From dd45e938564249a5e6897bd92dd29808d8990868 Mon Sep 17 00:00:00 2001 From: rudolf Date: Fri, 24 Oct 2003 08:34:56 +0000 Subject: MOA-ID version 1.1 (initial) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../AuthenticationBlockAssertionBuilder.java | 56 ++++++ .../AuthenticationDataAssertionBuilder.java | 114 ++++++++++++ .../egovernment/moa/id/auth/builder/Builder.java | 30 +++ .../CertInfoVerifyXMLSignatureRequestBuilder.java | 51 ++++++ .../builder/CreateXMLSignatureRequestBuilder.java | 58 ++++++ .../moa/id/auth/builder/DataURLBuilder.java | 55 ++++++ .../auth/builder/GetIdentityLinkFormBuilder.java | 137 ++++++++++++++ .../id/auth/builder/InfoboxReadRequestBuilder.java | 39 ++++ .../moa/id/auth/builder/PersonDataBuilder.java | 58 ++++++ .../moa/id/auth/builder/SAMLArtifactBuilder.java | 60 ++++++ .../moa/id/auth/builder/SAMLResponseBuilder.java | 100 ++++++++++ .../moa/id/auth/builder/SelectBKUFormBuilder.java | 63 +++++++ .../moa/id/auth/builder/VPKBuilder.java | 52 ++++++ .../builder/VerifyXMLSignatureRequestBuilder.java | 203 +++++++++++++++++++++ 14 files changed, 1076 insertions(+) create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/builder') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java new file mode 100644 index 000000000..4babf948c --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the authentication block <saml:Assertion> + * to be included in a <CreateXMLSignatureResponse>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationBlockAssertionBuilder implements Constants { + /** private static String nl contains the NewLine representation in Java*/ + private static String nl = "\n"; + /** private static String AUTH_BLOCK contains an XML-Auth-Block-Template */ + private static String AUTH_BLOCK = + "" + nl + + " " + nl + + " " + nl + + " {2}" + nl + + " " + nl + + " " + nl + + " {3}" + nl + + " " + nl + + " " + nl + + " {4}" + nl + + " " + nl + + " " + nl + + ""; + + /** + * Constructor for AuthenticationBlockAssertionBuilder. + */ + public AuthenticationBlockAssertionBuilder() { + super(); + } + /** + * Builds the authentication block <saml:Assertion>. + * + * @param issuer authentication block issuer; "GivenName FamilyName" + * @param issueInstant current timestamp + * @param authURL URL of MOA-ID authentication component + * @param target "Geschäftsbereich" + * @param oaURL public URL of online application requested + * @return String representation of authentication block + * <saml:Assertion> built + */ + public String build(String issuer, String issueInstant, String authURL, String target, String oaURL) { + String assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { issuer, issueInstant, authURL, target, oaURL }); + return assertion; + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java new file mode 100644 index 000000000..fd7cb1a9d --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -0,0 +1,114 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the authentication data <saml:Assertion> + * to be provided by the MOA ID Auth component. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationDataAssertionBuilder implements Constants { + /** private static String NL contains the NewLine representation in Java*/ + private static final String NL = "\n"; + /** + * XML template for the <saml:Assertion> to be built + */ + private static final String AUTH_DATA = + "" + NL + + "" + NL + + " " + NL + + " " + NL + + " {3}" + NL + + " " + NL + + " " + MOA_NS_URI + "cm" + NL + + " {4}{5}" + NL + + " " + NL + + " " + NL + + " " + NL + + " {6}" + NL + + " " + NL + + " " + NL + + " {7}" + NL + + " " + NL + + "{8}" + + " " + NL + + ""; + /** + * XML template for the <saml:Attribute> named "isPublicAuthority", + * to be inserted into the <saml:Assertion> + */ + private static final String PUBLIC_AUTHORITY_ATT = + " " + NL + + " {0}" + NL + + " " + NL; + + /** + * Constructor for AuthenticationDataAssertionBuilder. + */ + public AuthenticationDataAssertionBuilder() { + super(); + } + + /** + * Builds the authentication data <saml:Assertion>. + * + * @param authData the AuthenticationData to build the + * <saml:Assertion> from + * @param xmlPersonData lt;pr:Person> element as a String + * @param xmlAuthBlock authentication block to be included in a + * lt;saml:SubjectConfirmationData> element; may include + * the "ZMR-Zahl" or not; may be empty + * @param xmlIdentityLink the IdentityLink + * @return the <saml:Assertion> + * @throws BuildException if an error occurs during the build process + */ + public String build( + AuthenticationData authData, + String xmlPersonData, + String xmlAuthBlock, + String xmlIdentityLink) throws BuildException { + + String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; + String publicAuthorityAttribute = ""; + if (authData.isPublicAuthority()) { + String publicAuthorityIdentification = authData.getPublicAuthorityCode(); + if (publicAuthorityIdentification == null) + publicAuthorityIdentification = "True"; + publicAuthorityAttribute = MessageFormat.format( + PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); + } + + String assertion = MessageFormat.format(AUTH_DATA, new Object[] { + authData.getAssertionID(), + authData.getIssuer(), + authData.getIssueInstant(), + authData.getVPK(), + removeXMLDeclaration(xmlAuthBlock), + removeXMLDeclaration(xmlIdentityLink), + removeXMLDeclaration(xmlPersonData), + isQualifiedCertificate, + publicAuthorityAttribute}); + return assertion; + } + + /** + * Removes the XML declaration from an XML expression. + * @param xmlString XML expression as String + * @return XML expression, XML declaration removed + */ + private String removeXMLDeclaration(String xmlString) { + if (xmlString.startsWith("<VerifyXMLSignatureRequest> structure + * used for presenting certificate information in the secure viewer of the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder { + + /** special tag in the VerifyXMLRequest template to be substituted for a <dsig:Signature> */ + private static final String SIGNATURE_TAG = ""; + + /** + * Constructor + */ + public CertInfoVerifyXMLSignatureRequestBuilder() { + super(); + } + /** + * Builds the <VerifyXMLSignatureRequest> structure. + * @return the XML structure + * @throws BuildException + */ + public String build() throws BuildException { + String resCertInfoRequest = "resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml"; + String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; + String certInfoRequest; + try { + certInfoRequest = FileUtils.readResource(resCertInfoRequest, "UTF-8"); + } + catch (IOException ex) { + throw new BuildException("auth.04", new Object[] {resCertInfoRequest, ex.toString()}); + } + try { + String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); + certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature); + return certInfoRequest; + } + catch (IOException ex) { + throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()}); + } + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..8693c71a9 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -0,0 +1,58 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <CreateXMLSignatureRequest> structure + * used for requesting a signature under the authentication block from the + * security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class CreateXMLSignatureRequestBuilder implements Constants { + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** + * XML template for the <moa:CreateXMLSignatureRequest> to be built + */ + private static final String CREATE_XML_SIGNATURE_REQUEST = + "" + nl + + "" + nl + + " SecureSignatureKeypair" + nl + + " " + nl + + " " + nl + + "{1}" + + " " + nl + + " " + nl + + " " + nl + + " {0}" + nl + + " " + nl + + " /saml:Assertion" + nl + + " " + nl + + ""; + + /** + * Constructor for CreateXMLSignatureRequestBuilder. + */ + public CreateXMLSignatureRequestBuilder() { + super(); + } + + /** + * Builds the <CreateXMLSignatureRequest>. + * + * @param authBlock String representation of XML authentication block + * @return String representation of <CreateXMLSignatureRequest> + */ + public String build(String authBlock, String[] dsigTransformInfos) { + String dsigTransformInfosString = ""; + for (int i = 0; i < dsigTransformInfos.length; i++) + dsigTransformInfosString += dsigTransformInfos[i]; + String request = MessageFormat.format( + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString }); + return request; + } +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java new file mode 100644 index 000000000..575149d9e --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; + +/** + * Builds a DataURL parameter meant for the security layer implementation + * to respond to. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class DataURLBuilder { + + /** + * Constructor for DataURLBuilder. + */ + public DataURLBuilder() { + super(); + } + + /** + * Constructs a data URL for VerifyIdentityLink or VerifyAuthenticationBlock, + * including the MOASessionID as a parameter. + * + * @param authBaseURL base URL (context path) of the MOA ID Authentication component, + * including a trailing '/' + * @param authServletName request part of the data URL + * @param sessionID sessionID to be included in the dataURL + * @return String + */ + public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { + String dataURL = authBaseURL + authServletName; + dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); + return dataURL; + } + + /** + * Method addParameter. + * @param urlString represents the url + * @param paramname is the parameter to be added + * @param value is the value of that parameter + * @return String + */ + private String addParameter(String urlString, String paramname, String value) { + String url = urlString; + if (paramname != null) { + if (url.indexOf("?") < 0) + url += "?"; + else + url += "&"; + url += paramname + "=" + value; + } + return url; + } +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java new file mode 100644 index 000000000..8391fdd62 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -0,0 +1,137 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for HTML form requesting the security layer implementation + * to get the identity link from smartcard by a <InfoboxReadRequest>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class GetIdentityLinkFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String BKU_TAG = ""; + /** special tag in the HTML template to be substituted for the XML request */ + private static final String XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the data URL */ + private static final String DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for certificate info XML request */ + private static final String CERTINFO_XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the certificate info data URL */ + private static final String CERTINFO_DATAURL_TAG = ""; + + /** default BKU URL */ + private static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + "" + nl + + "" + nl + + "Auslesen der Personenbindung" + nl + + "" + nl + + "" + nl + + "
" + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + "
" + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + "" + nl + + ""; + + /** + * Constructor for GetIdentityLinkFormBuilder. + */ + public GetIdentityLinkFormBuilder() { + super(); + } + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL) + throws BuildException { + + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; + String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; + htmlForm = replaceTag(htmlForm, BKU_TAG, bku); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest)); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL); + htmlForm = replaceTag(htmlForm, BKU_TAG, bku); + htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest)); + htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL); + return htmlForm; + } + /** + * Encodes a string for inclusion as a parameter in the form. + * Double quotes are substituted by "&quot;". + * @param s the string to be encoded + * @return the string encoded + * @throws BuildException on any exception encountered + */ + public static String encodeParameter(String s) throws BuildException { + StringReader in = new StringReader(s); + StringWriter out = new StringWriter(); + try { + for (int ch = in.read(); ch >= 0; ch = in.read()) { + if (ch == '"') + out.write("""); + else if (ch == '<') + out.write("<"); + else if (ch == '>') + out.write(">"); + else if (ch == 'ä') + out.write("ä"); + else if (ch == 'ö') + out.write("ö"); + else if (ch == 'ü') + out.write("ü"); + else if (ch == 'Ä') + out.write("Ä"); + else if (ch == 'Ö') + out.write("Ö"); + else if (ch == 'Ü') + out.write("Ü"); + else if (ch == 'ß') + out.write("ß"); + else + out.write(ch); + } + } + catch (IOException ex) { + throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); + } + return out.toString(); + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java new file mode 100644 index 000000000..d3e100671 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <InfoboxReadRequest> structure + * used for requesting the identity link from the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class InfoboxReadRequestBuilder implements Constants { + + /** + * XML template for the <sl10:InfoboxReadRequest> to be built + */ + String INFOBOX_READ_REQUEST = + "" + + "" + + "IdentityLink" + + "" + + ""; + + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilder() { + } + /** + * Builds an <InfoboxReadRequest>. + * + * @return <InfoboxReadRequest> as String + */ + public String build() { + String request = INFOBOX_READ_REQUEST; + return request; + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java new file mode 100644 index 000000000..85ec1cb7f --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -0,0 +1,58 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Builder for the lt;pr:Person> element to be inserted + * in the authentication data lt;saml:Assertion>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class PersonDataBuilder { + + /** + * Constructor for PersonDataBuilder. + */ + public PersonDataBuilder() { + super(); + } + /** + * Builds the <pr:Person> element.
+ * Utilizes the parsed <prPerson> from the identity link + * and the information regarding inclusion of "ZMR-Zahl" in the + * <pr:Person> data. + * + * @param identityLink IdentityLink containing the + * attribute prPerson + * @param provideZMRZahl true if "ZMR-Zahl" is to be included; + * false otherwise + * @return the <pr:Person> element as a String + * @throws BuildException on any error + */ + public String build(IdentityLink identityLink, boolean provideZMRZahl) + throws BuildException { + + try { + Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); + if (! provideZMRZahl) { + Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification"); + prPerson.removeChild(prIdentification); + } + String xmlString = DOMUtils.serializeNode(prPerson); + return xmlString; + } + catch (Exception ex) { + throw new BuildException( + "builder.00", + new Object[] {"PersonData", ex.toString()}, + ex); + } + } +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java new file mode 100644 index 000000000..27e19e830 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.ByteArrayOutputStream; +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Builder for the SAML artifact, as defined in the + * Browser/Artifact profile of SAML. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactBuilder { + + /** + * Constructor for SAMLArtifactBuilder. + */ + public SAMLArtifactBuilder() { + super(); + } + + /** + * Builds the SAML artifact, encoded BASE64. + *
    + *
  • TypeCode: 0x0001.
    • + *
  • SourceID: SHA-1 hash of the authURL
    • + *
  • AssertionHandle: SHA-1 hash of the MOASessionID
    • + *
+ * @param authURL URL auf the MOA-ID Auth component to be used for construction + * of SourceID + * @param sessionID MOASessionID to be used for construction + * of AssertionHandle + * @return the 42-byte SAML artifact, encoded BASE64 + */ + public String build(String authURL, String sessionID) throws BuildException { + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] sourceID = md.digest(authURL.getBytes()); + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + return samlArtifactBase64; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, + ex); + } + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java new file mode 100644 index 000000000..a4fb5579e --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -0,0 +1,100 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.*; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * Builder for the lt;samlp:Response> used for passing + * result and status information from the GetAuthenticationData + * web service. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLResponseBuilder implements Constants { + /** XML - Template for samlp:Response */ + private static final String RESPONSE = + "" + + "" + + " " + + " " + + " {4}" + + " " + + " {5}" + + " " + + " {6}" + + ""; + /** XML - Template for samlp:StatusCode */ + private static final String SUB_STATUS_CODE = + ""; + + /** + * Constructor for SAMLResponseBuilder. + */ + public SAMLResponseBuilder() { + super(); + } + /** + * Builds the SAML response. + * @param responseID response ID + * @param inResponseTo request ID of lt;samlp:Request> responded to + * @param issueInstant current timestamp + * @param statusCode status code + * @param subStatusCode sub-status code refining the status code; may be null + * @param statusMessage status message + * @param samlAssertion SAML assertion representing authentication data + * @return SAML response as a DOM element + */ + public Element build( + String responseID, + String inResponseTo, + String issueInstant, + String statusCode, + String subStatusCode, + String statusMessage, + String samlAssertion) + throws BuildException { + + try { + String xmlSubStatusCode = + subStatusCode == null ? + "" : + MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode}); + String xmlResponse = MessageFormat.format(RESPONSE, new Object[] { + responseID, + inResponseTo, + issueInstant, + statusCode, + xmlSubStatusCode, + statusMessage, + removeXMLDeclaration(samlAssertion) }); + Element domResponse = DOMUtils.parseDocument(xmlResponse, true, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return domResponse; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] { "samlp:Response", ex.toString() }, + ex); + } + } + /** + * Removes the XML declaration from an XML expression. + * @param xmlString XML expression as String + * @return XML expression, XML declaration removed + */ + private String removeXMLDeclaration(String xmlString) { + if (xmlString.startsWith(""; + /** special tag in the HTML template to be substituted for the <select;gt; tag + * containing the BKU selection options */ + private static final String SELECT_TAG = ""; + /** + * Template for the default html-code to be returned as security-layer-selection to be built + */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + "" + nl + + "" + nl + + "Auswahl der Bürgerkartenumgebung" + nl + + "" + nl + + "" + nl + + "
" + nl + + SELECT_TAG + nl + + " " + nl + + "
" + nl + + "" + nl + + ""; + + /** + * Constructor + */ + public SelectBKUFormBuilder() { + super(); + } + /** + * Method build. Builds the form + * @param htmlTemplate to be used + * @param startAuthenticationURL the url where the startAuthenticationServlet can be found + * @param bkuSelectTag if a special bku should be used + * @return String + * @throws BuildException on any error + */ + public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag) + throws BuildException { + + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; + htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL); + htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag); + return htmlForm; + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java new file mode 100644 index 000000000..c18156a01 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Builder for the VPK, as defined in + * "Ableitung f¨r die verfahrensspezifische Personenkennzeichnung" + * version 1.0.1 from "reference.e-government.gv.at". + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class VPKBuilder { + + /** + * Builds the VPK from given parameters. + * @param identificationValue "ZMR-Zahl" + * @param dateOfBirth "Geburtsdatum" + * @param target "Verfahrensname"; will be transformed to lower case + * @return VPK in a BASE64 encoding + * @throws BuildException while building the VPK + */ + public String buildVPK(String identificationValue, String dateOfBirth, String target) + throws BuildException { + + if (identificationValue == null || identificationValue.length() == 0 + || dateOfBirth == null || dateOfBirth.length() == 0 + || target == null || target.length() == 0) + throw new BuildException( + "builder.00", + new Object[] {"VPK", + "Unvollständige Parameterangaben: identificationValue=" + identificationValue + + ",dateOfBirth=" + dateOfBirth + ",target=" + target}); + String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase(); + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes()); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } + catch (Exception ex) { + throw new BuildException( + "builder.00", + new Object[] {"VPK", ex.toString()}, + ex); + } + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..863162fd9 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -0,0 +1,203 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.*; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Builder for the <VerifyXMLSignatureRequestBuilder> structure + * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureRequestBuilder { + /** The MOA-Prefix */ + private static final String MOA = Constants.MOA_PREFIX + ":"; + /** the request as string */ + private String request; + /** the request as DOM-Element */ + private Element reqElem; + + /** + * Constructor for VerifyXMLSignatureRequestBuilder. + */ + public VerifyXMLSignatureRequestBuilder() {} + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param idl - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element build(IdentityLink idl, String trustProfileID) throws ParseException + { //samlAssertionObject + request = + "" + + "" + + " " + + " " + + " " + + " " + + " //dsig:Signature" + + " " + + " " // True bei CreateXMLSig Überprüfung + +" " + " " + // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) + +" " + " " + + // Testweise ReturnReferenceInputData = False + + +" " + + " " + + trustProfileID + + "" + + ""; + + try { + InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); + reqElem = DOMUtils.parseXmlValidating(s); + + String CONTENT_XPATH = + "//" + + MOA + + "VerifyXMLSignatureRequest/" + + MOA + + "VerifySignatureInfo/" + + MOA + + "VerifySignatureEnvironment/" + + MOA + + "XMLContent"; + + Element insertTo = + (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + insertTo.appendChild( + insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true)); + + String SIGN_MANI_CHECK_PARAMS_XPATH = + "//" + + MOA + + "VerifyXMLSignatureRequest/" + + MOA + + "SignatureManifestCheckParams"; + insertTo = + (Element) XPathUtils.selectSingleNode( + reqElem, + SIGN_MANI_CHECK_PARAMS_XPATH); + insertTo.removeChild( + (Element) XPathUtils.selectSingleNode( + reqElem, + SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo")); + Element[] dsigTransforms = idl.getDsigReferenceTransforms(); + for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) + { + Element refInfo = + insertTo.getOwnerDocument().createElementNS( + Constants.MOA_NS_URI, + "ReferenceInfo"); + insertTo.appendChild(refInfo); + Element verifyTransformsInfoProfile = + insertTo.getOwnerDocument().createElementNS( + Constants.MOA_NS_URI, + "VerifyTransformsInfoProfile"); + refInfo.appendChild(verifyTransformsInfoProfile); + verifyTransformsInfoProfile.appendChild( + insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); + } + } + catch (Throwable t) { + throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)"); + "builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, + t); + } + + return reqElem; + } + + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param idl - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element build( + CreateXMLSignatureResponse csr, + String[] verifyTransformsInfoProfileID, + String trustProfileID) + throws ParseException { //samlAssertionObject + request = + "" + + "" + + " " + + " " + + " " + + " " + + " //dsig:Signature" + + " " + + " " + + " "; + + for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { + request += " " + + verifyTransformsInfoProfileID[i] + + ""; + // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) + + } + + request += " " + + " " + // Testweise ReturnReferenceInputData = False + +" " + + " " + + trustProfileID + + "" + + ""; + + try { + // Build a DOM-Tree of the obove String + InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); + reqElem = DOMUtils.parseXmlValidating(s); + //Insert the SAML-Assertion-Object + String CONTENT_XPATH = + "//" + + MOA + + "VerifyXMLSignatureRequest/" + + MOA + + "VerifySignatureInfo/" + + MOA + + "VerifySignatureEnvironment/" + + MOA + + "XMLContent"; + + Element insertTo = + (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + insertTo.appendChild( + insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); + + } + catch (Throwable t) { + throw new ParseException( + "builder.00", + new Object[] { "VerifyXMLSignatureRequest" }, + t); + } + + return reqElem; + } + +} -- cgit v1.2.3