diff options
Diffstat (limited to 'id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser')
5 files changed, 1088 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java new file mode 100644 index 000000000..b39cf9e9b --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -0,0 +1,285 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BKUException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an <code><InfoboxReadResponse></code> returned from + * the security layer + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class CreateXMLSignatureResponseParser { + // + // XPath namespace prefix shortcuts + // + + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = Constants.SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ":CreateXMLSignatureResponse/"; + /** Xpath expression to the SAML:Assertion element */ + private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion"; + /** Xpath expression to the SAML:NameIdentifier element */ + private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier"; + /** Xpath expression to the AttributeStatement element */ + private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; + /** Xpath expression to the AttributeValue element */ + private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue"; + + + /** This is the root element of the CreateXMLsignatureResponse */ + private Element sigResponse_; + + /** + * Parses and validates the document given as string and extracts the + * root element. + * + * @param xmlResponse <code><CreateXMLSignatureResponse></code> as String + * + * @throws AuthenticationException if any authentication error occurs + * @throws ParseException if an element cannot be parsed + * @throws + */ + public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException, BKUException{ + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + init(s); + } + + catch (BKUException e) { + throw e; + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is <code><InfoboxReadResponse></code> as InputStream + * + * @throws AuthenticationException If any authentication error occurs + * @throws ParseException If an element cannot be parsed + * @throws BKUException + */ + public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException, BKUException { + init(is); + } + + /** + * Constructor for CreateXMLSignatureResponseParser. + * The incoming Element will be used for further operations + * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream + */ + public CreateXMLSignatureResponseParser(Element xmlResponse) { + sigResponse_ = xmlResponse; + } + + /** + * Initializes the parser. + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is The CreateXMLSignatureResponse as stream. + * @throws AuthenticationException if an authentication error occurs. + * @throws ParseException If an error occurs on parsing the the document. + * @throws BKUException + */ + private void init(InputStream is) throws AuthenticationException, ParseException, BKUException { + try { + + Element responseElem = DOMUtils.parseXmlValidating(is); + + if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) { + sigResponse_ = responseElem; + } else { + ErrorResponseParser erp = new ErrorResponseParser(responseElem); + throw new BKUException("auth.08", + new Object[] { erp.getErrorCode(), erp.getErrorInfo()}, + erp.getErrorCode(), + erp.getErrorInfo()); + } + + } catch (BKUException e) { + throw e; + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Unmarshalls the <@link sigResponse> to an + * <code><CreateXMLSignatureResponse></code> object. + * + * @return a <code><CreateXMLSignatureResponse></code> object + * @throws ParseException + */ + + public CreateXMLSignatureResponse parseResponseDsig() throws ParseException { + CreateXMLSignatureResponse cResp; + try { + cResp = new CreateXMLSignatureResponse(); + + NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); + Element dsigSignatureNode = (Element) list.item(0); + + Element dsigSignatureElement = (Element) dsigSignatureNode; + + cResp.setDsigSignature(dsigSignatureElement); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + return cResp; + } + + /** + * Unmarshalls the <@link sigResponse> to an + * <code><CreateXMLSignatureResponse></code> object. + * + * @return a <code><CreateXMLSignatureResponse></code> object + * @throws ParseException + */ + + public CreateXMLSignatureResponse parseResponse() throws ParseException { + CreateXMLSignatureResponse cResp; + try { + cResp = new CreateXMLSignatureResponse(); + String slPrefix = XPathUtils.getSlPrefix(sigResponse_); + cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse_, "/" + slPrefix + SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null)); + cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse_, "/" + slPrefix + SAML_ASSERTION_XPATH)); + NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse_, "/" + slPrefix + SAML_ATTRIBUTE_XPATH); + Element samlAttr; + List<SAMLAttribute> samlAttributes = new ArrayList<SAMLAttribute>(); + while ((samlAttr = (Element) attrIter.nextNode()) != null) { + String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", ""); + String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", ""); + Object attrValue; + Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH); + attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes()); + if (attrValue == null) { + if (null!=attrValueElem.getFirstChild()) { + attrValue = attrValueElem.getFirstChild().getNodeValue(); + } else { + attrValue = ""; + } + } + samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); + } + SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; + samlAttributes.toArray(result); + cResp.setSamlAttributes(result); + + NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); + Element dsigSignatureNode = (Element) list.item(0); + cResp.setDsigSignature(dsigSignatureNode); + + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + return cResp; + } + +// public CreateXMLSignatureResponse parseResponse() throws ParseException { +// CreateXMLSignatureResponse cResp; +// try { +// cResp = new CreateXMLSignatureResponse(); +// Element samlAssertion = (Element)sigResponse.getElementsByTagNameNS(Constants.SAML_NS_URI, "Assertion").item(0); +// cResp.setSamlAssertion(samlAssertion); +// Element samlAttributeStatement = (Element)samlAssertion.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeStatement").item(0); +// Element samlSubject = (Element)samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Subject").item(0); +// Element samlNameIdentifier = (Element)samlSubject.getElementsByTagNameNS(Constants.SAML_NS_URI, "NameIdentifier").item(0); +// cResp.setSamlNameIdentifier(samlNameIdentifier.getFirstChild().getNodeValue()); +// NodeList nl = samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Attribute"); +// List samlAttributes = new ArrayList(); +// for (int i=0; i<nl.getLength(); i++) { +// Element samlAttribute = (Element)nl.item(i); +// String attrName = samlAttribute.getAttribute("AttributeName"); +// String attrNamespace = samlAttribute.getAttribute("AttributeNamespace"); +// String attrValue = ((Element)samlAttribute.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeValue").item(0)).getFirstChild().getNodeValue(); +// samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); +// } +// SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; +// samlAttributes.toArray(result); +// cResp.setSamlAttributes(result); +// } +// catch (Throwable t) { +// throw new ParseException("parser.01", new Object[] { t.toString()}, t); +// } +// return cResp; +// } + + + + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java new file mode 100644 index 000000000..a09f0a2a8 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java @@ -0,0 +1,115 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.parser; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.exception.ParseException; + +/** + * Parses an <code><ErrorResponse></code>. + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class ErrorResponseParser { + + /** + * The error code included in this error response. + * <code>1000</code> is used as default value, if some problems occur on + * evaluating the error response. + */ + private String errorCode_ = "1000"; + + /** + * The error info included in this error response. + * <code><Unklassifizierter Fehler.></code> is used as default value, + * if some problems occur on evaluating the error response. + */ + private String errorInfo_ = "Unklassifizierter Fehler."; + + + /** + * This Constructor extracts the error code and error info included in this + * error response. + * + * @param errorElement The error element. This is the root element of + * the error response. + */ + public ErrorResponseParser(Element errorElement) throws ParseException { + if (errorElement != null) { + String namespace = errorElement.getNamespaceURI(); + NodeList nl = errorElement.getElementsByTagNameNS(namespace, "ErrorCode"); + if (nl.getLength() == 1) { + errorCode_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + } + nl = errorElement.getElementsByTagNameNS(namespace, "Info"); + if (nl.getLength() == 1) { + errorInfo_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + } + } + } + + /** + * Returns the error code included in this error response. + */ + public String getErrorCode() { + return errorCode_ ; + } + + /** + * Returns the information included in this error response. + * @return The error infomation String + */ + public String getErrorInfo() { + return errorInfo_ ; + } + + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java new file mode 100644 index 000000000..390467bf8 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -0,0 +1,203 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.parser; + +import java.util.Iterator; +import java.util.List; +import java.util.Vector; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.InfoboxToken; +import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * Parses and unmarshales <code>InfoboxReadResponse<code>. + * This parser is especially used for parsing additional responses (additional to that + * one containing the <code>IdentityLink</code> retuned from the BKU as an answer of + * a <code><PushInfobox></code> request. + */ +public class ExtendedInfoboxReadResponseParser { + + /** + * Hide default constructor. + */ + private ExtendedInfoboxReadResponseParser() { + } + + /** + * Parses and unmarshales the given <code>infoboxReadResponse</code> to a list of + * {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects. + * The method parses the given <code>infoboxReadResponse</code> + * + * @param infoboxReadResponse The infobox read response to be unmarshaled. + * @param infoboxName The name of the infobox the reponse corresponds to. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. Maybe empty. + * + * @throws ParseException If an error occurs on parsing and unmarshaling the response. + */ + public static List parseInfoboxReadResponse(String infoboxReadResponse, String infoboxName) + throws ParseException + { + Element infoboxReadResponseElem = null; + try { + Document doc = + DOMUtils.parseDocument(infoboxReadResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null); + infoboxReadResponseElem = doc.getDocumentElement(); + } catch (Exception e) { + Logger.error("InfoboxReadResponse for \"" + infoboxName + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ParseException("parser.01", new Object[] {infoboxName + "-InfoboxReadResponse"}); + } + + Vector infoboxTokenList = new Vector(); + + if (infoboxReadResponseElem != null) { + // avoid using namespace URI or prefix, because it might change within the response + // (e.g.: sl11-namespace, some child sl10-namespace + List infoboxReadResponseChildren = DOMUtils.getChildElements(infoboxReadResponseElem); + String key = null; + boolean primary = true; + Element infoboxReadResponseChild = (Element)infoboxReadResponseChildren.get(0); + String infoboxReadResponseChildName = infoboxReadResponseChild.getLocalName(); + if (infoboxReadResponseChildName.equals("AssocArrayData")) { + // get the <Pair> child elements from the <AssocArrayData> element + List assocArrayPairs = DOMUtils.getChildElements(infoboxReadResponseChild); + Iterator assocArrayPairIt = assocArrayPairs.iterator(); + int pairCount = 0; + // step through the <Pair> elemnts + while (assocArrayPairIt.hasNext()) { + Element assocArrayPair = (Element)assocArrayPairIt.next(); + // check if the element actually a "Pair" element and not only a "key" + if (assocArrayPair.getLocalName().equals("Key")) { + // do not accept only a Key + throw new ParseException("parser.07", new Object[] {infoboxName}); + } + key = assocArrayPair.getAttribute("Key"); + if (pairCount > 0) { + primary = false; + } + pairCount++; + infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(assocArrayPair, infoboxName, key, primary)); + } + + } else if (infoboxReadResponseChildName.equals("BinaryFileData")) { + infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(infoboxReadResponseChild, infoboxName, null, true)); + } + } + return infoboxTokenList; + } + + /** + * Unmarshales the <code><XMLContent></code> or + * <code><Base64Content></code> child of the given element to a list of + * infobox token. + * + * @param contentParent The elment including the <code><XMLContent></code> or + * <code><Base64Content></code> child to unmarshal the + * infobox token from. + * @param infoboxName The name of the infobox. + * @param key The key of an <code>AssocArrayData-Pair</code>. + * Maybe <code>null</code>. + * @param primary Specifies whether this token is the first (e.g. in an + * AssocArrayData) token. + * + * @return A infobox token list. + * + * @throws ParseException If the <code>contentParent</code> has no <code><XMLContent></code> + * or <code><Base64Content></code> child or the + * <code><XMLContent></code> is empty. + */ + public static List getTokenFromXMLOrBase64Content( + Element contentParent, + String infoboxName, + String key, + boolean primary) + throws ParseException + { + Vector tokenList = new Vector(); + // get the <XMLContent> or <Base64Content> + List content = DOMUtils.getChildElements(contentParent); + if (content.size() == 1) { + Element contentElem = (Element)content.get(0); + if (contentElem.getLocalName().equals("XMLContent")) { + List xmlContentChildren = DOMUtils.getChildElements(contentElem); + if (xmlContentChildren.size() == 0) { + throw new ParseException("parser.06", new Object[] {infoboxName, "Inhalt", "XMLContent"}); + } + int xmlCount = 0; + Iterator contentIt = xmlContentChildren.iterator(); + while (contentIt.hasNext()) { + Element xmlToken = (Element)contentIt.next(); + if (xmlCount > 0) { + primary = false; + } + InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, xmlToken); + tokenList.add(infoboxToken); + xmlCount++; + } + } else { + String base64Token = contentElem.getFirstChild().getNodeValue(); + InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, base64Token); + tokenList.add(infoboxToken); + } + } else { + throw new ParseException("parser.06", + new Object[] {infoboxName, "XMLContent oder Base64Content", contentParent.getLocalName()}); + } + return tokenList; + } + + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java new file mode 100644 index 000000000..28ce69e95 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -0,0 +1,274 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.parser; + +import iaik.x509.X509Certificate; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.security.cert.CertificateException; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.axis.encoding.Base64; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BKUException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an <code><InfoboxReadResponse></code>. + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class InfoboxReadResponseParser { + + /** This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element infoBoxElem_; + + /** + * Parses and validates the document given as string and extracts the + * root element. + * + * @param xmlResponse <code><InfoboxReadResponse></code> as String + * @throws ParseException If an element cannot be parsed + * @throws AuthenticationException If any authentication error occurs + * @throws BKUException + */ + public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException, BKUException { + + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + init(s); + } + + catch (BKUException e) { + throw e; + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is <code><InfoboxReadResponse></code> as InputStream + * @throws ParseException If an element cannot be parsed + * @throws AuthenticationException If any authentication error occurs + * @throws BKUException + */ + public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException, BKUException { + init(is); + } + + /** + * Initializes the parser. + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is The InfoBoxReadResponse as stream. + * @throws AuthenticationException If an authentication error occurs. + * @throws ParseException If an error occurs on parsing the the document. + * @throws BKUException + */ + private void init(InputStream is) throws AuthenticationException, ParseException, BKUException { + try { + + Element responseElem = DOMUtils.parseXmlValidating(is); + + if ("InfoboxReadResponse".equals(responseElem.getLocalName())) { + infoBoxElem_ = responseElem; + } else { + ErrorResponseParser erp = new ErrorResponseParser(responseElem); + throw new BKUException("auth.08", + new Object[] { erp.getErrorCode(), erp.getErrorInfo()}, + erp.getErrorCode(), + erp.getErrorInfo()); + } + + } catch (BKUException e) { + throw e; + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + + + /** + * Parses the embedded <code><saml:Assertion></code> element from <code><InfoboxReadResponse></code> + * @return <code><saml:Assertion></code> as String + * @throws ParseException on any parsing error + */ +// public String parseSAMLAssertion() throws ParseException { +// try { +// +// String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_); +// StringBuffer sb = new StringBuffer("/"); +// sb.append(slPrefix); +// sb.append(":InfoboxReadResponse/"); +// sb.append(slPrefix); +// sb.append(":BinaryFileData/"); +// sb.append(slPrefix); +// sb.append(":XMLContent/"); +// sb.append(Constants.SAML_PREFIX); +// sb.append(":Assertion"); +// String samlAssertionXPath = sb.toString(); +// Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath); +// return DOMUtils.serializeNode(samlAssertion); +// +// } +// catch (Throwable t) { +// throw new ParseException("parser.01", new Object[] { t.toString()}, t); +// } +// } + + /** + * Parses the embedded <code><saml:Assertion></code> element from <code><InfoboxReadResponse></code> + * @return <code><saml:Assertion></code> as String + * @throws ParseException on any parsing error + */ + public Element parseSAMLAssertion() throws ParseException { + try { + + String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_); + StringBuffer sb = new StringBuffer("/"); + sb.append(slPrefix); + sb.append(":InfoboxReadResponse/"); + sb.append(slPrefix); + sb.append(":BinaryFileData/"); + sb.append(slPrefix); + sb.append(":XMLContent/"); + sb.append(Constants.SAML_PREFIX); + sb.append(":Assertion"); + String samlAssertionXPath = sb.toString(); + Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath); + return samlAssertion; + + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses the identity link from the <code><saml:Assertion></code> + * @return Identity link + * @throws ParseException on any parsing error + */ + +// public IdentityLink parseIdentityLink() throws ParseException { +// String samlAssertionString = parseSAMLAssertion(); +// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString); +// return ilParser.parseIdentityLink(); +// } + + /** + * Parses the identity link from the <code><saml:Assertion></code> + * @return Identity link + * @throws ParseException on any parsing error + */ + public IdentityLink parseIdentityLink() throws ParseException { + Element samlAssertion = parseSAMLAssertion(); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + return ilParser.parseIdentityLink(); + } + + /** + * Returns the certificate given in the InfoboxReadResponse + * @return + * @throws ParseException + */ + public X509Certificate parseCertificate() throws ParseException { + try { + DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element nameSpaceNode = doc.createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.PD_PREFIX, Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + nameSpaceNode.setAttribute("xmlns:" + Constants.SL12_PREFIX, Constants.SL12_NS_URI); + + Element base64ContentElement = (Element)XPathAPI.selectSingleNode(infoBoxElem_.getParentNode(), "//sl:Base64Content[1]", nameSpaceNode); + + if (base64ContentElement == null) { + throw new ParseException("parser.01", new Object[] { "Could not find Base64Content for X509Certificate."}); + } + + String base64Content = DOMUtils.getText(base64ContentElement); + + // Decode Base64 value to X509Certificate + byte[] content = Base64.decode(base64Content); + return new X509Certificate(content); + + } catch (ParserConfigurationException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } catch (TransformerException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } catch (CertificateException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } + + } + + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java new file mode 100644 index 000000000..7bce406e0 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -0,0 +1,211 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.parser; + +import iaik.utils.Base64InputStream; +import iaik.x509.X509Certificate; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses a <code><VerifyXMLSignatureResponse></code> returned by + * MOA-SPSS. + * This class implements the Singleton pattern + * + * @author Stefan Knirsch + * @version $Id$ + */ + + +public class VerifyXMLSignatureResponseParser { + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching MOA Namespaces */ + private static final String MOA = Constants.MOA_PREFIX + ":"; + /** Xpath prefix for reaching DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; + + /** Xpath expression to the X509SubjectName element */ + private static final String DSIG_SUBJECT_NAME_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509SubjectName"; + /** Xpath expression to the X509Certificate element */ + private static final String DSIG_X509_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509Certificate"; + /** Xpath expression to the PublicAuthority element */ + private static final String PUBLIC_AUTHORITY_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "PublicAuthority"; + /** Xpath expression to the PublicAuthorityCode element */ + private static final String PUBLIC_AUTHORITY_CODE_XPATH = + PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; + /** Xpath expression to the QualifiedCertificate element */ + private static final String QUALIFIED_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "QualifiedCertificate"; + + /** Xpath expression to the SignatureCheckCode element */ + private static final String SIGNATURE_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureCheck/" + MOA + "Code"; + /** Xpath expression to the XMLDSIGManifestCheckCode element */ + private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; + /** Xpath expression to the SignatureManifestCheckCode element */ + private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code"; + /** Xpath expression to the CertificateCheckCode element */ + private static final String CERTIFICATE_CHECK_CODE_XPATH = + ROOT + MOA + "CertificateCheck/" + MOA + "Code"; + + + /** This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element verifyXMLSignatureResponse; + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming String will be created + * @param xmlResponse <code><InfoboxReadResponse></code> as String + * @throws ParseException on any parsing error + */ + public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{ + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming Inputstream will be created + * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream + * @throws Exception on any parsing error + */ + public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception + { + try { + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * The incoming Element will be used for further operations + * @param xmlResponse <code><InfoboxReadResponse></code> as Element + */ + public VerifyXMLSignatureResponseParser(Element xmlResponse) + { + verifyXMLSignatureResponse =xmlResponse; + + } + + /** + * Parse identity link from <code><InfoboxReadResponse></code> + * @return Identity link + * @throws ParseException on any parsing error + */ + + public VerifyXMLSignatureResponse parseData() throws ParseException { + + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + + try { + + String s = DOMUtils.serializeNode(verifyXMLSignatureResponse); + respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); + Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); + respData.setQualifiedCertificate(e!=null); + + Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( + verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); + + respData.setX509certificate(new X509Certificate(in)); + Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); + respData.setPublicAuthority(publicAuthority != null); + respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); + respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); + + String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); + if (xmlDsigCheckCode!=null) { + respData.setXmlDSIGManigest(true); + respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); + } else { + respData.setXmlDSIGManigest(false); + } + String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null); + if (signatureManifestCheckCode != null) { + respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); + } + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + return respData; + } + + +} |