aboutsummaryrefslogtreecommitdiff
path: root/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface
diff options
context:
space:
mode:
Diffstat (limited to 'spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface')
-rw-r--r--spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java19
-rw-r--r--spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java250
2 files changed, 257 insertions, 12 deletions
diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java
index 419f1fb9b..6373f37fe 100644
--- a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java
+++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java
@@ -6,19 +6,16 @@
package at.gv.egovernment.moa.spss.slinterface;
/**
- * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)
+ * @author Gregor Karlinger (mailto:gregor.karlinger@siemens.com)
*/
public class Constants
{
// System properties
- public static final String SP_INIT_PROPS_LOC_ =
- "at.gv.egovernment.moa.spss.slinterface.PropertiesLocation";
+
+ public static final String SP_INIT_PROPS_LOC_ = "at.gv.egovernment.moa.spss.slinterface.PropertiesLocation";
// Init properties
- // TODO Revisit if constants can be removed
- // public static final String IP_SL2MOA_STYLESHEET_ = "location.stylesheet.sl2moa";
- // public static final String IP_MOA2SL_STYLESHEET_ = "location.stylesheet.moa2sl";
public static final String IP_SL_SCHEMA_ = "location.schema.sl";
public static final String IP_MOA_SCHEMA_ = "location.schema.moa";
public static final String IP_SLXHTML_SCHEMA_ = "location.schema.slxhtml";
@@ -44,15 +41,13 @@ public class Constants
public static final String LH_FILTERS_ = LH_BASE_ + ".filters";
public static final String LH_SERVLETS_ = LH_BASE_ + ".servlets";
public static final String LH_BEANS_ = LH_BASE_ + ".beans";
+ public static final String LH_TRANSFORMERS_ = LH_BASE_ + ".transformers";
public static final String LH_TEST_ = LH_BASE_ + ".test";
// Web service context parameters
public static final String WSCP_INIT_PROPS_ = "initProperties";
public static final String WSCP_INITPROPS_BEAN_ = "initPropertiesBean";
- // TODO Revisit if constants can be removed
- // public static final String WSCP_SL2MOA_TRANSFORMER_ = "sl2MoaTransformer";
- // public static final String WSCP_MOA2SL_TRANSFORMER_ = "moa2SlTransformer";
public static final String WSCP_XMLPARSER_ = "xmlParser";
public static final String WSCP_URL_REWRITER_ = "urlRewriter";
@@ -68,13 +63,17 @@ public class Constants
public static final String NSURI_SL_10_ = "http://www.buergerkarte.at/namespaces/securitylayer/20020225#";
public static final String NSURI_SL_11_ = "http://www.buergerkarte.at/namespaces/securitylayer/20020831#";
+
// TODO Change Namespace to final SL 1.2
public static final String NSURI_SL_12_ = "http://www.buergerkarte.at/namespaces/securitylayer/20031231#";
+
public static final String NSURI_MOA_12_ = "http://reference.e-government.gv.at/namespace/moa/20020822#";
public static final String NSURI_NAMESPACES_ = "http://www.w3.org/2000/xmlns/";
public static final String NSURI_XML_ = "http://www.w3.org/XML/1998/namespace";
public static final String NSURI_DSIG_ = "http://www.w3.org/2000/09/xmldsig#";
public static final String NSURI_XHTML_ = "http://www.w3.org/1999/xhtml";
+ public static final String NSURI_ETSI_ = "http://uri.etsi.org/01903/v1.2.2#";
+ public static final String NSURI_XMLBGBL_ = "http://www.bka.gv.at";
// Namespace prefixes
public static final String NSPRE_SL_10_ = "sl10";
@@ -83,6 +82,8 @@ public class Constants
public static final String NSPRE_MOA_12_ = "moa";
public static final String NSPRE_DSIG_ = "dsig";
public static final String NSPRE_XHTML_ = "xhtml";
+ public static final String NSPRE_ETSI_ = "etsi";
+ public static final String NSPRE_XMLBGBL_ = "bka";
// MOA invoker constants
diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java
index 6c476e9ce..eec295bab 100644
--- a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java
+++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java
@@ -5,20 +5,49 @@
*/
package at.gv.egovernment.moa.spss.slinterface.transformers;
+import java.io.InputStream;
+import java.net.URL;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
import java.util.HashMap;
+import java.util.StringTokenizer;
+import javax.servlet.ServletException;
+
+import org.apache.log4j.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.spss.slinterface.Constants;
+import at.gv.egovernment.moa.spss.slinterface.DOMUtils;
+import at.gv.egovernment.moa.spss.slinterface.XPathUtils;
/**
- * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)
+ * @author Gregor Karlinger (mailto:gregor.karlinger@siemens.com)
*/
public class SL2MOA
{
+ private static Logger logger_ = Logger.getLogger(Constants.LH_TRANSFORMERS_);
+
/**
- * Transforms an SL VerifyXMLSignatureRequest into a MOA VerifyXMLSignatureRequest.
+ * Transforms an SL <code>VerifyXMLSignatureRequest</code> into a MOA <code>VerifyXMLSignatureRequest
+ * </code> and makes the following additions to the resulting <code>VerifyXMLSignatureRequest</code>:
+ * <ul>
+ * <li>Insertion of a <code>DateTime</code> element to MOA <code>VerifyXMLSignatureRequest</code>, if no
+ * one exists and if no <code>etsi:SigningTime</code> element exists in the xml signature of the MOA
+ * VerifyXMLSinatureRequest</li> and if the creation time meta information could be extracted
+ * successfully from the E-Recht XML document signed by the XML signature contained in the
+ * MOA <code>VerifyXMLSignatureRequest</code> (see @link #extractXMLDocCreationTime(Element)).<li>
+ *
+ * <li>Addition of the <code>ReturnHashInputData</code> element indicating that MOA SP should return
+ * the hash input data for each <code>dsig:Reference</code> of the XML signature.</li>
+ *
+ * <li>Addition of the obligatory <code>TrustProfileID</code> element indicating the trust profile
+ * MOA ID should use for evaluating wheter the signer certificate used for creating the XML signature
+ * contained in the MOA <code>VerifyXMLSignatureRequest</code> is trusted.</li>
+ * </ul>
*
* @param slVerifyXMLSignatureRequest The SL VerifyXMLSignatureRequest to be transformed.
*
@@ -26,9 +55,11 @@ public class SL2MOA
* that <code>slVerifyXMLSignatureRequest</code> is modified into the moa request.
*
* @pre slVerifyXMLSignatureRequest is a valid instance of the SL Schema (version 1.2 or 1.1).
+ *
+ * @throws ServletException if transforming the request fails for any reason.
*/
public static Document toMoaVerifyXMLSignatureRequest(Document slVerifyXMLSignatureRequest,
- String trustProfileID)
+ String trustProfileID) throws ServletException
{
// Namespace to namespace prefix mapping
HashMap prefixMap = new HashMap(4);
@@ -77,6 +108,29 @@ public class SL2MOA
// Convert SL request into MOA request
verifyRequestElem = Utils.transformDeep(verifyRequestElem, prefixMap, nsTransforms, nameTransforms);
+ // Add DateTime element to MOA VerifyXMLSignature request, if
+ // - no one exists and
+ // - no etsi:SigningTime element exists in the xml signature of the MOA VerifyXMLSinatureRequest
+ if (!dateTimeExists(verifyRequestElem) && !signingTimeExists(verifyRequestElem))
+ {
+ // Extract creation date meta information from E-Recht XML document for use in MOA VerifyXMLSignature request
+ String dateTimeStr = extractXMLDocCreationTime(verifyRequestElem);
+
+ if (dateTimeStr != null)
+ {
+ // Creation date meta information could be extracted successfully from E-Recht XML document
+ Element dateTimeElem = slVerifyXMLSignatureRequest.createElementNS(
+ Constants.NSURI_MOA_12_, Constants.NSPRE_MOA_12_ + ":DateTime");
+ dateTimeElem.appendChild(slVerifyXMLSignatureRequest.createTextNode(dateTimeStr));
+ Element verifySignatureInfoElem = DOMUtils.getChildElem(verifyRequestElem, Constants.NSURI_MOA_12_, "VerifySignatureInfo");
+ verifyRequestElem.insertBefore(dateTimeElem, verifySignatureInfoElem);
+ }
+ else
+ {
+ logger_.warn("Could not extract creation date meta information from E-Recht XML document.");
+ }
+ }
+
// Add ReturnHashInputData element
Element returnHashInputDataElem = slVerifyXMLSignatureRequest.createElementNS(
Constants.NSURI_MOA_12_, Constants.NSPRE_MOA_12_ + ":ReturnHashInputData");
@@ -90,4 +144,194 @@ public class SL2MOA
return slVerifyXMLSignatureRequest;
}
+
+ /**
+ * Extracts the creation time meta information from the E-Recht XML document that is referenced by
+ * the XML signature contained in the specified MOA <code>VerifyXMLSignatureRequest</code>.
+ *
+ * @param verifyRequestElem The MOA <code>VerifyXMLSignatureRequest</code>. It is assumed that the
+ * request contains an XML signature which signs a E-Recht XML document
+ * (referring to the E-Recht XML document and transforming it to a corresponding
+ * XHTML representation respectively). The E-Recht XML document is assumed to
+ * have a root element with the name <code>erechtdok</code> in the namespace
+ * <code>http://www.bka.gv.at</code>. The creation time meta information is
+ * assumed to be contained in the attribute <code>h-created</code> of the root
+ * element. The value of the attribute <code>h-created</code> is assumed to have
+ * the format <code>dd. MMMMM yyyy, hh:mm:ss</code> where MMMMM denotes the month
+ * in German prose (see @link #convertMonth(String)).
+ *
+ * @return the extracted creation time meta information, or <code>null</code>, if the extraction fails for
+ * any reason.
+ */
+ private static String extractXMLDocCreationTime(Element verifyRequestElem)
+ {
+
+ // Get E-Recht XML document using location information in MOA VerifyXMLSignature request
+ String nSPrefixes = Constants.NSPRE_MOA_12_ + " " + Constants.NSURI_MOA_12_;
+ String xPathXMLDocumentLocContent =
+ "//" + Constants.NSPRE_MOA_12_ + ":SupplementProfile" +
+ "/" + Constants.NSPRE_MOA_12_ + ":Content[@Reference=\"dokument.xml\"]" +
+ "/" + Constants.NSPRE_MOA_12_ + ":LocRefContent";
+ Document xmlDocument = null;
+ try
+ {
+ XPathUtils utils = new XPathUtils();
+ utils.setupContext(xPathXMLDocumentLocContent, verifyRequestElem, nSPrefixes);
+ NodeList resultNL = utils.selectNodeSet(verifyRequestElem);
+
+ if (resultNL == null || resultNL.getLength() < 1)
+ {
+ logger_.warn("LocRefContent element for E-Recht XML document not found in MOA VerifyXMLSignatureRequest.");
+ return null;
+ }
+
+ URL locRefURL = new URL(DOMUtils.getText((Element) resultNL.item(0)));
+ InputStream locRefURLIS = locRefURL.openStream();
+ xmlDocument = DOMUtils.parseWellFormed(locRefURLIS);
+ }
+ catch (Exception e)
+ {
+ String message = "An error occurred while trying to load E-Recht XML document:";
+ logger_.warn(message, e);
+ return null;
+ }
+
+ // Extract attribute "h-created" from E-Recht XML document root element
+ String hCreated = xmlDocument.getDocumentElement().getAttributeNS(null, "h-created");
+ if (hCreated == null || "".equals(hCreated))
+ {
+ logger_.warn("Attribute \"h-created\" not found in E-Recht XML document root element.");
+ return null;
+ }
+
+ // Convert attribute "h-created" into a java date ("h-created" has formats like "10. März 2006, 11:15:09")
+ try
+ {
+ String dateStr = hCreated.substring(0, hCreated.indexOf(',')).trim();
+ String timeStr = hCreated.substring(hCreated.indexOf(',') + 1).trim();
+
+ StringTokenizer tokenizer = new StringTokenizer(dateStr, " ");
+ String dateDayStr = tokenizer.nextToken();
+ int dateDay = Integer.parseInt(dateDayStr.substring(0, dateDayStr.indexOf('.')));
+ String dateMonthAlphaStr = tokenizer.nextToken();
+ int dateMonthNum = convertMonth(dateMonthAlphaStr);
+ int dateYear = Integer.parseInt(tokenizer.nextToken());
+
+ tokenizer = new StringTokenizer(timeStr, ":");
+ int timeHours = Integer.parseInt(tokenizer.nextToken());
+ int timeMins = Integer.parseInt(tokenizer.nextToken());
+ int timeSecs = Integer.parseInt(tokenizer.nextToken());
+
+ GregorianCalendar calendar = new GregorianCalendar(dateYear, dateMonthNum, dateDay, timeHours, timeMins, timeSecs);
+ SimpleDateFormat dF = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
+ return dF.format(calendar.getTime());
+ }
+ catch (Throwable t)
+ {
+ logger_.warn("Attribute \"h-created\" in E-Recht XML document root element has unexpected format: " + hCreated);
+ return null;
+ }
+ }
+
+ /**
+ * Converts the specified month name into a numeric representation as specified in @link Calendar, e.g.
+ * @link Calendar#JANUARY.
+ *
+ * @param dateMonthAlphaStr The specified month name; must be one of <code>Jänner</code>, <code>Januar</code>,
+ * <code>Februar</code>, <code>Feber</code>, <code>März</code>, <code>April</code>,
+ * <code>Mai</code>, <code>Juni</code>, <code>Juli</code>, <code>August</code>,
+ * <code>September</code>, <code>Oktober</code>, <code>November</code>, or
+ * <code>Dezember</code>.
+ *
+ * @return the numeric representation of the specified month.
+ *
+ * @throws Exception if <code>dateMonthAlphaStr</code> contains an invalid month name.
+ */
+ private static int convertMonth(String dateMonthAlphaStr) throws Exception
+ {
+ if ("Jänner".equalsIgnoreCase(dateMonthAlphaStr) || "Januar".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.JANUARY;
+ if ("Februar".equalsIgnoreCase(dateMonthAlphaStr) || "Feber".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.FEBRUARY;
+ if ("März".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.MARCH;
+ if ("April".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.APRIL;
+ if ("Mai".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.MAY;
+ if ("Juni".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.JUNE;
+ if ("Juli".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.JULY;
+ if ("August".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.AUGUST;
+ if ("September".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.SEPTEMBER;
+ if ("Oktober".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.OCTOBER;
+ if ("November".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.NOVEMBER;
+ if ("Dezember".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.DECEMBER;
+
+ String message = "Invalid month identifier found in attribute \"h-created\":" + dateMonthAlphaStr;
+ logger_.warn(message);
+ throw new Exception(message);
+ }
+
+ /**
+ * Checks wheter a <code>DateTime</code> element exists in the specified MOA <code>
+ * VerifyXMLSignatureRequest</code>.
+ *
+ * @param moaVerifyXMLSignatureRequest The MOA <code>VerifyXMLSingatureRequest</code>.
+ *
+ * @return <code>true</code> if the element exists, <code>false</code> otherwhise.
+ *
+ * @throws ServletException if the check fails for any reason.
+ */
+ private static boolean dateTimeExists(Element moaVerifyXMLSignatureRequest) throws ServletException
+ {
+ String nSPrefixes = Constants.NSPRE_MOA_12_ + " " + Constants.NSURI_MOA_12_;
+ String xPathDateTime = "//" + Constants.NSPRE_MOA_12_ + ":DateTime";
+
+ NodeList resultNL;
+ try
+ {
+ XPathUtils utils = new XPathUtils();
+ utils.setupContext(xPathDateTime, moaVerifyXMLSignatureRequest, nSPrefixes);
+ resultNL = utils.selectNodeSet(moaVerifyXMLSignatureRequest);
+ }
+ catch (Exception e)
+ {
+ String message = "An error occurred while checking for DateTime element in MOA VerifyXMLSignatureRequest:";
+ logger_.error(message, e);
+ throw new ServletException(message, e);
+ }
+
+ if (resultNL == null) return false;
+ if (resultNL.getLength() < 1) return false;
+ return true;
+ }
+
+ /**
+ * Checks whether an <code>etsi:SigningTime</code> signed attribute exists as part of the XML signature
+ * contained in the specified MOA <code>VerifyXMLSingatureRequest</code>.
+ *
+ * @param moaVerifyXMLSignatureRequest The MOA <code>VerifyXMLSingatureRequest</code>.
+ *
+ * @return <code>true</code>, if the attribute exists, <code>false</code> otherwhise.
+ *
+ * @throws ServletException if the check fails for any reason.
+ */
+ private static boolean signingTimeExists(Element moaVerifyXMLSignatureRequest) throws ServletException
+ {
+ String nSPrefixes = Constants.NSPRE_ETSI_ + " " + Constants.NSURI_ETSI_;
+ String xPathDateTime = "//" + Constants.NSPRE_ETSI_ + ":SigningTime";
+
+ NodeList resultNL;
+ try
+ {
+ XPathUtils utils = new XPathUtils();
+ utils.setupContext(xPathDateTime, moaVerifyXMLSignatureRequest, nSPrefixes);
+ resultNL = utils.selectNodeSet(moaVerifyXMLSignatureRequest);
+ }
+ catch (Exception e)
+ {
+ String message = "An error occurred while checking for " + Constants.NSPRE_ETSI_ + ":SigningTime element in XML signature in MOA VerifyXMLSignatureRequest:";
+ logger_.error(message, e);
+ throw new ServletException(message, e);
+ }
+
+ if (resultNL == null) return false;
+ if (resultNL.getLength() < 1) return false;
+ return true;
+ }
}