diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
32 files changed, 3972 insertions, 161 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5f4ec2d29..75197943f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.File; +import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); - session.setTemplateURL(templateURL); + session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists @@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { bkuURL = DEFAULT_BKU; } session.setBkuURL(bkuURL); + session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), oaParam.getBusinessService(), @@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { pushInfobox = verifyInfoboxParameters.getPushInfobox(); + session.setPushInfobox(pushInfobox); } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); String certInfoDataURL = @@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); @@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((transformsInfos == null) || (transformsInfos.length == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); - } + } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaParam.getSlVersion12()); return createXMLSignatureRequest; } + /** * Builds an authentication block <code><saml:Assertion></code> from given session data. * @param session authentication session @@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { - Vector authAttributes = new Vector(); - Vector oaAttributes = new Vector(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new ValidateException("validator.41", new Object[] {identifier}); } else { String friendlyName = verifyInfoboxParameter.getFriendlyName(); + boolean isParepRequest = false; + + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // check for party representation in mandates infobox + if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); + Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); + //ParepUtils.serializeElement(mandate, System.out); + String mandateID = ParepUtils.extractRepresentativeID(mandate); + if (!isEmpty(mandateID) && + ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { + isParepRequest = true; + } + if (!isParepRequest) { + //if mandates validator is disabled we must throw an error in this case + if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) { + throw new ValidateException("validator.60", new Object[] {friendlyName}); + } + } + } + // get the class for validating the infobox InfoboxValidator infoboxValidator = null; try { - Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + Class validatorClass = null; + if (isParepRequest) { + // Mandates infobox in party representation mode + validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); + } else { + validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + } infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); } catch (Exception e) { Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + @@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + "\" for \"" + identifier + "\"-infobox."); - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = - ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); - } catch (ParseException e) { - Logger.error("InfoboxReadResponse for \"" + identifier + - "\"-infobox could not be parsed successfully: " + e.getMessage()); - throw new ValidateException("validator.43", new Object[] {friendlyName}); - } // build the parameters for validating the infobox InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( - session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + session, verifyInfoboxParameter, infoboxTokenList, oaParam); + // now validate the infobox InfoboxValidationResult infoboxValidationResult = null; try { @@ -605,89 +657,138 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.info(identifier + " infobox successfully validated."); + // store the validator for post processing + session.addInfoboxValidator(identifier, friendlyName, infoboxValidator); // get the SAML attributes to be appended to the AUTHBlock or to the final // SAML Assertion - ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); - if (extendedSAMLAttributes != null) { - int length = extendedSAMLAttributes.length; - for (int i=0; i<length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - String name = samlAttribute.getName(); - if (name == null) { - Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); - } - if (name == "") { - Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is empty."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); - } - if (samlAttribute.getNameSpace() == null) { - Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); - } - Object value = samlAttribute.getValue(); - if (value == null) { - Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); - } - if ((value instanceof String) || (value instanceof Element)) { - - switch (samlAttribute.getAddToAUTHBlock()) { - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: - authAttributes.add(samlAttribute); - oaAttributes.add(samlAttribute); - break; - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: - authAttributes.add(samlAttribute); - break; - case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: - oaAttributes.add(samlAttribute); - break; - default: - Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" - + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " - + (i+1) + " for infobox " + identifier); - throw new ValidateException( - "validator.47", new Object[] {friendlyName, String.valueOf((i+1))}); - } - } else { - Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + - " or \"org.w3c.dom.Element\""); - throw new ValidateException( - "validator.46", new Object[] {identifier, String.valueOf((i+1))}); - - } - } - - } + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); } } else { if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) { Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU"); throw new ValidateException( "validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()}); - } Logger.debug("Infobox \"" + identifier + "\" not returned from BKU."); - } + } } - session.setExtendedSAMLAttributesAUTH(authAttributes); - session.setExtendedSAMLAttributesOA(oaAttributes); } - } + } } /** + * Intermediate processing of the infoboxes. The first pending infobox + * validator may validate the provided input + * + * @param session The current authentication session + * @param parameters The parameters got returned by the user input fields + */ + public static void processInput(AuthenticationSession session, Map parameters) throws ValidateException + { + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(parameters); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } + } + } + } + + /** + * Adds given SAML Attributes to the current session. They will be appended + * to the final SAML Assertion or the AUTH block. If the attributes are + * already in the list, they will be replaced. + * + * @param session The current session + * @param extendedSAMLAttributes The SAML attributes to add + * @param identifier The infobox identifier for debug purposes + * @param friendlyNam The friendly name of the infobox for debug purposes + */ + private static void AddAdditionalSAMLAttributes(AuthenticationSession session, ExtendedSAMLAttribute[] extendedSAMLAttributes, + String identifier, String friendlyName) throws ValidateException + { + if (extendedSAMLAttributes == null) return; + List oaAttributes = session.getExtendedSAMLAttributesOA(); + if (oaAttributes==null) oaAttributes = new Vector(); + List authAttributes = session.getExtendedSAMLAttributesAUTH(); + if (authAttributes==null) authAttributes = new Vector(); + int length = extendedSAMLAttributes.length; + for (int i=0; i<length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName); + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " + + (i+1) + " for infobox " + identifier); + throw new ValidateException( + "validator.47", new Object[] {friendlyName, String.valueOf((i+1))}); + } + } else { + Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException( + "validator.46", new Object[] {identifier, String.valueOf((i+1))}); + } + } + session.setExtendedSAMLAttributesAUTH(authAttributes); + session.setExtendedSAMLAttributesOA(oaAttributes); + } + + private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { + if (null==attributes) { + attributes = new Vector(); + } else { + String id = samlAttribute.getName(); + int length = attributes.size(); + for (int i=0; i<length; i++) { + ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes.get(i); + if (id.equals(att.getName())) { + // replace attribute + attributes.set(i, samlAttribute); + return; + } + } + attributes.add(samlAttribute); + } + } + + + + /** * Processes a <code><CreateXMLSignatureResponse></code> sent by the * security layer implementation.<br> * <ul> @@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses <CreateXMLSignatureResponse> CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp, session.getIdentityLink()); + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( @@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + IdentityLink replacementIdentityLink) throws ConfigurationException, BuildException { - IdentityLink identityLink = session.getIdentityLink(); + IdentityLink identityLink; + if (replacementIdentityLink == null) { + identityLink = session.getIdentityLink(); + } else { + // We have got data form a mandate we need now to use to stay compatible with applications + identityLink = replacementIdentityLink; + } + AuthenticationData authData = new AuthenticationData(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); try { String signerCertificateBase64 = ""; if (oaParam.getProvideCertifcate()) { @@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); } else { - // only compute bPK if online applcation is a public service - String bpkBase64 = - new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - authData.setBPK(bpkBase64); + authData.setBPK(identityLink.getIdentificationValue()); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online applcation is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } } String ilAssertion = oaParam.getProvideIdentityLink() @@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { businessService, session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); + + + //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants { return param == null || param.length() == 0; } - + /** + * Checks the correctness of SAML attributes and returns its value. + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) + throws ValidateException{ + String name = samlAttribute.getName(); + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is empty."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); + } + return value; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 43e88e7b5..4f9235949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -19,6 +19,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_BKU = "bkuURI"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** servlet parameter "returnURI" */ @@ -35,6 +37,8 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ + public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; /** Logging hierarchy used for controlling debug output of XML structures to files */ @@ -62,14 +66,16 @@ public interface MOAIDAuthConstants { public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; - /** - * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" - */ + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ + public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; + /** the number of the certifcate extension for party organ representatives */ + public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 53520c846..11628517e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -126,6 +126,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB pkValue = authData.getWBPK(); } else { + // <saml:NameIdentifier NameQualifier> always has the bPK as type/value pkType = URN_PREFIX_BPK; pkValue = authData.getBPK(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 6cc8c1be8..cc228298b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -42,7 +42,37 @@ public class BPKBuilder { String hashBase64 = Base64Utils.encode(hash); return hashBase64; } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + } + } + + /** + * Builds the wbPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java new file mode 100644 index 000000000..c053ee896 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for HTML form requesting a security layer request
+ *
+ * @author Peter Danner
+ * @version $Id: GetIdentityLinkFormBuilder.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class GetVerifyAuthBlockFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /** special tag in the HTML template to be substituted for the BKU URL */
+ private static final String BKU_TAG = "<BKU>";
+ /** special tag in the HTML template to be substituted for the XML request */
+ private static final String XMLREQUEST_TAG = "<XMLRequest>";
+ /** special tag in the HTML template to be substituted for the data URL */
+ private static final String DATAURL_TAG = "<DataURL>";
+ /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+ private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
+ /** private static int all contains the representation to replace all tags*/
+ private static final int ALL = -1;
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ " <head>" + nl +
+ " <meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"/>" + nl +
+ " <title>Signatur der Anmeldedaten</title>" + nl +
+ " </head>" + nl +
+ " <body onLoad=\"autoSubmit()\">" + nl +
+ " <script type=\"text/javascript\">" + nl +
+ " //<!-- " + nl +
+ " function autoSubmit() { " + nl +
+ " document.VerifyAuthBlockForm.submitButton.disabled=true;" + nl +
+ " document.VerifyAuthBlockForm.submit(); " + nl +
+ " } //-->" + nl +
+ " </script>" + nl +
+ " <form name=\"VerifyAuthBlockForm\" action=\"" + BKU_TAG + "\" method=\"post\" enctype=\"application/x-www-form-urlencoded\">" + nl +
+ " <input type=\"hidden\" name=\"XMLRequest\" value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" name=\"DataURL\" value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" name=\"PushInfobox\" value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+ " <input type=\"submit\" value=\"Signieren der Anmeldedaten\" id=\"submitButton\"/>" + nl +
+ " </form>" + nl +
+ " </body>" + nl +
+ "</html>";
+
+ /**
+ * Constructor for GetVerifyAuthBlockFormBuilder.
+ */
+ public GetVerifyAuthBlockFormBuilder() {
+ super();
+ }
+ /**
+ * Builds the HTML form, including XML Request and data URL as parameters.
+ *
+ * @param htmlTemplate template to be used for the HTML form;
+ * may be <code>null</code>, in this case a default layout will be produced
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String build(
+ String htmlTemplate,
+ String bkuURL,
+ String xmlRequest,
+ String dataURL,
+ String pushInfobox)
+ throws BuildException
+ {
+ String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, GetIdentityLinkFormBuilder.encodeParameter(xmlRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+ if (null==pushInfobox) pushInfobox="";
+ htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
+ return htmlForm;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 038e549be..e70b64a6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.util.XPathUtils; @@ -30,9 +31,7 @@ public class InfoboxValidatorParamsBuilder { * @param session The actual Authentication session. * @param verifyInfoboxParameter The configuration parameters for the infobox. * @param infoboxTokenList Contains the infobox token to be validated. - * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en) - * should be hidden in any SAML attributes returned by - * an infobox validator. + * @param oaParam The configuration parameters of the online application * * @return Parameters for validating an infobox token. */ @@ -40,7 +39,7 @@ public class InfoboxValidatorParamsBuilder { AuthenticationSession session, VerifyInfoboxParameter verifyInfoboxParameter, List infoboxTokenList, - boolean hideStammzahl) + OAAuthParameter oaParam) { InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); IdentityLink identityLink = session.getIdentityLink(); @@ -54,6 +53,7 @@ public class InfoboxValidatorParamsBuilder { // authentication session parameters infoboxValidatorParams.setBkuURL(session.getBkuURL()); infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); // parameters from the identity link infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); @@ -75,7 +75,7 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(hideStammzahl); + infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 90d79a46d..946f0a9c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,8 +1,13 @@ package at.gv.egovernment.moa.id.auth.data; +import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import java.util.List; +import java.util.Vector; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -15,6 +20,7 @@ import at.gv.egovernment.moa.util.Constants; public class AuthenticationSession { private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** * session ID @@ -37,14 +43,14 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * URL of the BKU - */ - private String bkuURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; /** * identity link read from smartcard */ @@ -61,11 +67,11 @@ public class AuthenticationSession { * timestamp logging when identity link has been received */ private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; /** * SAML attributes from an extended infobox validation to be appended @@ -91,6 +97,33 @@ public class AuthenticationSession { private String issueInstant; /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * AppSpecificConfiguration entry of then mandates infobox-validator. Tells + * whether person data from the representative have to be exchanged by data + * from the mandate + */ + private boolean mandateCompatibilityMode = false; + + + + /** * Constructor for AuthenticationSession. * * @param id Session ID @@ -98,6 +131,7 @@ public class AuthenticationSession { public AuthenticationSession(String id) { sessionID = id; setTimestampStart(); + infoboxValidators = new ArrayList(); } /** @@ -380,4 +414,143 @@ public class AuthenticationSession { this.issueInstant = issueInstant; } + /** + * Returns the iterator to the stored infobox validators. + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators==null) return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * @param infoboxIdentifier the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName the friendly name of the infobox + * @param infoboxValidator the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators==null) infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input processor. + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return form; + } + } + return null; + } + + /** + * @return the mandateCompatibilityMode + */ + public boolean isMandateCompatibilityMode() { + return mandateCompatibilityMode; + } + + /** + * @param mandateCompatibilityMode the mandateCompatibilityMode to set + */ + public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) { + this.mandateCompatibilityMode = mandateCompatibilityMode; + } + + /** + * Returns domain identifier (the register and number in the register parameter). + * <code>null</code> in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. + * If the domain identifier includes the registerAndOrdNr prefix, the prefix + * will be stripped off. + * + * @param domainIdentifier the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) + { + // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); + } + else + { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox==null) return ""; + return pushInfobox; + } + + /** + * @param pushInfobox the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index c7a557290..01b9d9359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -63,6 +63,14 @@ public interface InfoboxValidatorParams { public String getTarget(); /** + * Returns the register and number in the register parameter. + * <code>null</code> in the case of not a business service. + * + * @return The register and number in the register parameter. + */ + public String getDomainIdentifier(); + + /** * Returns <code>true</code> if the application is a business * service, otherwise <code>false</code>. This may be useful * for the validating application. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 80ba5995f..3747fa93b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -49,6 +49,11 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { protected String target_; /** + * The domain identifier (register and number in the register parameter). + */ + protected String domainIdentifier_; + + /** * The family name from the identity link. */ protected String familyName_; @@ -135,6 +140,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { } /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDomainIdentifier() + */ + public String getDomainIdentifier() { + return domainIdentifier_; + } + + /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() */ public boolean getBusinessApplication() { @@ -324,6 +336,15 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public void setTarget(String target) { target_ = target; } + + /** + * Sets the domain identifier (register and number in the register parameter) + * + * @param domainIdentifier the domainIdentifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + this.domainIdentifier_ = domainIdentifier; + } /** * Sets the ID of the trust profile used for validating certificates. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java new file mode 100644 index 000000000..df480b624 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * Servlet requested for processing user input forms of infobox validators
+ *
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class ProcessValidatorInputServlet extends AuthServlet {
+
+ public static final long serialVersionUID = 1;
+
+ /**
+ * Constructor for VerifyIdentityLinkServlet.
+ */
+ public ProcessValidatorInputServlet() {
+ super();
+ }
+
+ /**
+ * Shows the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
+ String outputStream;
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ if (infoboxvalidator!=null) {
+ outputStream = infoboxvalidator.getForm();
+ // replace strings the validators can not know
+ outputStream = ParepUtils.replaceAll(outputStream, "<BASE_href>", session.getAuthURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<MOASessionID>", sessionID);
+ outputStream = ParepUtils.replaceAll(outputStream, "<BKU>", session.getBkuURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<DataURL>", dataURL);
+ outputStream = ParepUtils.replaceAll(outputStream, "<PushInfobox>", session.getPushInfobox());
+ } else {
+ throw new ValidateException("validator.65", null);
+ }
+ //resp.setStatus(200);
+ resp.setContentType("text/html;charset=UTF-8");
+ OutputStream out = resp.getOutputStream();
+ out.write(outputStream.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished GET ProcessInput");
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Verifies the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ AuthenticationServer.processInput(session, parameters);
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+ // Now sign the AUTH Block
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+
+ // Test if we have a user input form sign template
+ String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+ String inputProcessorSignTemplate = null;
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+ // override template url by url from configuration file
+ if (oaParam.getInputProcessorSignTemplateURL() != null) {
+ inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+ }
+ if (inputProcessorSignTemplateURL != null) {
+ try {
+ inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+ ex);
+ }
+ }
+
+
+
+ String htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+ inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+
+ resp.setContentType("text/html;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(htmlForm.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST ProcessInput");
+ } else {
+ String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 4dc69c70b..6e2a932d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 6098f5138..9f0cf6606 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 6ec4a247d..b81107ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,8 +1,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; import java.util.Map; +import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for verifying the signed authentication block @@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + String redirectURL = null; try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2134c1444..b9d8f8c75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,22 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.OutputStream; -import java.util.Enumeration; import java.util.Map; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); - try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e6c9f4bee..e0fd67d64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -66,7 +66,7 @@ public class CreateXMLSignatureResponseValidator { IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - String issuer = samlAssertion.getAttribute("Issuer"); + String issuer = samlAssertion.getAttribute("Issuer"); if (issuer == null) { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 95cd65608..74e61e076 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,5 +1,9 @@ package at.gv.egovernment.moa.id.auth.validator; +import java.util.Map; + +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -18,7 +22,7 @@ public interface InfoboxValidator { * application. * * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams - * Parameters} needed by the validator. + * Parameters} needed by the validator. * * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * @@ -28,4 +32,50 @@ public interface InfoboxValidator { public InfoboxValidationResult validate (InfoboxValidatorParams params) throws ValidateException; + /** + * This method is used to do intermediate processing before signing the auth block. + * If a infobox validator threw a form to gather user input, this method is used + * to validate this input. In no further input is needed the form must be empty to + * proceed, and also a valid <code>InfoboxValidationResult</code> is necessary. + * If more input is needed, the validator can build a new form and it is then shown + * to the citizen. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param parameters the parameters got returned by the input fields + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Map parameters) + throws ValidateException; + + /** + * This method is used to do post processing after signing the auth block. + * The method validates the content of the <code>infoboxReadResponse</code + * against the passed <code>samlAssertion</code> if needed. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param samlAssertion the SAML assertion needed by the validator + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Element samlAssertion) + throws ValidateException; + + /** + * form for user interaction for intermediate processing of infobox validation + * + * @return answer form of the servlet request. + */ + public String getForm(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java new file mode 100644 index 000000000..58c28161f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.util.Map;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+
+/**
+ * Input processor for infobox validators.
+ */
+public interface ParepInputProcessor {
+
+ /**
+ * Initialize user input processing. This function must initialize the
+ * processor to remember its state. Fixed values for the current authentication
+ * session are set here.
+ *
+ * @param representationID The id of the provided standardized mandate
+ * @param parepConfiguration The configuration of the party representation validator
+ * @param rpFamilyName The family name of the representative
+ * @param rpGivenName
+ * @param rpDateOfBirth
+ * @param request CreateMandateRequest containing the representative and the mandator
+ */
+
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request);
+
+ /**
+ * Starting point of user input processing. This function must initialize the
+ * processor and remember its state.
+ *
+ * @param physical Is person a physical person selected
+ * @param familyName The family name of the mandator
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName The address of the physical person
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @return The initial user input form
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue);
+
+ /**
+ * Validation after the user submitted form
+ *
+ * @param parameters Returned input field values
+ * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data
+ * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error.
+ */
+ public String validate(Map parameters, String extErrortext);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java new file mode 100644 index 000000000..aff5d8a7a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -0,0 +1,298 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Implements the standard party representation infobox validator input processor
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ParepInputProcessorImpl implements ParepInputProcessor{
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID;
+
+ /** contains the configuration of the owning validator */
+ private ParepConfiguration parepConfiguration;
+
+ /** Family name of the representative */
+ private String rpFamilyName;
+
+ /** Given name of the representative */
+ private String rpGivenName;
+
+ /** The representatives date of birth */
+ private String rpDateOfBirth;
+
+ /** The current CreateMandateRequest to the SZR-gateway */
+ private CreateMandateRequest request;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest)
+ */
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request)
+ {
+ // Initialization
+ this.representationID = representationID;
+ this.parepConfiguration = parepConfiguration;
+ this.rpFamilyName = rpFamilyName;
+ this.rpGivenName = rpGivenName;
+ this.rpDateOfBirth = rpDateOfBirth;
+ this.request = request;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+ {
+ // Load the form
+ String form = loadForm(
+ physical, familyName, givenName, dateOfBirth,
+ streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue, "");
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ } catch (SZRGWClientException e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+ */
+ public String validate(Map parameters, String extErrortext)
+ {
+
+ // Process the gotten parameters
+ String form = null;
+ boolean formNecessary = false;
+ if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+ String locErrortext = "Folgende Parameter fehlen: ";
+
+ String familyName = (String) parameters.get("familyname");
+ if (null == familyName) familyName ="";
+ String givenName = (String) parameters.get("givenname");
+ if (null == givenName) givenName ="";
+ boolean physical = "true".equals(parameters.get("physical"));
+ String dobday = (String) parameters.get("dobday");
+ if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+ String dobmonth = (String) parameters.get("dobmonth");
+ if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+ String dobyear = (String) parameters.get("dobyear");
+ if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+ String dateOfBirth = "";
+ dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+ dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+ dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+ dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+ String cbFullName = (String) parameters.get("fullname");
+ if (null == cbFullName) cbFullName ="";
+ String cbIdentificationType = (String) parameters.get("cbidentificationtype");
+ if (null == cbIdentificationType) cbIdentificationType ="";
+ String cbIdentificationValue = (String) parameters.get("cbidentificationvalue");
+ if (null == cbIdentificationValue) cbIdentificationValue ="";
+ String postalCode = (String) parameters.get("postalcode");
+ if (null == postalCode) postalCode ="";
+ String municipality = (String) parameters.get("municipality");
+ if (null == municipality) municipality ="";
+ String streetName = (String) parameters.get("streetname");
+ if (null == streetName) streetName ="";
+ String buildingNumber = (String) parameters.get("buildingnumber");
+ if (null == buildingNumber) buildingNumber ="";
+ String unit = (String) parameters.get("unit");
+ if (null == unit) unit ="";
+
+ if (physical) {
+ if (ParepUtils.isEmpty(familyName)) {
+ formNecessary = true;
+ locErrortext = locErrortext + "Familienname";
+ }
+ if (ParepUtils.isEmpty(givenName)) {
+ formNecessary = true;
+ if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Vorname";
+ }
+ // Auf existierendes Datum prüfen
+ SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+ format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+ try {
+ format.parse(dateOfBirth);
+ }
+ catch(ParseException pe)
+ {
+ formNecessary = true;
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "korrektes Geburtsdatum";
+ }
+ } else {
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ if (ParepUtils.isEmpty(cbFullName)) {
+ locErrortext = locErrortext + "Name der Organisation";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationType)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Auswahl des Registers";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationValue)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+ }
+ }
+ }
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ if (formNecessary) {
+ // Daten noch nicht vollständig oder anderer Fehler
+ if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+ String error = "";
+ if (!ParepUtils.isEmpty(extErrortext)) {
+ error = extErrortext;
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+ }
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+ if (!ParepUtils.isEmpty(error)) {
+ error = "<div class=\"errortext\"> <img alt=\" Angabe bitte ergänzen oder richtig stellen! \" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
+ }
+ form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+ if (form == null) {
+ return null;
+ }
+ } else {
+ return ""; // everything is ok
+ }
+ } catch (Exception e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /**
+ * Loads the empty user input form and replaces tag occurences with given variables
+ *
+ * @param physical
+ * @param familyName
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @param errorText
+ * @return
+ */
+ private String loadForm(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+ {
+ String form = "";
+ try {
+ String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+ InputStream instream = null;
+ File file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ fileName = parepConfiguration.getFullDirectoryName(fileName);
+ file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ //else load a named resource in our classloader.
+ instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+ if (instream == null) {
+ Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+ return null;
+ }
+ }
+ }
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.dumpInputOutputStream(instream, bos);
+ form = bos.toString("UTF-8");
+ } catch(Exception e) {
+ Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+ }
+
+ if (!ParepUtils.isEmpty(form)) {
+ boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+ boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+ boolean reducedSelection = (!physEnabled || !cbEnabled);
+ if (reducedSelection) {
+ physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+ }
+ if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+ form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+ form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+ form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+ form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+ form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+ //darf zw. phys. und jur. Person gewählt werden:
+ //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+ form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+ form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+ form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+ form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+ form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+ form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+ form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+ form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+ form = ParepUtils.replaceAll(form, "<unit>", unit);
+ form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+ form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+ form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+ form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+ form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+ form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+ form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+ }
+ return form;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java new file mode 100644 index 000000000..aed635502 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -0,0 +1,708 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class implements a set of utility methods.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepUtils {
+
+ /**
+ * Determines whether a string is null or empty
+ *
+ * @param str the string to check.
+ * @return <code>true</code> if the string is null or empty,
+ * <code>false</code> otherwise.
+ */
+ public static boolean isEmpty(String str) {
+ return str == null || "".equals(str);
+ }
+
+ /**
+ * Reads a XML document from an input stream (namespace-aware).
+ *
+ * @param is
+ * the input stream to read from.
+ * @return the read XML document.
+ * @throws SZRGWClientException
+ * if an error occurs reading the document from the input stream.
+ */
+ public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+ f.setNamespaceAware(true);
+ return f.newDocumentBuilder().parse(is);
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /*
+ *
+ */
+ public static String extractRepresentativeID(Element mandate) throws ValidateException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+ if (resultNode != null) {
+ return resultNode.getTextContent();
+ }
+ return null;
+ } catch (Exception e) {
+ throw new ValidateException("validator.62", null);
+ }
+ }
+
+ // TODO: remove unreferenced
+
+ /**
+ * Dumps all bytes from an input stream to the given output stream.
+ *
+ * @param is
+ * the input stream to dump from.
+ * @param os
+ * the output stream to dump to.
+ * @throws IOException
+ * if an error occurs while dumping.
+ */
+ public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException {
+ if (is == null) {
+ return;
+ }
+ int ch;
+ while ((ch = is.read()) != -1) {
+ os.write(ch);
+ }
+ }
+
+ /**
+ * Gets a string that represents the date a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing date from.
+ * @return the issuing date of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing date of the
+ * mandate.
+ */
+ public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode);
+
+ if (dateNode == null) {
+ throw new Exception("Date in Mandate-Issued not found.");
+ }
+ return dateNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Gets a string that represents the place a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing place from.
+ * @return the issuing place of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing place of the
+ * mandate.
+ */
+ public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode);
+
+ if (placeNode == null) {
+ throw new Exception("Place in Mandate-Issued not found.");
+ }
+ return placeNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the textual description of the mandate.
+ *
+ * @param mandate
+ * the mandate to extract the textual description from.
+ * @return the textual description of the mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the textual description.
+ */
+ public static String getMandateContent(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode);
+
+ if (contentNode == null) {
+ throw new Exception("Content in Mandate not found.");
+ }
+ return contentNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the md:Mandator element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the md:Mandator from.
+ * @return the md:Mandator element.
+ * @throws SZRGWClientException
+ * if an error occurs extracting the md:Mandator element.
+ */
+ public static Element extractMandator(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode);
+ if (mandator == null) {
+ // if we got the Mandator itself
+ if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate;
+ }
+ if (mandator == null)
+ return null;
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Tells wether a mandator is a physical person or not.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return <code>true<code> if the mandator is a physical person, <code>false</code> otherwise.
+ */
+ public static boolean isPhysicalPerson(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ // check if physical person
+ Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+ // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
+ // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
+ return physicalPerson != null;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ /**
+ * Extracts the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPersonOfMandate(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode);
+ }
+ if (person == null) return null;
+ String nsPrefix = person.getPrefix();
+ String nsUri = person.getNamespaceURI();
+ Element personClone = (Element) person.cloneNode(true);
+ personClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return personClone;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Benerates the </code>pr:Person</code> element form a
+ * <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element of a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:Person</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPrPersonOfMandate(Element mandate) throws ParseException {
+
+ try {
+ Document document = ParepUtils.createEmptyDocument();
+ Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI);
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode);
+ }
+ if (person != null) {
+ root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName());
+ if (person != null) {
+ NodeList nl = person.getChildNodes();
+ for (int i = 0; i < nl.getLength(); i++) {
+ Node testNode = nl.item(i);
+ if (Node.ELEMENT_NODE == testNode.getNodeType()) {
+ root.appendChild(document.importNode(testNode, true));
+ }
+ }
+ }
+ }
+
+ return root;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Extracts the name of the mandator as a string representation.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return the mandator name as a string.
+ */
+ public static String extractMandatorName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ // first check if physical person
+ Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+ if (name != null) {
+ String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue();
+ String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue();
+
+ return givenName + " " + familyName;
+ }
+
+ // check if corporate body
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode);
+ if (fullName != null) {
+ return fullName.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ //e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts specific text of an element of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the resulting text of the mandator element.
+ */
+ public static String extractText(Element mandator, String xpath) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode);
+ if (textNode == null)
+ return null;
+ return textNode.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the date of birth of the mandator of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the dob of the mandator.
+ */
+ public static String extractMandatorDateOfBirth(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode);
+ if (dobName == null)
+ return null;
+ return dobName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the full name of the mandators corporate body of a given
+ * md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the full name of the mandator.
+ */
+ public static String extractMandatorFullName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode);
+ if (fullName == null)
+ return null;
+ return fullName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the identification value of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification value.
+ */
+ public static String extractMandatorWbpk(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValue != null) {
+ return idValue.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts the identification type of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification type.
+ */
+ public static String extractMandatorIdentificationType(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idType != null) {
+ return idType.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /*
+ *
+ */
+ public static String getIdentification(Element personElement, String element) throws ParseException {
+ try {
+
+ Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode)
+ .getNodeValue();
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /*
+ *
+ */
+ private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Serializes a XML element to a given output stream.
+ *
+ * @param element
+ * the XML element to serialize.
+ * @param out
+ * the output streamt o serialize to.
+ * @throws IOException
+ * if an I/O error occurs during serialization.
+ */
+ public static void serializeElement(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(false);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format);
+ serializer.serialize(element);
+ }
+
+ public static void saveStringToFile(String str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str.getBytes());
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveBytesToFile(byte[] str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str);
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveElementToFile(Element elem, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ serializeElementWithoutEncoding(elem, fos);
+ fos.flush();
+ fos.close();
+ }
+
+ /**
+ * Creates an empty XML document.
+ *
+ * @return a newly created empty XML document.
+ * @throws SZRGWClientException
+ * if an error occurs creating the empty document.
+ */
+ public static Document createEmptyDocument() throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ return factory.newDocumentBuilder().newDocument();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+
+ /**
+ * Tells if the Validator of an Infobox is enabled. If the corresponding application
+ * specific configuration element <code>EnableInfoboxValidator</code> is missing, a default value <code>true</code> is assumed
+ *
+ * @param applicationSpecificParams
+ * the XML element of the infobox configuration.
+ * @return the boolean value of the determination.
+ * @throws ConfigurationException
+ * if an error occurs reading the configuration.
+ */
+ public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException {
+ try {
+ Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+
+ //ParepUtils.serializeElement(applicationSpecificParams, System.out);
+ Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX
+ + ":EnableInfoboxValidator/text()", nameSpaceNode);
+ if (validatorEnabledNode != null) {
+ return BoolUtils.valueOf(validatorEnabledNode.getNodeValue());
+ }
+ return true;
+ } catch (Exception e) {
+ // e.printStackTrace();
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+
+ /**
+ * Delivers a String with the description of the register which is described
+ * through the identification Type of a corporate body of the persondata schema
+ *
+ * @param identificationType
+ * the identification type.
+ * @return the register description.
+ */
+ public static String getRegisterString(String identificationType) {
+ String corporateBase = Constants.URN_PREFIX_BASEID + "+";
+ if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null;
+ String register = identificationType.substring(corporateBase.length());
+ if (ParepUtils.isEmpty(register)) return null;
+ if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
+ if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ return null;
+ }
+
+ /**
+ * Hides Stammzahlen in the given element
+ *
+ * @param hideElement The element where Stammzahlen should be replaced.
+ * @param businessApplication For decision whether to calc a bPK or wbPK.
+ * @param target Target for calculating a bPK.
+ * @param registerID Necessary string for calculating a wbPK (example <code>FN+4096i</code>).
+ * @param blank Switch for behaviour.
+ * <code>true</code> if Stammzahlen are blinded. All occurences will be replaced by empty strings.
+ * <code>false</code> calculates (w)bPKs and changes also the <code>pr:Identifivation/pr:Type</code> elements.
+ * @return The element where Stammzahlen are hidden.
+ */
+ public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank)
+ throws BuildException {
+ try {
+ if (hideElement != null) {
+ Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode);
+ for (int i = 0; i < identifications.getLength(); i++) {
+ Element identificationElement = (Element) identifications.item(i);
+ Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) {
+ Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) {
+ Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden.");
+ throw new BuildException("builder.02", null);
+ }
+ if (blank) {
+ idValueNode.setNodeValue("");
+ } else {
+ String idValue = idValueNode.getNodeValue();
+ if (businessApplication) {
+ // wbPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID);
+ String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID);
+ idValueNode.setNodeValue(bpkBase64);
+
+ } else {
+ // bPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK);
+ String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target);
+ idValueNode.setNodeValue(bpkBase64);
+ }
+ }
+ }
+ }
+ }
+ } catch (Exception e) {
+ throw new BuildException("builder.02", null);
+ }
+ return hideElement;
+ }
+
+ /**
+ * Replaces each substring of string <code>s</code> that matches the given
+ * <code>search</code> string by the given <code>replace</code> string.
+ *
+ * @param s The string where the replacement should take place.
+ * @param search The pattern that should be replaced.
+ * @param replace The string that should replace all each <code>search</code>
+ * string within <code>s</code>.
+ * @return A string where all occurrence of <code>search</code> are
+ * replaced with <code>replace</code>.
+ */
+ public static String replaceAll (String s, String search, String replace) {
+ if (replace==null) replace = "";
+ return StringUtils.replaceAll(s, search, replace);
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml"));
+// Element mandatorElement = extractMandator(mandate.getDocumentElement());
+// System.out.println(extractMandatorName(mandatorElement));
+// System.out.println(extractMandatorDateOfBirth(mandatorElement));
+// System.out.println(extractMandatorWbpk(mandatorElement));
+// //serializeElement(mandatorElement, System.out);
+// serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out);
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java new file mode 100644 index 000000000..acd193a68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -0,0 +1,576 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a MOA-ID Infobox Validator for validating
+ * a standardized XML mandate using the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ */
+public class ParepValidator implements InfoboxValidator {
+
+ /** activates debug settings */
+ private boolean PAREP_DEBUG = false;
+
+ /** contains the parameters the validator initially was called with */
+ private InfoboxValidatorParams params = null;
+
+ /** contains the configuration of the validator */
+ private ParepConfiguration parepConfiguration = null;
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID = null;
+
+ /** holds the information of the SZR-request */
+ private CreateMandateRequest request = null;
+
+ /** List of extended SAML attributes. */
+ private Vector extendedSamlAttributes = new Vector();
+
+ /** the class which processes the user input */
+ private ParepInputProcessor inputProcessor = null;
+
+ /** The form if user input is necessary */
+ private String form = null;
+
+ /** unspecified error of parep-validator (must not know more about)*/
+ private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten";
+
+ /** Default class to gather remaining mandator data. */
+ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+
+ /** Default template to gather remaining mandator data. */
+ public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+
+ /** kind of representation text in AUTH block*/
+ public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter";
+
+ /** Names of the produced SAML-attributes. */
+ public final static String EXT_SAML_MANDATE_RAW = "Vollmacht";
+ public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName";
+ public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum";
+ public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt";
+
+ /** register and register number for non physical persons - the domain identifier for business applications*/
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer";
+
+ /**
+ * Parses the XML configuration element and creates the validators configuration
+ * Use this function if you want to preconfigure the validator.
+ *
+ * @param configElem
+ * the XML configuration element to parse.
+ * @throws ConfigurationException
+ * if an error occurs during the configuration process
+ */
+ public void Configure(Element configElem) throws ConfigurationException {
+ if (this.parepConfiguration == null) {
+ Logger.debug("Lade Konfiguration.");
+ parepConfiguration = new ParepConfiguration(configElem);
+ Logger.debug("Konfiguration erfolgreich geladen.");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+ */
+ public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+
+ try {
+ Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung.");
+ this.params = params;
+
+ Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+ // ParepUtils.serializeElement(mandate, System.out);
+ this.representationID = ParepUtils.extractRepresentativeID(mandate);
+ if (ParepUtils.isEmpty(representationID)) {
+ validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+ return validationResult;
+ }
+
+ // Überprüfen der Identifikation (Type/Value).
+ String identificationType = this.params.getIdentificationType();
+ String identificationValue = this.params.getIdentificationValue();
+ if (this.params.getBusinessApplication()) {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+ return validationResult;
+
+ } else {
+ Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+ }
+ } else {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+ if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ } else {
+ Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+ }
+ } else {
+ if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+ identificationType = Constants.URN_PREFIX_CDID;
+ String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+ identificationValue = bpkBase64;
+ Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+ } else {
+ Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+ }
+ }
+ }
+
+ Configure(this.params.getApplicationSpecificParams());
+ // check if we have a configured party representative for that
+ if (!parepConfiguration.isPartyRepresentative(representationID)) {
+ Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ }
+
+ // Vertreter
+ this.request = new CreateMandateRequest();
+ request.setRepresentative(this.params, identificationType, identificationValue);
+ // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+ //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+
+ Logger.debug("Prüfe vorausgefüllte Daten...");
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ boolean formNecessary = false;
+ // Vertretener (erstes Vorkommen)
+ Element mandator = ParepUtils.extractMandator(mandate);
+ if (mandator != null) {
+ // ParepUtils.serializeElement(mandator, System.out);
+ // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+
+ }
+ if (physical) {
+ if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+ formNecessary = true;
+ }
+ } else {
+ if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ }
+ }
+
+ //Zeigen wir, dass die Daten übernommen wurden:
+ if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+
+ // Input processor
+ this.form = "";
+ if (formNecessary) {
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.start(
+ physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ } else {
+ // Request vorbereiten mit vorgegebenen Daten
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ }
+
+
+ // ParepUtils.serializeElement(request.getMandator(), System.out);
+ // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
+ validationResult.setValid(true);
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+ */
+ public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+ Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+ if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+
+ // Input processor
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.validate(parameters, null);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ extendedSamlAttributes.clear();
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+ return validationResult;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+ */
+ public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+ this.form = "";
+ try {
+
+ // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen.
+
+ request.setSignature(samlAssertion);
+
+//DPO debug
+// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+// String id = representationID;
+// CreateMandateResponse response;
+// if (true) {
+// if (this.params.getHideStammzahl()) {
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
+// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
+// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
+// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// }
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+
+ //ParepUtils.serializeElement(request.toElement(), System.out);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+
+ // configure szrgw client
+ Logger.debug("Lade SZR-GW Client.");
+ SZRGWClient client = new SZRGWClient();
+ // System.out.println("Parameters: " + cfg.getConnectionParameters());
+ Logger.debug("Initialisiere Verbindung...");
+ ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+ // Logger.debug("Connection Parameters: " + connectionParameters);
+ Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ }
+
+ Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
+ CreateMandateResponse response;
+ Element requ = request.toElement();
+ try {
+ response = client.createMandateResponse(requ);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway...");
+ client = new SZRGWClient(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ response = client.createMandateResponse(requ);
+ }
+ if (response.getResultCode()==2000) {
+ if(response.getMandate()==null) {
+ Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+
+
+ //DPO debug output (2lines)
+ String id = representationID;
+ if (id.equals("*")) id="standardisiert";
+
+ Element mandate = response.getMandate();
+ // Replace Stammzahlen
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+ if (this.params.getHideStammzahl()) {
+ ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
+ }
+
+ extendedSamlAttributes.clear();
+ // Vollmacht
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+ } else {
+ String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+ String responseInfo = response.getInfo();
+ if (response.getResultCode()>4000 && response.getResultCode()<4999) {
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ validationResult.setErrorMessage(errorMsg);
+ } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) {
+ // Person not found
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ if (response.getResultCode()==3000) { //TODO: verify code
+ errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben.";
+ } else {
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ }
+
+ this.form = inputProcessor.validate(generateParameters(), errorMsg);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ validationResult.setValid(true);
+ } else {
+ // Do not inform the user too much
+ Logger.error(errorMsg);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ }
+
+ }
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /**
+ * provides the primary infobox token of the given list.
+ *
+ * @param infoBoxTokens
+ * the list of infobox tokens.
+ * @return
+ * the XML element of the primary token.
+ * @throws ValidateException
+ * if an error occurs or list is not suitable.
+ */
+ public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+ if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+ throw new ValidateException("validator.62", null);
+ }
+ for (int i = 0; i < infoBoxTokens.size(); i++) {
+ InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+ if (token.isPrimary()) {
+ return token.getXMLToken();
+ }
+ }
+ throw new ValidateException("validator.62", null);
+ }
+
+ /*
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+ ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+ extendedSamlAttributes.copyInto(ret);
+ Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+ return ret;
+ }
+
+
+ /**
+ * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+ */
+ public String getForm() {
+ return this.form;
+ }
+
+ /**
+ * Gets the user form input processor (class) assigned to the current party representative
+ * If the method is called for the first time it initializes the input processor.
+ *
+ * @return The user form input processor
+ */
+ private ParepInputProcessor getInputProcessor() {
+
+ if (this.inputProcessor!=null) return inputProcessor;
+ String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+ ParepInputProcessor inputProcessor = null;
+ try {
+ Class inputProcessorClass = Class.forName(inputProcessorName);
+ inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+ inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+ } catch (Exception e) {
+ Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+ }
+ this.inputProcessor = inputProcessor;
+ return inputProcessor;
+ }
+
+ /**
+ * Generates the parameter list, which is needed to simulate a return from
+ * an user form.
+ *
+ * @return the form parameters
+ */
+ private Map generateParameters() {
+ Map parameters = new HashMap();
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ try {
+ // Vertretener (erstes Vorkommen)
+ Element mandator = request.getMandator();
+ ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml"));
+ if (mandator != null) {
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+ }
+ } catch (Exception e) {
+ Logger.error("Could not extract Mandator form SZR-gateway request");
+ }
+ parameters.put("familyname", familyName);
+ parameters.put("givenname", givenName);
+ parameters.put("dateofbirth", dateOfBirth);
+ parameters.put("dobyear", dateOfBirth.substring(0,4));
+ parameters.put("dobmonth", dateOfBirth.substring(5,7));
+ parameters.put("dobday", dateOfBirth.substring(8,10));
+ parameters.put("physical", physical ? "true" : "false");
+ parameters.put("fullname", cbFullName);
+ parameters.put("cbidentificationtype", cbIdentificationType);
+ parameters.put("cbidentificationvalue", cbIdentificationValue);
+ parameters.put("postalcode", postalCode);
+ parameters.put("municipality", municipality);
+ parameters.put("streetname", streetName);
+ parameters.put("buildingnumber", buildingNumber);
+ parameters.put("unit", unit);
+ return parameters;
+ }
+
+ /**
+ * Adds the AUTH block related SAML attributes to the validation result.
+ * This is needed always before the AUTH block is to be signed, because the
+ * name of the mandator has to be set
+ */
+ private void addAuthBlockExtendedSamlAttributes() {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ Element mandator = request.getMandator();
+ extendedSamlAttributes.clear();
+ // Name
+ String name = ParepUtils.extractMandatorName(mandator);
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ // Geburtsdatum
+ String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+ if (dob != null && !"".equals(dob)) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ // (w)bpk
+ String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+ if (!ParepUtils.isEmpty(wbpk)) {
+ if (!ParepUtils.isPhysicalPerson(mandator)){
+ String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+ if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ } else if (this.params.getBusinessApplication()) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ }
+ }
+
+// public static void main(String[] args) throws Exception {
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java new file mode 100644 index 000000000..d6b71ad83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -0,0 +1,159 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class PartyRepresentative {
+
+ /** Object Identifier **/
+ private String oid;
+
+ private boolean representPhysicalParty;
+
+ private boolean representCorporateParty;
+
+ /**
+ * Text for representation description in SAML Assertion (Auth-Block)
+ * */
+ private String representationText;
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter connectionParameters = null;
+
+ private String inputProcessorClass = null;
+ private String inputProcessorTemplate = null;
+
+ /**
+ * Constructor
+ */
+public PartyRepresentative() {
+ this.oid = null;
+ this.representPhysicalParty = false;
+ this.representCorporateParty = false;
+ this.connectionParameters = null;
+ this.representationText = null;
+}
+
+/**
+ * Constructor
+ */
+ public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) {
+ this.oid = null;
+ this.representPhysicalParty = representPhysicalParty;
+ this.representCorporateParty = representCorporateParty;
+ this.connectionParameters = null;
+ this.representationText = null;
+ this.inputProcessorClass = null;
+ this.inputProcessorTemplate = null;
+ }
+
+ /**
+ * @return the oid
+ */
+ public String getOid() {
+ return oid;
+ }
+
+ /**
+ * @param oid the oid to set
+ */
+ public void setOid(String oid) {
+ this.oid = oid;
+ }
+
+ /**
+ * @return the representPhysicalParty
+ */
+ public boolean isRepresentingPhysicalParty() {
+ return representPhysicalParty;
+ }
+
+ /**
+ * @param representPhysicalParty the representPhysicalParty to set
+ */
+ public void setRepresentingPhysicalParty(boolean representPhysicalParty) {
+ this.representPhysicalParty = representPhysicalParty;
+ }
+
+ /**
+ * @return the representCorporateParty
+ */
+ public boolean isRepresentingCorporateParty() {
+ return representCorporateParty;
+ }
+
+ /**
+ * @param representCorporateParty the representCorporateParty to set
+ */
+ public void setRepresentingCorporateParty(boolean representCorporateParty) {
+ this.representCorporateParty = representCorporateParty;
+ }
+
+ /**
+ * @return the connectionParameters
+ */
+ public ConnectionParameter getConnectionParameters() {
+ return connectionParameters;
+ }
+
+ /**
+ * @param connectionParameters the connectionParameters to set
+ */
+ public void setConnectionParameters(ConnectionParameter connectionParameters) {
+ this.connectionParameters = connectionParameters;
+ }
+
+
+ /**
+ * @return the representationText
+ */
+ public String getRepresentationText() {
+ return representationText;
+ }
+
+
+ /**
+ * @param representationText the representationText to set
+ */
+ public void setRepresentationText(String representationText) {
+ this.representationText = representationText;
+ }
+
+ /**
+ * @return the inputProcessorClass
+ */
+ public String getInputProcessorClass() {
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param inputProcessorClass the inputProcessorClass to set
+ */
+ public void setInputProcessorClass(String inputProcessorClass) {
+ this.inputProcessorClass = inputProcessorClass;
+ }
+
+ /**
+ * @return the inputProcessorTemplate
+ */
+ public String getInputProcessorTemplate() {
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param inputProcessorTemplate the inputProcessorTemplate to set
+ */
+ public void setInputProcessorTemplate(String inputProcessorTemplate) {
+ this.inputProcessorTemplate = inputProcessorTemplate;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java new file mode 100644 index 000000000..fe8e263ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -0,0 +1,235 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a detailed CreateMandateRequest that
+ * will be sent to SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateRequest {
+
+ /**
+ * The Request.
+ */
+ private Document document;
+
+ /**
+ * List of mandate representatives as XML element.
+ */
+ private List representatives;
+
+ /**
+ * The mandator.
+ */
+ private Element mandator;
+
+ /**
+ * The representative.
+ */
+ private Element representative;
+
+ /**
+ * The signature to verify by the SZR-gateway
+ */
+ private Element signature;
+
+
+
+ /**
+ * Creates the CreateMandateRequest element that will
+ * be sent to SZR-gateway
+ *
+ * @return the CreateMandateRequest element.
+ */
+ public Element toElement() throws SZRGWClientException{
+
+ this.document = ParepUtils.createEmptyDocument();
+ Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST);
+ root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true));
+ if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true));
+ if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true));
+
+ return root;
+ }
+
+ /**
+ * Adds a representative.
+ *
+ * @param representative an XML representative to add.
+ */
+ public void addRepresentative(Element representative) {
+ if (representatives == null) {
+ representatives = new ArrayList();
+ }
+ representatives.add(representative);
+ }
+
+ /**
+ * Gets the representative.
+ *
+ * @return the representative.
+ */
+ public Element getRepresentative() {
+ return representative;
+ }
+
+ /**
+ * Gets the mandator.
+ *
+ * @return the mandator.
+ */
+ public Element getMandator() {
+ return mandator;
+ }
+
+ /**
+ * Sets the mandator.
+ *
+ * @param mandator the mandator.
+ */
+ public void setMandator(Element mandator) {
+ this.mandator = mandator;
+ }
+
+ /**
+ * Sets the Mandator.
+ *
+ * @param familyName the family name of the mandator.
+ */
+ public void setMandator(String familyName, String givenName, String dateOfBirth,
+ String postalCode, String municipality, String streetName, String buildingNumber, String unit,
+ boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException {
+
+ Document mandatorDocument = ParepUtils.createEmptyDocument();
+
+ Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR);
+// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ if (physical) {
+ Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON);
+ physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName));
+ physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth));
+ mandatorElem.appendChild(physicalPersonElem);
+ Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit);
+ if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement);
+ } else {
+ Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY);
+ corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue));
+ corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName));
+ mandatorElem.appendChild(corporateBodyElem);
+ }
+
+
+ this.mandator = mandatorElem;
+ }
+
+ private Element createPersonDataElem(Document document, String elementName, String elementValue) {
+ Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName);
+ Node value = document.createTextNode(elementValue);
+ elem.appendChild(value);
+ return elem;
+ }
+
+ private Element createIdentificationElem(Document document, String identificationType, String identificationValue) {
+ Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION);
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue));
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType));
+ return identificationElem;
+ }
+ private Element createNameElem(Document document, String givenName, String familyName) {
+ Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME);
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName));
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName));
+ return nameElem;
+ }
+ private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) {
+
+ if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName)
+ && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null;
+ Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS);
+
+ if (!ParepUtils.isEmpty(postalCode)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode));
+ }
+ if (!ParepUtils.isEmpty(municipality)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality));
+ }
+ if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) {
+ Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS);
+
+ if (!ParepUtils.isEmpty(streetName)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName));
+ }
+ if (!ParepUtils.isEmpty(buildingNumber)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber));
+ }
+ if (!ParepUtils.isEmpty(unit)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit));
+ }
+ postalAddressElem.appendChild(deliveryAddressElem);
+ }
+ return postalAddressElem;
+ }
+
+
+
+ /**
+ * Sets the Representative.
+ *
+ * @param params InfoboxValidatorParams contain the data of the representative.
+ * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid).
+ * @param identificationValue the identification value (bPK).
+ */
+ public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException {
+
+ Document representativeDocument = ParepUtils.createEmptyDocument();
+
+ Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
+ representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
+ representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
+
+ this.representative = representativeElem;
+ }
+
+ /**
+ * @return the signature
+ */
+ public Element getSignature() {
+ return signature;
+ }
+
+ /**
+ * @param signature the signature to set
+ */
+ public void setSignature(Element signature) throws SZRGWClientException{
+ Document signatureDocument = ParepUtils.createEmptyDocument();
+ Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature");
+ //SZR-gateway takes the first Signature
+ //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature");
+ signatureElem.appendChild(signatureDocument.importNode(signature, true));
+ this.signature = signatureElem;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java new file mode 100644 index 000000000..0f6ed8abf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.FileInputStream;
+import java.util.Hashtable;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway CreateMandate Response.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateResponse {
+
+ /**
+ * Result code of the request.
+ */
+ private int resultCode;
+
+ /**
+ * Description of the result.
+ */
+ private String resultInfo;
+
+ /**
+ * The returned mandate.
+ */
+ private Element mandate;
+
+ /**
+ * @return the resultCode
+ */
+ public int getResultCode() {
+ return resultCode;
+ }
+
+ /**
+ * @param resultCode the resultCode to set
+ */
+ public void setResultCode(String resultCode) {
+ if (resultCode!=null) {
+ this.resultCode = Integer.parseInt(resultCode);
+ } else {
+ this.resultCode = 0;
+ }
+ }
+
+ /**
+ * @return the resultInfo
+ */
+ public String getInfo() {
+ return resultInfo;
+ }
+
+ /**
+ * @param resultInfo the resultInfo to set
+ */
+ public void setInfo(String resultInfo) {
+ this.resultInfo = resultInfo;
+ }
+
+ /**
+ * @return the mandate
+ */
+ public Element getMandate() {
+ return mandate;
+ }
+
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMandate(Element mandate) {
+ this.mandate = mandate;
+ }
+
+
+ /**
+ * Parses the SZR-gateway response.
+ *
+ * @param response the SZR-gateway response.
+ * @throws SZRGWClientException if an error occurs.
+ */
+ public void parse(Element response) throws SZRGWClientException {
+ try {
+
+ // first check if response is a soap error
+ NodeList list = response.getElementsByTagName("faultstring");
+ if (list.getLength() > 0) {
+ throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue());
+ }
+
+ this.mandate = null;
+ this.resultCode = 2000;
+ this.resultInfo = null;
+ // parse single SZR-gateway results
+ Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+
+ Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode);
+ if (mandateNode!=null) {
+ this.mandate = (Element) mandateNode;
+ } else {
+ String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/";
+ Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode);
+ if (errorCode!=null) setResultCode(errorCode.getNodeValue());
+ Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode);
+ this.setInfo(errorInfo.getNodeValue());
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+// CreateMandateResponse resp = new CreateMandateResponse();
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml"));
+// Element response = doc.getDocumentElement();
+// resp.parse(response);
+// System.out.println(resp.getResultCode());
+// System.out.println(resp.getInfo());
+// if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java new file mode 100644 index 000000000..d9d248c81 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * SOAP Envelope Constants.
+ *
+ * @author <a href="mailto:arne.tauber@egiz.gv.at">Arne Tauber</a>
+ * @version $ $
+ **/
+public interface SOAPConstants {
+
+ /*
+ * Namespaces and namespace prefixes for SOAP message handling
+ */
+ String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/";
+ String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/";
+ String SOAP_ENV_PREFIX = "soapenv:";
+ String SOAP_ENV_POSTFIX = ":soapenv";
+
+ String ENVELOPE = "Envelope";
+ String BODY = "Body";
+ String ENCODING_STYLE = "encodingStyle";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java new file mode 100644 index 000000000..1e6dc1039 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -0,0 +1,144 @@ +
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.security.Security;
+
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * This class implements a client for communication with the SZR-gateway
+ * <p>
+ * Two types of requests are supported
+ * <ol>
+ * <li>Basic Request</li>
+ * <li>Detailed Request</li>
+ * </ol>
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClient {
+ /**
+ * The URL of the SZR-gateway webservice.
+ */
+ private String address;
+
+ /**
+ * The SSL socket factory when using a secure connection.
+ */
+ private SSLSocketFactory sSLSocketFactory;
+
+ /**
+ * Constructor
+ */
+ public SZRGWClient() {
+ }
+
+ /**
+ * Constructor
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public SZRGWClient(String address) {
+ this.address = address;
+ }
+ /**
+ * Sets the SSL socket factory.
+ *
+ * @param factory the SSL socket factory.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory) {
+ this.sSLSocketFactory = factory;
+ }
+
+ /**
+ * Sets the SZR webservice URL
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public void setAddress(String address) {
+ this.address = address;
+ }
+
+ /**
+ * Creates a mandate.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
+ Logger.info("Connecting to SZR-gateway.");
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+
+ client.executeMethod(method);
+ CreateMandateResponse response = new CreateMandateResponse();
+
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+ response.parse(doc.getDocumentElement());
+
+
+ return response;
+ } catch(Exception e) {
+ //e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /*
+ * builds an XML soap envelope
+ */
+ private Element getSOAPBody() throws SZRGWClientException {
+ Document doc_ = ParepUtils.createEmptyDocument();
+ Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
+ doc_.appendChild(root);
+
+ root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+ //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
+ root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
+ root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+
+ Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
+ root.appendChild(body);
+
+ return body;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java new file mode 100644 index 000000000..11aaf289b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This class implements the basic exception type for the SZR-gateway client
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException() {
+ super();
+ }
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException(String arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super construction.
+ */
+ public SZRGWClientException(Throwable arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super constructor
+ */
+ public SZRGWClientException(String arg0, Throwable arg1) {
+ super(arg0, arg1);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java new file mode 100644 index 000000000..4f815f1e7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This interface specifies all the constants needed for the communication with the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public interface SZRGWConstants {
+
+ //PersonData
+ String PD_PREFIX = "pr:";
+ String PD_POSTFIX = ":pr";
+ String PERSON = "Person";
+ String PHYSICALPERSON = "PhysicalPerson";
+ String CORPORATEBODY = "CorporateBody";
+ String IDENTIFICATION = "Identification";
+ String VALUE = "Value";
+ String TYPE = "Type";
+ String NAME = "Name";
+ String GIVENNAME = "GivenName";
+ String FAMILYNAME = "FamilyName";
+ String DATEOFBIRTH = "DateOfBirth";
+ String FULLNAME = "FullName";
+ String ORGANIZATION = "Organization";
+
+ String POSTALADDRESS = "PostalAddress";
+ String DELIVERYADDRESS = "DeliveryAddress";
+ String MUNICIPALITY = "Municipality";
+ String POSTALCODE = "PostalCode";
+ String STREETNAME = "StreetName";
+ String BUILDINGNUMBER = "BuildingNumber";
+ String UNIT = "Unit";
+ //String ADDRESS = "Address";
+ //String COUNTRYCODE = "CountryCode";
+ //String DOORNUMBER = "DoorNumber";
+
+ // SZR-gateway constants
+ String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+ String SZRGW_PREFIX = "sgw:";
+ String SZRGW_POSTFIX = ":sgw";
+ String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
+ String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
+ String ERROR_RESPONSE = "ErrorResponse";
+ String MANDATOR = "Mandator";
+ String REPRESENTATIVE = "Representative";
+ String MANDATE = "Mandate";
+ String MANDATE_PREFIX = "md:";
+ String MANDATE_POSTFIX = ":md";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java new file mode 100644 index 000000000..41a07d146 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+
+/**
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+
+ /**
+ * The SSL socket factory.
+ */
+ private SSLSocketFactory factory;
+
+ /**
+ * Creates a new Secure socket factory for the
+ * Apache HTTP client.
+ *
+ * @param factory the SSL socket factory to use.
+ */
+ public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+ this.factory = factory;
+ }
+
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort)
+ throws IOException, UnknownHostException {
+
+ return this.factory.createSocket(
+ host,
+ port,
+ clientHost,
+ clientPort
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+ */
+ public Socket createSocket(String host, int port)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ host,
+ port
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+ */
+ public Socket createSocket(
+ Socket socket,
+ String host,
+ int port,
+ boolean autoClose)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ socket,
+ host,
+ port,
+ autoClose
+ );
+ }
+
+ /**
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object obj) {
+ return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+ }
+
+ /**
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ return SZRGWSecureSocketFactory.class.hashCode();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java new file mode 100644 index 000000000..c56555b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -0,0 +1,411 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.HashMap;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements the Configuration.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepConfiguration {
+
+ /**
+ * System property for config file.
+ */
+ public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter standardConnectionParameters;
+
+ /**
+ * Input field processor.
+ */
+ private String standardInputProcessorClass;
+
+ /**
+ * Input field processor template.
+ */
+ private String standardInputProcessorTemplate;
+
+ /**
+ * Configured party representatives.
+ */
+ private HashMap partyRepresentatives;
+
+ /**
+ * The configuration element.
+ */
+ private Element configElement = null;
+
+ /**
+ * Defines whether the user input form must be shown on each
+ * request or not (also predefined mandates)
+ */
+ private boolean alwaysShowForm = false;
+
+ /**
+ * The configuration base directory.
+ */
+ private String baseDir_;
+
+ /**
+ * Gets the SZR-GW connection parameters.
+ *
+ * @return the connection parameters.
+ */
+ public ConnectionParameter getConnectionParameters(String representationID) {
+ if (partyRepresentatives == null || "*".equals(representationID))
+ return standardConnectionParameters;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ ConnectionParameter connectionParameters = pr.getConnectionParameters();
+ if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+ return connectionParameters;
+ }
+
+ /**
+ * Sets the SZR-GW connection parameters for standard connection.
+ *
+ * @param connectionParameters
+ * the connection parameters.
+ */
+ public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+ this.standardConnectionParameters = connectionParameters;
+ }
+
+ /*
+ *
+ */
+ public String getFullDirectoryName(String fileString) {
+ return makeAbsoluteURL(fileString, baseDir_);
+ }
+
+ /*
+ *
+ */
+ private static String makeAbsoluteURL(String url, String root) {
+ // if url is relative to rootConfigFileDirName make it absolute
+
+ File keyFile;
+ String newURL = url;
+
+ if (null == url)
+ return null;
+
+ if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+ return url;
+ } else {
+ // check if absolute - if not make it absolute
+ keyFile = new File(url);
+ if (!keyFile.isAbsolute()) {
+ keyFile = new File(root, url);
+ newURL = keyFile.getPath();
+ }
+ return newURL;
+ }
+ }
+
+ /**
+ * Initializes the configuration with a given XML configuration element found
+ * in the MOA-ID configuration.
+ *
+ * @param configElem
+ * the configuration element.
+ * @throws ConfigurationException
+ * if an error occurs initializing the configuration.
+ */
+ public ParepConfiguration(Element configElem) throws ConfigurationException {
+
+ partyRepresentatives = new HashMap();
+ partyRepresentatives.put("*", new PartyRepresentative(true, true));
+
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+
+ try {
+
+ baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+ Logger.trace("Config base directory: " + baseDir_);
+ // check for configuration in system properties
+ if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+ Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+ this.configElement = doc.getDocumentElement();
+ } else {
+ this.configElement = configElem;
+ }
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+ }
+ load();
+ }
+
+ /*
+ *
+ */
+ private void load() throws ConfigurationException {
+ Logger.debug("Parse ParepValidator Konfiguration");
+ try {
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ // nameSpaceNode.setAttribute("xmlns:sgw",
+ // SZRGWConstants.SZRGW_PROFILE_NS);
+
+ Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorNode != null) {
+ this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+ Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassNode != null) {
+ this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+ }
+ }
+ Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+ if (alwaysShowFormNode != null) {
+ this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+ }
+
+ // load connection parameters
+ Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+ Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamElement != null) {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamElement, System.out);
+ this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+ }
+
+ Logger.debug("Lade Konfiguration der Parteienvertreter");
+ NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+ for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+
+ PartyRepresentative partyRepresentative = new PartyRepresentative();
+
+ Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+ boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+ boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+ partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+ partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+ partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+ partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+
+ Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorSubNode != null) {
+ partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+ Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassSubNode != null) {
+ partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+ }
+ }
+
+ Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamSubElement == null) {
+ if (this.standardConnectionParameters == null) {
+ throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+ + partyRepresentative.getOid() + " fehlen.", null, null);
+ }
+ } else {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+ partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+ }
+ partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+ Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+ + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+ + ", representationText=" + partyRepresentative.getRepresentationText()
+ + ")");
+ }
+
+ Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+ }
+ }
+
+ /*
+ *
+ */
+ private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+ try {
+ ConnectionParameter connectionParameter = new ConnectionParameter();
+
+ // parse connection url
+ String URL = connParamElement.getAttribute("URL");
+ connectionParameter.setUrl(URL);
+
+ // accepted server certificates
+ Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+ nameSpaceNode);
+ if (accServerCertsNode != null) {
+
+ String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+ Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+ connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+ }
+
+ // client key store
+ Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+ if (clientKeyStoreNode != null) {
+ String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+ connectionParameter.setClientKeyStore(clientKeystore);
+ }
+
+ // client key store password
+ Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+ nameSpaceNode);
+ if (clientKeyStorePasswordNode != null) {
+ connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+ }
+
+ return connectionParameter;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+ }
+ }
+
+ public boolean isPartyRepresentative(String representationID) {
+ if (partyRepresentatives == null)
+ return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ return pr != null;
+ }
+
+ public boolean isRepresentingCorporateParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingCorporateParty();
+ }
+
+ public boolean isRepresentingPhysicalParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingPhysicalParty();
+ }
+
+ public String getRepresentationText(String representationID) {
+ String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+ if (partyRepresentatives != null) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr != null) {
+ if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+ }
+ }
+ return result;
+ }
+
+ /**
+ * @return the input processor classname corresponding to <code>representationID</code>
+ * @param representationID
+ * the representation ID.
+ */
+ public String getInputProcessorClass(String representationID) {
+ String inputProcessorClass = standardInputProcessorClass;
+ if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorClass = pr.getInputProcessorClass();
+ if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+ }
+ }
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param standardInputProcessorClass the standardInputProcessorClass to set
+ */
+ public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+ this.standardInputProcessorClass = standardInputProcessorClass;
+ }
+
+ /**
+ * @return the InputProcessorTemplate
+ */
+ public String getInputProcessorTemplate(String representationID) {
+ String inputProcessorTemplate = standardInputProcessorTemplate;
+ if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+ if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+ }
+ }
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+ */
+ public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+ this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+ }
+
+ /**
+ * @return the alwaysShowForm
+ */
+ public boolean isAlwaysShowForm() {
+ return alwaysShowForm;
+ }
+
+ /**
+ * @param alwaysShowForm the alwaysShowForm to set
+ */
+ public void setAlwaysShowForm(String alwaysShowForm) {
+ if (ParepUtils.isEmpty(alwaysShowForm)) {
+ this.alwaysShowForm = false;
+ } else {
+ this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+ }
+ }
+
+ public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+ try {
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+ if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+ return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+ }
+ return false;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+ }
+
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+// Configuration cfg = new Configuration(null);
+// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+//}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 90b780526..27955602f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -80,6 +80,9 @@ public class ConfigurationBuilder { protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; /** an XPATH-Expression */ + protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; + /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ @@ -392,6 +395,8 @@ public class ConfigurationBuilder { XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + String inputProcessorSignTemplateURL = + XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -457,6 +462,7 @@ public class ConfigurationBuilder { oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { @@ -669,7 +675,7 @@ public class ConfigurationBuilder { String identifier = number.getAttribute("Identifier"); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); - if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index ba3b61f9d..132bebce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -65,6 +65,10 @@ public class OAAuthParameter extends OAParameter { */ private String templateURL; /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; + /** * Parameters for verifying infoboxes. */ private VerifyInfoboxParameters verifyInfoboxParameters; @@ -164,6 +168,15 @@ public class OAAuthParameter extends OAParameter { } /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + + /** * Returns the parameters for verifying additional infoboxes. * * @return The parameters for verifying additional infoboxes. @@ -258,6 +271,16 @@ public class OAAuthParameter extends OAParameter { } /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + + /** * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. * * @param verifyInfoboxParameters The verifyInfoboxParameters to set. @@ -265,4 +288,5 @@ public class OAAuthParameter extends OAParameter { public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { this.verifyInfoboxParameters = verifyInfoboxParameters; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java new file mode 100644 index 000000000..a4a89e183 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -0,0 +1,63 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ServletUtils {
+
+ /**
+ * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
+ * depending on the requests starting text.
+ *
+ * @param resp The httpServletResponse
+ * @param session The current AuthenticationSession
+ * @param createXMLSignatureRequestOrRedirect The request
+ * @param servletGoal The servlet to which the redirect should happen
+ * @param servletName The servlet name for debug purposes
+ * @throws MOAIDException
+ * @throws IOException
+ */
+ public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName)
+ throws MOAIDException,
+ IOException
+ {
+ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+ resp.setStatus(307);
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, session.getSessionID());
+ resp.addHeader("Location", dataURL);
+
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST " + servletName);
+ } else {
+ String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ }
+ }
+
+}
|