From e1cf4a7091359fc31e1500f724f89a155975e002 Mon Sep 17 00:00:00 2001 From: rudolf Date: Mon, 26 Apr 2004 13:29:44 +0000 Subject: =?UTF-8?q?Unterst=C3=BCtzung=20von=20ID-Attributen=20hinzugef?= =?UTF-8?q?=C3=BCgt,=20so=20dass=20MOA-SP=20diese=20auch=20parsen=20kann.?= =?UTF-8?q?=20(RSCH)=20Konkrete=20=C3=84nderung:=20Mini-dtd=20wurde=20hinz?= =?UTF-8?q?ugef=C3=BCgt;=20Element=20XMLContent=20in=20VerifySignatureEnvi?= =?UTF-8?q?roment=20gegen=20Base64Content=20ausgetauscht.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@113 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../builder/VerifyXMLSignatureRequestBuilder.java | 154 +++++++++++---------- 1 file changed, 80 insertions(+), 74 deletions(-) (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/builder') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 863162fd9..58332984e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -4,12 +4,16 @@ import java.io.ByteArrayInputStream; import java.io.InputStream; import org.w3c.dom.Element; +import org.w3c.dom.Text; import at.gv.egovernment.moa.id.*; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.OutputXML2File; import at.gv.egovernment.moa.util.XPathUtils; /** @@ -30,7 +34,8 @@ public class VerifyXMLSignatureRequestBuilder { /** * Constructor for VerifyXMLSignatureRequestBuilder. */ - public VerifyXMLSignatureRequestBuilder() {} + public VerifyXMLSignatureRequestBuilder() { + } /** * Builds a <VerifyXMLSignatureRequest> * from an IdentityLink with a known trustProfileID which @@ -40,31 +45,30 @@ public class VerifyXMLSignatureRequestBuilder { * @return Element - The complete request as Dom-Element * @throws ParseException */ - public Element build(IdentityLink idl, String trustProfileID) throws ParseException - { //samlAssertionObject + public Element build(IdentityLink idl, String trustProfileID) + throws ParseException { //samlAssertionObject request = "" - + "" + + "" + " " + " " - + " " + + " " + + " " + " " + " //dsig:Signature" + " " + " " // True bei CreateXMLSig Überprüfung - +" " + " " - // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) - +" " + " " - - // Testweise ReturnReferenceInputData = False - - +" " + +" " + " " + // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) + +" " + + " " + + " " + " " + trustProfileID + "" + ""; - try { + try { InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); reqElem = DOMUtils.parseXmlValidating(s); @@ -77,23 +81,36 @@ public class VerifyXMLSignatureRequestBuilder { + MOA + "VerifySignatureEnvironment/" + MOA - + "XMLContent"; - - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true)); - - String SIGN_MANI_CHECK_PARAMS_XPATH = - "//" - + MOA - + "VerifyXMLSignatureRequest/" - + MOA - + "SignatureManifestCheckParams"; - insertTo = - (Element) XPathUtils.selectSingleNode( - reqElem, - SIGN_MANI_CHECK_PARAMS_XPATH); + + "Base64Content"; + + Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + + String dtdString = + "\n" + + "]>"; + + String serializedAssertion = DOMUtils.serializeNode(idl.getSamlAssertion()); + //insert mini dtd after xml declaration to allow usage of AssertionID + //encode then base64 and put this into Element Base64Content + String dtdAndIL = + serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2) + + dtdString + + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2); + String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8")); + //replace all '\r' characters by no char. + String replaced = ""; + for (int i = 0; i < b64dtdAndIL.length(); i ++) { + if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i); + } + b64dtdAndIL = replaced; + Text b64content = (Text) insertTo.getFirstChild(); + b64content.setData(b64dtdAndIL); + + String SIGN_MANI_CHECK_PARAMS_XPATH = + "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams"; + insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH); insertTo.removeChild( (Element) XPathUtils.selectSingleNode( reqElem, @@ -102,9 +119,7 @@ public class VerifyXMLSignatureRequestBuilder { for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) { Element refInfo = - insertTo.getOwnerDocument().createElementNS( - Constants.MOA_NS_URI, - "ReferenceInfo"); + insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo"); insertTo.appendChild(refInfo); Element verifyTransformsInfoProfile = insertTo.getOwnerDocument().createElementNS( @@ -114,33 +129,31 @@ public class VerifyXMLSignatureRequestBuilder { verifyTransformsInfoProfile.appendChild( insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); } - } - catch (Throwable t) { - throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)"); - "builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, - t); - } + } catch (Throwable t) { + throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)"); + "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } return reqElem; } - /** - * Builds a <VerifyXMLSignatureRequest> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param idl - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ + /** + * Builds a <VerifyXMLSignatureRequest> + * from the signed AUTH-Block with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ public Element build( CreateXMLSignatureResponse csr, String[] verifyTransformsInfoProfileID, String trustProfileID) throws ParseException { //samlAssertionObject request = - "" + "" + "" + " " + " " @@ -148,25 +161,24 @@ public class VerifyXMLSignatureRequestBuilder { + " " + " //dsig:Signature" + " " - + " " + + " " + " "; - + for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - request += " " + - verifyTransformsInfoProfileID[i] + - ""; + request += " " + + verifyTransformsInfoProfileID[i] + + ""; // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) - + } - request += " " - + " " - // Testweise ReturnReferenceInputData = False - +" " - + " " - + trustProfileID - + "" - + ""; + request += " " + " " + // Testweise ReturnReferenceInputData = False + +" " + + " " + + trustProfileID + + "" + + ""; try { // Build a DOM-Tree of the obove String @@ -184,17 +196,11 @@ public class VerifyXMLSignatureRequestBuilder { + MOA + "XMLContent"; - Element insertTo = - (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); - insertTo.appendChild( - insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); + Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); + insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); - } - catch (Throwable t) { - throw new ParseException( - "builder.00", - new Object[] { "VerifyXMLSignatureRequest" }, - t); + } catch (Throwable t) { + throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); } return reqElem; -- cgit v1.2.3