From c8223bd5aaf9466fb6c72fe8a5a13b1b105b7c17 Mon Sep 17 00:00:00 2001 From: "harald.bratko" Date: Fri, 22 Jul 2005 15:11:48 +0000 Subject: updated for wbPK git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@398 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../AuthenticationBlockAssertionBuilder.java | 96 ++++++++++++++++------ .../AuthenticationDataAssertionBuilder.java | 65 ++++++++++++--- .../CertInfoVerifyXMLSignatureRequestBuilder.java | 54 +++++++++--- .../builder/CreateXMLSignatureRequestBuilder.java | 72 +++++++++++----- .../auth/builder/GetIdentityLinkFormBuilder.java | 8 +- .../id/auth/builder/InfoboxReadRequestBuilder.java | 71 +++++++++++++--- 6 files changed, 283 insertions(+), 83 deletions(-) (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/builder') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 41f439d04..ec412deb3 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -12,26 +12,39 @@ import at.gv.egovernment.moa.util.Constants; * @version $Id$ */ public class AuthenticationBlockAssertionBuilder implements Constants { - /** private static String nl contains the NewLine representation in Java*/ + /** the NewLine representation in Java*/ private static String nl = "\n"; - /** private static String AUTH_BLOCK contains an XML-Auth-Block-Template */ + /** template for the Auth-Block */ private static String AUTH_BLOCK = - "" + nl + - " " + nl + - " " + nl + - " {2}" + nl + - " " + nl + - " " + nl + - " {3}" + nl + - " " + nl + - " " + nl + - " {4}" + nl + - " " + nl + - " " + nl + - " {5}" + nl + - " " + nl + - " " + nl + - ""; + "" + nl + + " " + nl + + " " + nl + + " {3}" + nl + + " " + nl + + "{4}" + + " " + nl + + " {5}" + nl + + " " + nl + + " " + nl + + " {6}" + nl + + " " + nl + + " " + nl + + ""; + + private static String GESCHAEFTS_BEREICH_ATTRIBUTE = + " " + nl + + " {0}" + nl + + " " + nl; + + private static String WBPK_ATTRIBUTE = + " " + nl + + " " + nl + + " " + nl + + " {0}" + nl + + " {1}" + nl + + " " + nl + + " " + nl + + " " + nl; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -39,21 +52,56 @@ public class AuthenticationBlockAssertionBuilder implements Constants { public AuthenticationBlockAssertionBuilder() { super(); } + /** - * Builds the authentication block <saml:Assertion>. + * Builds the authentication block <saml:Assertion> * * @param issuer authentication block issuer; "GivenName FamilyName" * @param issueInstant current timestamp * @param authURL URL of MOA-ID authentication component - * @param target "Geschäftsbereich" + * @param target "Geschäftsbereich"; maybe null if the application + * is a business application + * @param identityLinkValue the content of the <pr:Value> + * child element of the <pr:Identification> + * element derived from the Identitylink; this is the + * value of the wbPK; + * maybe null if the application is a public service + * @param identiyLinkType the content of the <pr:Type> + * child element of the <pr:Identification> + * element derived from the Identitylink; this includes the + * URN prefix and the identification number of the business + * application used as input for wbPK computation; + * maybe null if the application is a public service * @param oaURL public URL of online application requested * @return String representation of authentication block * <saml:Assertion> built */ - public String build(String issuer, String issueInstant, String authURL, String target, String oaURL, String GebDat) { - String assertion = MessageFormat.format( - AUTH_BLOCK, new Object[] { issuer, issueInstant, authURL, target, oaURL, GebDat}); - return assertion; + public String buildAuthBlock(String issuer, + String issueInstant, + String authURL, + String target, + String identityLinkValue, + String identityLinkType, + String oaURL, + String GebDat) + { + + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + if (target == null) { + // OA is a business application + gebeORwbpk = MessageFormat.format( + WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\" xmlns:si=\"" + PD_NS_URI + "\""; + } else { + gebeORwbpk = MessageFormat.format( + GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + } + + String assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { wbpkNSDeclaration, issuer, issueInstant, authURL, gebeORwbpk, oaURL, GebDat}); + return assertion; + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index eaf9aa0ae..cdb660010 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -26,19 +26,23 @@ public class AuthenticationDataAssertionBuilder implements Constants { " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + " " + NL + " " + NL + - " {3}" + NL + + " {4}" + NL + " " + NL + " " + MOA_NS_URI + "cm" + NL + - " {4}{5}" + NL + + " {5}{6}" + NL + " " + NL + " " + NL + " " + NL + - " {6}" + NL + + " {7}" + NL + " " + NL + " " + NL + - " {7}" + NL + + " {8}" + NL + " " + NL + - "{8}" + + " " + NL + + " {9}" + NL + + " " + NL + + "{10}" + + "{11}" + " " + NL + ""; /** @@ -49,6 +53,11 @@ public class AuthenticationDataAssertionBuilder implements Constants { " " + NL + " {0}" + NL + " " + NL; + + private static final String SIGNER_CERTIFICATE_ATT = + " " + NL + + " {0}" + NL + + " " + NL; /** * Constructor for AuthenticationDataAssertionBuilder. @@ -67,6 +76,12 @@ public class AuthenticationDataAssertionBuilder implements Constants { * lt;saml:SubjectConfirmationData> element; may include * the "Stammzahl" or not; may be empty * @param xmlIdentityLink the IdentityLink + * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe + * an empty string if the signer certificate should not be provided. + * Will be ignored if the businessService parameter is + * set to false. + * @param businessService true if the online application is a + * business service, otherwise false * @return the <saml:Assertion> * @throws BuildException if an error occurs during the build process */ @@ -74,7 +89,10 @@ public class AuthenticationDataAssertionBuilder implements Constants { AuthenticationData authData, String xmlPersonData, String xmlAuthBlock, - String xmlIdentityLink) throws BuildException { + String xmlIdentityLink, + String bkuURL, + String signerCertificateBase64, + boolean businessService) throws BuildException { String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; String publicAuthorityAttribute = ""; @@ -85,17 +103,38 @@ public class AuthenticationDataAssertionBuilder implements Constants { publicAuthorityAttribute = MessageFormat.format( PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); } - + + + String signerCertificateAttribute = ""; + if (signerCertificateBase64 != "") { + signerCertificateAttribute = MessageFormat.format( + SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); + } + + String pkType; + String pkValue; + if (businessService) { + pkType = authData.getIdentificationType(); + pkValue = authData.getWPBK(); + + } else { + pkType = URN_PREFIX_BPK; + pkValue = authData.getPBK(); + } + String assertion = MessageFormat.format(AUTH_DATA, new Object[] { - authData.getAssertionID(), + authData.getAssertionID(), authData.getIssuer(), authData.getIssueInstant(), - authData.getPBK(), - removeXMLDeclaration(xmlAuthBlock), - removeXMLDeclaration(xmlIdentityLink), + pkType, + pkValue, + removeXMLDeclaration(xmlAuthBlock), + removeXMLDeclaration(xmlIdentityLink), removeXMLDeclaration(xmlPersonData), - isQualifiedCertificate, - publicAuthorityAttribute}); + isQualifiedCertificate, + bkuURL, + publicAuthorityAttribute, + signerCertificateAttribute}); return assertion; } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index 5ceb1d1c0..cb6c8b31b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -1,9 +1,13 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.io.File; import java.io.IOException; +import java.text.MessageFormat; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the <VerifyXMLSignatureRequest> structure @@ -12,10 +16,26 @@ import at.gv.egovernment.moa.util.FileUtils; * @author Paul Ivancsics * @version $Id$ */ -public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder { +public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements Constants { /** special tag in the VerifyXMLRequest template to be substituted for a <dsig:Signature> */ private static final String SIGNATURE_TAG = ""; + + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** + * XML template for the CertInfoVerifyXMLSignatureRequest to be built + */ + static final String CERTINFO_REQUEST = + "" + nl + + "<{0}:VerifyXMLSignatureRequest {2} xmlns:xml=\"" + XML_NS_URI + "\" xmlns:dsig=\"" + DSIG_NS_URI + "\">" + nl + + " <{0}:SignatureInfo>" + nl + + " <{0}:SignatureEnvironment>" + nl + + " <{1}:XMLContent xml:space=\"preserve\">" + nl + + " " + nl + + " <{0}:SignatureLocation>//dsig:Signature" + nl + + " " + nl + + ""; /** * Constructor @@ -28,16 +48,30 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder { * @return the XML structure * @throws BuildException */ - public String build() throws BuildException { - String resCertInfoRequest = "resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml"; - String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; - String certInfoRequest; - try { - certInfoRequest = FileUtils.readResource(resCertInfoRequest, "UTF-8"); - } - catch (IOException ex) { - throw new BuildException("auth.04", new Object[] {resCertInfoRequest, ex.toString()}); + public String build(boolean slVersion12) throws BuildException { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + if (slVersion12) { + + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\""; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; + } + + String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration}); + String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; + + try { String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 48320c4f5..51429251e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the <CreateXMLSignatureRequest> structure @@ -17,22 +18,23 @@ public class CreateXMLSignatureRequestBuilder implements Constants { private static final String nl = "\n"; /** * XML template for the <moa:CreateXMLSignatureRequest> to be built - */ + */ private static final String CREATE_XML_SIGNATURE_REQUEST = - "" + nl + - "" + nl + - " {1}" + nl + - " " + nl + - " " + nl + - "{2}" + - " " + nl + - " " + nl + - " " + nl + - " {0}" + nl + - " " + nl + - " /saml:Assertion" + nl + - " " + nl + - ""; + "" + nl + + "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl + + " <{3}:KeyboxIdentifier>{1}" + nl + + " <{3}:DataObjectInfo Structure=''detached''>" + nl + + " <{4}:DataObject Reference=''''/>" + nl + + "{2}" + + " " + nl + + " <{3}:SignatureInfo>" + nl + + " <{3}:SignatureEnvironment>" + nl + + " <{4}:XMLContent>{0}" + nl + + " " + nl + + " <{3}:SignatureLocation Index=''2''>/saml:Assertion" + nl + + " " + nl + + ""; + /** * Constructor for CreateXMLSignatureRequestBuilder. @@ -46,14 +48,46 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * * @param authBlock String representation of XML authentication block * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeypair) + * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <CreateXMLSignatureRequest> */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) { - String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) + public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + String dsigTransformInfosString = ""; + for (int i = 0; i < dsigTransformInfos.length; i++) { dsigTransformInfosString += dsigTransformInfos[i]; + } + + if (slVersion12) { + + // replace the SecurityLayer namespace prefixes and URIs within the transforms + dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, + SL10_PREFIX, SL12_PREFIX, + SL10_NS_URI, SL12_NS_URI); + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; + + } + String request = MessageFormat.format( - CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, keyBoxIdentifier, dsigTransformInfosString }); + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, + keyBoxIdentifier, + dsigTransformInfosString, + sl11Prefix, + sl10Prefix, + slNsDeclaration }); + return request; } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index dbc14804d..4fb5b0837 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -27,8 +27,6 @@ public class GetIdentityLinkFormBuilder extends Builder { /** special tag in the HTML template to be substituted for the certificate info data URL */ private static final String CERTINFO_DATAURL_TAG = ""; - /** default BKU URL */ - private static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** default HTML template */ private static final String DEFAULT_HTML_TEMPLATE = "" + nl + @@ -84,11 +82,11 @@ public class GetIdentityLinkFormBuilder extends Builder { throws BuildException { String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); +// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest)); htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL); - htmlForm = replaceTag(htmlForm, BKU_TAG, bku); + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest)); htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL); return htmlForm; diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index d3e100671..c2bafe43b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -11,29 +11,76 @@ import at.gv.egovernment.moa.util.Constants; */ public class InfoboxReadRequestBuilder implements Constants { - /** - * XML template for the <sl10:InfoboxReadRequest> to be built - */ - String INFOBOX_READ_REQUEST = - "" + - "" + - "IdentityLink" + - "" + - ""; /** * Constructor for InfoboxReadRequestBuilder. */ public InfoboxReadRequestBuilder() { } + + /** * Builds an <InfoboxReadRequest>. * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * * @return <InfoboxReadRequest> as String */ - public String build() { - String request = INFOBOX_READ_REQUEST; - return request; + public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + if (slVersion12) { + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + } else { + slPrefix = SL10_PREFIX; + slNsDeclaration = SL10_NS_URI; + } + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + } + sb.append(""); + + return sb.toString(); + } } -- cgit v1.2.3