
+ }
+
+ /**
+ * @return the resultInfo
+ */
+ public String getInfo() {
+ return resultInfo;
+ }
+
+ /**
+ * @param resultInfo the resultInfo to set
+ */
+ public void setInfo(String resultInfo) {
+ this.resultInfo = resultInfo;
+ }
+
+ /**
+ * @return the mandate
+ */
+ public Element getMandate() {
+ return mandate;
+ }
+
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMandate(Element mandate) {
+ this.mandate = mandate;
+ }
+
+
+ /**
+ * Parses the SZR-gateway response.
+ *
+ * @param response the SZR-gateway response.
+ * @throws SZRGWClientException if an error occurs.
+ */
+ public void parse(Element response) throws SZRGWClientException {
+ try {
+
+ // first check if response is a soap error
+ NodeList list = response.getElementsByTagName("faultstring");
+ if (list.getLength() > 0) {
+ String faultCode = "";
+ String faultString = "";
+ Element snameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode");
+ snameSpaceNode.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+ Node faultCodeNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTCODE, snameSpaceNode);
+ Node faultStringNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTSTRING, snameSpaceNode);
+ if (faultCodeNode!=null) faultCode = faultCodeNode.getNodeValue();
+ if (faultStringNode!=null) faultString = faultStringNode.getNodeValue();
+ throw new SZRGWClientException("Fehler bei SZR-Gateway (SOAP-Error " + faultCode + "): " + faultString);
+ }
+
+ this.mandate = null;
+ this.resultCode = 2000;
+ this.resultInfo = null;
+ // parse single SZR-gateway results
+ Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode);
+ if (mandateNode!=null) {
+ this.mandate = (Element) mandateNode;
+ } else {
+ String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/";
+ Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode);
+ if (errorCode!=null) setResultCode(errorCode.getNodeValue());
+ Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode);
+ this.setInfo(errorInfo.getNodeValue());
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+// CreateMandateResponse resp = new CreateMandateResponse();
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml"));
+// Element response = doc.getDocumentElement();
+// resp.parse(response);
+// System.out.println(resp.getResultCode());
+// System.out.println(resp.getInfo());
+// if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java new file mode 100644 index 000000000..2efde3188 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -0,0 +1,56 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+
+/**
+ * SOAP Envelope Constants.
+ *
+ * @author <a href="mailto:arne.tauber@egiz.gv.at">Arne Tauber</a>
+ * @version $ $
+ **/
+public interface SOAPConstants {
+
+ /*
+ * Namespaces and namespace prefixes for SOAP message handling
+ */
+ public static final String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/";
+ public static final String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/";
+ public static final String SOAP_ENV_PREFIX = "soapenv:";
+ public static final String SOAP_ENV_POSTFIX = ":soapenv";
+
+ public static final String ENVELOPE = "Envelope";
+ public static final String BODY = "Body";
+ public static final String FAULT = "Fault";
+ public static final String ENCODING_STYLE = "encodingStyle";
+
+ public static final String XPATH_SOAP_FAULT = "/" + SOAP_ENV_PREFIX + ENVELOPE + "/" + SOAP_ENV_PREFIX + BODY + "/" + SOAP_ENV_PREFIX + FAULT;
+ public static final String XPATH_SOAP_FAULTCODE = XPATH_SOAP_FAULT + "/faultcode/text()";
+ public static final String XPATH_SOAP_FAULTSTRING = XPATH_SOAP_FAULT + "/faultstring/text()";
+
+
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java new file mode 100644 index 000000000..e3457f4de --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -0,0 +1,395 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; + +import javax.net.ssl.SSLSocketFactory; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.Text; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + + + +/** + * This class implements a client for communication with the SZR-gateway + * <p> + * Two types of requests are supported + * <ol> + * <li>Basic Request</li> + * <li>Detailed Request</li> + * </ol> + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public class SZRGWClient { + /** + * The URL of the SZR-gateway webservice. + */ + private String address; + + /** + * The SSL socket factory when using a secure connection. + */ + private SSLSocketFactory sSLSocketFactory; + + /** + * Constructor + */ + public SZRGWClient() { + } + + /** + * Constructor + * + * @param address the URL of the SZR-gateway webservice. + */ + public SZRGWClient(String address) { + this.address = address; + } + /** + * Sets the SSL socket factory. + * + * @param factory the SSL socket factory. + */ + public void setSSLSocketFactory(SSLSocketFactory factory) { + this.sSLSocketFactory = factory; + } + + /** + * Sets the SZR webservice URL + * + * @param address the URL of the SZR-gateway webservice. + */ + public void setAddress(String address) { + this.address = address; + } + + /** + * Creates a mandate. + * + * @param reqElem the request. + * @return a SZR-gateway response containing the result + * @throws SZRGWException when an error occurs creating the mandate. + */ + public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException { + //Logger.info("Connecting to SZR-gateway."); + try { + if (address == null) { + throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); + } + HttpClient client = new HttpClient(); + PostMethod method = new PostMethod(address); + method.setRequestHeader("SOAPAction", ""); + + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + // create soap body + Element soapBody = getSOAPBody(); + Document doc = soapBody.getOwnerDocument(); + soapBody.appendChild(doc.importNode(reqElem, true)); + Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + + //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml")); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.serializeElementAsDocument(requestElement, bos); + + method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); + client.executeMethod(method); + CreateMandateResponse response = new CreateMandateResponse(); + + bos = new ByteArrayOutputStream(); + doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + + //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml")); + response.parse(doc.getDocumentElement()); + + + return response; + } catch(Exception e) { + //e.printStackTrace(); + throw new SZRGWClientException(e); + } + } + + /** + * Gets a identity link. + * + * @param reqElem the request. + * @return a SZR-gateway response containing the result + * @throws SZRGWException when an error occurs creating the mandate. + */ + public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException { + + try { + if (address == null) { + throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); + } + HttpClient client = new HttpClient(); + PostMethod method = new PostMethod(address); + method.setRequestHeader("SOAPAction", ""); + + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + // create soap body + Element soapBody = getSOAPBody(); + Document doc = soapBody.getOwnerDocument(); + soapBody.appendChild(doc.importNode(reqElem, true)); + Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + + //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml")); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.serializeElementAsDocument(requestElement, bos); + + method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); + client.executeMethod(method); + CreateIdentityLinkResponse response = new CreateIdentityLinkResponse(); + + bos = new ByteArrayOutputStream(); + doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml")); + + NodeList list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse"); + if (list.getLength() > 0) { + // set error response + list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info"); + String error = DOMUtils.getText(list.item(0)); + + response.setError(error); + } + else { + // set assertion + DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + Document newdoc = builder.newDocument(); + + Element nameSpaceNode = newdoc.createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + nameSpaceNode.setAttribute("xmlns:" + Constants.SAML_PREFIX, Constants.SAML_NS_URI); + + Element samlAssertion = (Element)XPathAPI.selectSingleNode(doc, "//saml:Assertion[1]", nameSpaceNode); + + if (samlAssertion == null) + throw new SZRGWClientException("Could not found a saml:Assertion element in response."); + else + response.setAssertion(samlAssertion); + } + + return response; + + } catch(Exception e) { + throw new SZRGWClientException(e); + } + } + + + /* + * builds an XML soap envelope + */ + private Element getSOAPBody() throws SZRGWClientException { + Document doc_; + try { + doc_ = ParepUtils.createEmptyDocument(); + Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE); + doc_.appendChild(root); + + root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS); + //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE); + root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema"); + root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); + + Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY); + root.appendChild(body); + + return body; + } catch (SZRGWClientException e) { + throw new SZRGWClientException(e); + } + + } + + public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + try { + DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); + getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); + doc.appendChild(getIdentityLink); + + if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { + + Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); + getIdentityLink.appendChild(pepsDataElem); + + if (PEPSIdentifier != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSIdentifier); + elem.appendChild(text); + } + if (PEPSFirstname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFirstname); + elem.appendChild(text); + } + + if (PEPSFamilyname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFamilyname); + elem.appendChild(text); + } + + if (PEPSDateOfBirth != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSDateOfBirth); + elem.appendChild(text); + } + } + + if (signature == null) + throw new SZRGWClientException("Signature element must not be null!"); + else { + Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); + Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent"); + sig.appendChild(xmlcontent); + Node n = doc.importNode(signature, true); + getIdentityLink.appendChild(sig); + xmlcontent.appendChild(n); + } + + + return doc; + } catch (ParserConfigurationException e) { + throw new SZRGWClientException(e); + } /*catch (CertificateEncodingException e) { + throw new SZRGWClientException(e); + }*/ + + + } + + public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + + String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + + try { + DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); + getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); + doc.appendChild(getIdentityLink); + + if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { + + Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); + getIdentityLink.appendChild(pepsDataElem); + + if (PEPSIdentifier != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSIdentifier); + elem.appendChild(text); + } + if (PEPSFirstname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFirstname); + elem.appendChild(text); + } + + if (PEPSFamilyname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFamilyname); + elem.appendChild(text); + } + + if (PEPSDateOfBirth != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSDateOfBirth); + elem.appendChild(text); + } + } + + if (signature == null) + throw new SZRGWClientException("Signature element must not be null!"); + else { + Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); + Element base64content = doc.createElementNS(SZRGW_NS, "szrgw:Base64Content"); + sig.appendChild(base64content); + getIdentityLink.appendChild(sig); + Text text= doc.createTextNode(signature); + base64content.appendChild(text); + } + + return doc; + } catch (ParserConfigurationException e) { + throw new SZRGWClientException(e); + } /*catch (CertificateEncodingException e) { + throw new SZRGWClientException(e); + }*/ + + + } + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java new file mode 100644 index 000000000..49198d79f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -0,0 +1,66 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/** + * This class implements the basic exception type for the SZR-gateway client + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public class SZRGWClientException extends Exception { + + /** + * + */ + private static final long serialVersionUID = 26538259471017714L; + +/* + * see super constructor. + */ + public SZRGWClientException() { + super(); + } + + /* + * see super constructor. + */ + public SZRGWClientException(String arg0) { + super(arg0); + } + + /* + * see super construction. + */ + public SZRGWClientException(Throwable arg0) { + super(arg0); + } + + /* + * see super constructor + */ + public SZRGWClientException(String arg0, Throwable arg1) { + super(arg0, arg1); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java new file mode 100644 index 000000000..ab559aff9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -0,0 +1,78 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/** + * This interface specifies all the constants needed for the communication with the SZR-gateway. + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public interface SZRGWConstants { + + //PersonData + public static final String PD_PREFIX = "pr:"; + public static final String PD_POSTFIX = ":pr"; + public static final String PERSON = "Person"; + public static final String PHYSICALPERSON = "PhysicalPerson"; + public static final String CORPORATEBODY = "CorporateBody"; + public static final String IDENTIFICATION = "Identification"; + public static final String VALUE = "Value"; + public static final String TYPE = "Type"; + public static final String NAME = "Name"; + public static final String GIVENNAME = "GivenName"; + public static final String FAMILYNAME = "FamilyName"; + public static final String DATEOFBIRTH = "DateOfBirth"; + public static final String FULLNAME = "FullName"; + public static final String ORGANIZATION = "Organization"; + + public static final String POSTALADDRESS = "PostalAddress"; + public static final String DELIVERYADDRESS = "DeliveryAddress"; + public static final String MUNICIPALITY = "Municipality"; + public static final String POSTALCODE = "PostalCode"; + public static final String STREETNAME = "StreetName"; + public static final String BUILDINGNUMBER = "BuildingNumber"; + public static final String UNIT = "Unit"; + //String ADDRESS = "Address"; + //String COUNTRYCODE = "CountryCode"; + //String DOORNUMBER = "DoorNumber"; + + // SZR-gateway constants + public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + public static final String SZRGW_PREFIX = "sgw:"; + public static final String SZRGW_POSTFIX = ":sgw"; + public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; + public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; + public static final String ERROR_RESPONSE = "ErrorResponse"; + public static final String MANDATOR = "Mandator"; + public static final String REPRESENTATIVE = "Representative"; + public static final String MANDATE = "Mandate"; + public static final String MANDATE_PREFIX = "md:"; + public static final String MANDATE_POSTFIX = ":md"; + + public static final String SAML_PREFIX = "saml:"; + public static final String SAML_POSTFIX = ":saml"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java new file mode 100644 index 000000000..306384b53 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -0,0 +1,148 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+ +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; + +import javax.net.ssl.SSLSocketFactory; + +import org.apache.commons.httpclient.params.HttpConnectionParams; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; +
+/** + * This class implements a secure protocol socket factory + * for the Apache HTTP client. + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { + + /** + * The SSL socket factory. + */ + private SSLSocketFactory factory; + + /** + * Creates a new Secure socket factory for the + * Apache HTTP client. + * + * @param factory the SSL socket factory to use. + */ + public SZRGWSecureSocketFactory(SSLSocketFactory factory) { + this.factory = factory; + } + + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort) + throws IOException, UnknownHostException { + + return this.factory.createSocket( + host, + port, + clientHost, + clientPort + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) + */ + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException { + return this.factory.createSocket( + host, + port + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) + */ + public Socket createSocket( + Socket socket, + String host, + int port, + boolean autoClose) + throws IOException, UnknownHostException { + return this.factory.createSocket( + socket, + host, + port, + autoClose + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort, + HttpConnectionParams params) + throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException { + + Socket socket = createSocket(host, port, clientHost, clientPort); + if (socket != null) { + // socket.setKeepAlive(false); + if (params.getReceiveBufferSize() >= 0) + socket.setReceiveBufferSize(params.getReceiveBufferSize()); + if (params.getSendBufferSize() >= 0) + socket.setSendBufferSize(params.getSendBufferSize()); + socket.setReuseAddress(true); + if (params.getSoTimeout() >= 0) + socket.setSoTimeout(params.getSoTimeout()); + } + return socket; + + } + + /** + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object obj) { + return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class)); + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return SZRGWSecureSocketFactory.class.hashCode(); + } + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java new file mode 100644 index 000000000..bc5a0e061 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -0,0 +1,434 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator.parep.config;
+
+import java.io.File; +import java.io.FileInputStream; +import java.util.HashMap; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +
+/**
+ * This class implements the Configuration.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepConfiguration {
+
+ /**
+ * System property for config file.
+ */
+ public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter standardConnectionParameters;
+
+ /**
+ * Input field processor.
+ */
+ private String standardInputProcessorClass;
+
+ /**
+ * Input field processor template.
+ */
+ private String standardInputProcessorTemplate;
+
+ /**
+ * Configured party representatives.
+ */
+ private HashMap partyRepresentatives;
+
+ /**
+ * The configuration element.
+ */
+ private Element configElement = null;
+
+ /**
+ * Defines whether the user input form must be shown on each
+ * request or not (also predefined mandates)
+ */
+ private boolean alwaysShowForm = false;
+
+ /**
+ * The configuration base directory.
+ */
+ private String baseDir_;
+
+ /**
+ * Gets the SZR-GW connection parameters.
+ *
+ * @return the connection parameters.
+ */
+ public ConnectionParameter getConnectionParameters(String representationID) {
+ if (partyRepresentatives == null || "*".equals(representationID))
+ return standardConnectionParameters;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ ConnectionParameter connectionParameters = pr.getConnectionParameters();
+ if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+ return connectionParameters;
+ }
+
+ /**
+ * Sets the SZR-GW connection parameters for standard connection.
+ *
+ * @param connectionParameters
+ * the connection parameters.
+ */
+ public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+ this.standardConnectionParameters = connectionParameters;
+ }
+
+ /*
+ *
+ */
+ public String getFullDirectoryName(String fileString) {
+ return makeAbsoluteURL(fileString, baseDir_);
+ }
+
+ /*
+ *
+ */
+ private static String makeAbsoluteURL(String url, String root) {
+ // if url is relative to rootConfigFileDirName make it absolute
+
+ File keyFile;
+ String newURL = url;
+
+ if (null == url)
+ return null;
+
+ if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+ return url;
+ } else {
+ // check if absolute - if not make it absolute
+ keyFile = new File(url);
+ if (!keyFile.isAbsolute()) {
+ keyFile = new File(root, url);
+ newURL = keyFile.getPath();
+ }
+ return newURL;
+ }
+ }
+
+ /**
+ * Initializes the configuration with a given XML configuration element found
+ * in the MOA-ID configuration.
+ *
+ * @param configElem
+ * the configuration element.
+ * @throws ConfigurationException
+ * if an error occurs initializing the configuration.
+ */
+ public ParepConfiguration(Element configElem) throws ConfigurationException {
+
+ partyRepresentatives = new HashMap();
+ partyRepresentatives.put("*", new PartyRepresentative(true, true));
+
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+
+ try {
+
+ baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+ Logger.trace("Config base directory: " + baseDir_);
+ // check for configuration in system properties
+ if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+ Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+ this.configElement = doc.getDocumentElement();
+ } else {
+ this.configElement = configElem;
+ }
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+ }
+ load();
+ }
+
+ /*
+ *
+ */
+ private void load() throws ConfigurationException {
+ Logger.debug("Parse ParepValidator Konfiguration");
+ try {
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ // nameSpaceNode.setAttribute("xmlns:sgw",
+ // SZRGWConstants.SZRGW_PROFILE_NS);
+
+ Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorNode != null) {
+ this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+ Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassNode != null) {
+ this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+ }
+ }
+ Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+ if (alwaysShowFormNode != null) {
+ this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+ }
+
+ // load connection parameters
+ Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+ Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamElement != null) {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamElement, System.out);
+ this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+ }
+
+ Logger.trace("Lade Konfiguration der Parteienvertreter");
+ NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+ for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+
+ PartyRepresentative partyRepresentative = new PartyRepresentative();
+
+ Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+ boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+ boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+ partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+ partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+ partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+ partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+
+ Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorSubNode != null) {
+ partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+ Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassSubNode != null) {
+ partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+ }
+ }
+
+ Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamSubElement == null) {
+ if (this.standardConnectionParameters == null) {
+ throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+ + partyRepresentative.getOid() + " fehlen.", null, null);
+ }
+ } else {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+ partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+ }
+ partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+ Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+ + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+ + ", representationText=" + partyRepresentative.getRepresentationText()
+ + ")");
+ }
+
+ Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+ }
+ }
+
+ /*
+ *
+ */
+ private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+ try {
+ ConnectionParameter connectionParameter = new ConnectionParameter();
+
+ // parse connection url
+ String URL = connParamElement.getAttribute("URL");
+ connectionParameter.setUrl(URL);
+
+ // accepted server certificates
+ Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+ nameSpaceNode);
+ if (accServerCertsNode != null) {
+
+ String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+ Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+ connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+ }
+
+ // client key store
+ Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+ if (clientKeyStoreNode != null) {
+ String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+ connectionParameter.setClientKeyStore(clientKeystore);
+ }
+
+ // client key store password
+ Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+ nameSpaceNode);
+ if (clientKeyStorePasswordNode != null) {
+ connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+ }
+
+ return connectionParameter;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+ }
+ }
+
+ public boolean isPartyRepresentative(String representationID) {
+ if (partyRepresentatives == null)
+ return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ return pr != null;
+ }
+
+ public boolean isRepresentingCorporateParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingCorporateParty();
+ }
+
+ public boolean isRepresentingPhysicalParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingPhysicalParty();
+ }
+
+ public String getRepresentationText(String representationID) {
+ String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+ if (partyRepresentatives != null) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr != null) {
+ if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+ }
+ }
+ return result;
+ }
+
+ /**
+ * @return the input processor classname corresponding to <code>representationID</code>
+ * @param representationID
+ * the representation ID.
+ */
+ public String getInputProcessorClass(String representationID) {
+ String inputProcessorClass = standardInputProcessorClass;
+ if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorClass = pr.getInputProcessorClass();
+ if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+ }
+ }
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param standardInputProcessorClass the standardInputProcessorClass to set
+ */
+ public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+ this.standardInputProcessorClass = standardInputProcessorClass;
+ }
+
+ /**
+ * @return the InputProcessorTemplate
+ */
+ public String getInputProcessorTemplate(String representationID) {
+ String inputProcessorTemplate = standardInputProcessorTemplate;
+ if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+ if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+ }
+ }
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+ */
+ public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+ this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+ }
+
+ /**
+ * @return the alwaysShowForm
+ */
+ public boolean isAlwaysShowForm() {
+ return alwaysShowForm;
+ }
+
+ /**
+ * @param alwaysShowForm the alwaysShowForm to set
+ */
+ public void setAlwaysShowForm(String alwaysShowForm) {
+ if (ParepUtils.isEmpty(alwaysShowForm)) {
+ this.alwaysShowForm = false;
+ } else {
+ this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+ }
+ }
+
+ public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+ try {
+ if (configElement==null) return false;
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+ if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+ return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+ }
+ return false;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
+ }
+
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+// Configuration cfg = new Configuration(null);
+// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+//}
+
+}
|