From 56ed4518d7978c064af5f240494bf587136c93b0 Mon Sep 17 00:00:00 2001 From: rudolf Date: Mon, 15 Mar 2004 16:07:52 +0000 Subject: RSCH git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@99 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 19 +++++--- .../AuthenticationDataAssertionBuilder.java | 7 +-- .../moa/id/auth/builder/BPKBuilder.java | 50 +++++++++++++++++++++ .../builder/CreateXMLSignatureRequestBuilder.java | 11 +++-- .../moa/id/auth/builder/PersonDataBuilder.java | 13 +++--- .../moa/id/auth/builder/VPKBuilder.java | 52 ---------------------- .../egovernment/moa/id/auth/data/IdentityLink.java | 27 +++++++++-- .../auth/parser/IdentityLinkAssertionParser.java | 13 +++++- .../moa/id/auth/servlet/AuthServlet.java | 10 ++--- .../moa/id/auth/servlet/ConfigurationServlet.java | 37 +++++++-------- .../VerifyXMLSignatureResponseValidator.java | 2 +- 11 files changed, 136 insertions(+), 105 deletions(-) create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java delete mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java (limited to 'id.server/src/at/gv/egovernment/moa/id/auth') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bc3e075be..9cb473d4f 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -28,7 +28,7 @@ import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.VPKBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -379,8 +379,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthBlock(authBlock); // builds the String[] transformInfos = authConf.getTransformsInfos(); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + String createXMLSignatureRequest = - new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos); + new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), transformInfos); return createXMLSignatureRequest; } /** @@ -502,12 +507,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = - new VPKBuilder().buildVPK( + String bpkBase64 = + new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), - identityLink.getDateOfBirth(), session.getTarget()); - authData.setVPK(vpkBase64); + authData.setIdentificationType(identityLink.getIdentificationType()); + authData.setPBK(bpkBase64); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); @@ -517,7 +522,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl()); + String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideStammzahl()); try { String ilAssertion = diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index fd7cb1a9d..ed2c863d2 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -19,13 +19,14 @@ public class AuthenticationDataAssertionBuilder implements Constants { /** * XML template for the <saml:Assertion> to be built */ + //TODO MOA-ID check if NameQualifier NameQualifier urn:publicid:gv.at:cdid+ "is stable" in specification private static final String AUTH_DATA = "" + NL + "" + NL + " " + NL + " " + NL + - " {3}" + NL + + " {3}" + NL + " " + NL + " " + MOA_NS_URI + "cm" + NL + " {4}{5}" + NL + @@ -64,7 +65,7 @@ public class AuthenticationDataAssertionBuilder implements Constants { * @param xmlPersonData lt;pr:Person> element as a String * @param xmlAuthBlock authentication block to be included in a * lt;saml:SubjectConfirmationData> element; may include - * the "ZMR-Zahl" or not; may be empty + * the "Stammzahl" or not; may be empty * @param xmlIdentityLink the IdentityLink * @return the <saml:Assertion> * @throws BuildException if an error occurs during the build process @@ -89,7 +90,7 @@ public class AuthenticationDataAssertionBuilder implements Constants { authData.getAssertionID(), authData.getIssuer(), authData.getIssueInstant(), - authData.getVPK(), + authData.getPBK(), removeXMLDeclaration(xmlAuthBlock), removeXMLDeclaration(xmlIdentityLink), removeXMLDeclaration(xmlPersonData), diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java new file mode 100644 index 000000000..706d0a39a --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Builder for the BPK, as defined in + * "Ableitung f¨r die bereichsspezifische Personenkennzeichnung" + * version 1.0.1 from "reference.e-government.gv.at". + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class BPKBuilder { + + /** + * Builds the BPK from given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param target "Verfahrensname"; will be transformed to lower case + * @return PBK in a BASE64 encoding + * @throws BuildException while building the BPK + */ + public String buildBPK(String identificationValue, String target) + throws BuildException { + + if (identificationValue == null || identificationValue.length() == 0 + || target == null || target.length() == 0) + throw new BuildException( + "builder.00", + new Object[] {"BPK", + "Unvollständige Parameterangaben: identificationValue=" + identificationValue + + ",target=" + target}); + String basisbegriff = identificationValue + "+" + target; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } + catch (Exception ex) { + throw new BuildException( + "builder.00", + new Object[] {"BPK", ex.toString()}, + ex); + } + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index f8c287cb6..961a40303 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -21,12 +21,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants { private static final String CREATE_XML_SIGNATURE_REQUEST = "" + nl + "" + nl + - " SecureSignatureKeypair" + nl + - //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair - //" CertifiedKeypair" + nl + + " {1}" + nl + " " + nl + " " + nl + - "{1}" + + "{2}" + " " + nl + " " + nl + " " + nl + @@ -47,14 +45,15 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * Builds the <CreateXMLSignatureRequest>. * * @param authBlock String representation of XML authentication block + * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeyPair) * @return String representation of <CreateXMLSignatureRequest> */ - public String build(String authBlock, String[] dsigTransformInfos) { + public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) { String dsigTransformInfosString = ""; for (int i = 0; i < dsigTransformInfos.length; i++) dsigTransformInfosString += dsigTransformInfos[i]; String request = MessageFormat.format( - CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString }); + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, keyBoxIdentifier, dsigTransformInfosString }); return request; } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 85ec1cb7f..819ed79bb 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -26,24 +26,25 @@ public class PersonDataBuilder { /** * Builds the <pr:Person> element.
* Utilizes the parsed <prPerson> from the identity link - * and the information regarding inclusion of "ZMR-Zahl" in the + * and the information regarding inclusion of "Stammzahl" in the * <pr:Person> data. * * @param identityLink IdentityLink containing the * attribute prPerson - * @param provideZMRZahl true if "ZMR-Zahl" is to be included; + * @param provideStammzahl true if "Stammzahl" is to be included; * false otherwise * @return the <pr:Person> element as a String * @throws BuildException on any error */ - public String build(IdentityLink identityLink, boolean provideZMRZahl) + public String build(IdentityLink identityLink, boolean provideStammzahl) throws BuildException { try { Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); - if (! provideZMRZahl) { - Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification"); - prPerson.removeChild(prIdentification); + if (! provideStammzahl) { + Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value"); + //remove IdentificationValue + prIdentification.getFirstChild().setNodeValue(""); } String xmlString = DOMUtils.serializeNode(prPerson); return xmlString; diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java deleted file mode 100644 index c18156a01..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java +++ /dev/null @@ -1,52 +0,0 @@ -package at.gv.egovernment.moa.id.auth.builder; - -import java.security.MessageDigest; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * Builder for the VPK, as defined in - * "Ableitung f¨r die verfahrensspezifische Personenkennzeichnung" - * version 1.0.1 from "reference.e-government.gv.at". - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class VPKBuilder { - - /** - * Builds the VPK from given parameters. - * @param identificationValue "ZMR-Zahl" - * @param dateOfBirth "Geburtsdatum" - * @param target "Verfahrensname"; will be transformed to lower case - * @return VPK in a BASE64 encoding - * @throws BuildException while building the VPK - */ - public String buildVPK(String identificationValue, String dateOfBirth, String target) - throws BuildException { - - if (identificationValue == null || identificationValue.length() == 0 - || dateOfBirth == null || dateOfBirth.length() == 0 - || target == null || target.length() == 0) - throw new BuildException( - "builder.00", - new Object[] {"VPK", - "Unvollständige Parameterangaben: identificationValue=" + identificationValue + - ",dateOfBirth=" + dateOfBirth + ",target=" + target}); - String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase(); - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes()); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } - catch (Exception ex) { - throw new BuildException( - "builder.00", - new Object[] {"VPK", ex.toString()}, - ex); - } - } - -} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index e2ad2625a..cc58db916 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -14,9 +14,13 @@ import org.w3c.dom.Element; */ public class IdentityLink { /** - * "identificationValue" is the translation of "ZMR-Zahl". + * "identificationValue" is the translation of "Stammzahl". */ private String identificationValue; + /** + * "identificationType" type of the identificationValue in the IdentityLink. + */ + private String identificationType; /** * first name */ @@ -82,13 +86,22 @@ public class IdentityLink { /** * Returns the identificationValue. - * "identificationValue" is the translation of "ZMR-Zahl". + * "identificationValue" is the translation of "Stammzahl". * @return String */ public String getIdentificationValue() { return identificationValue; } + /** + * Returns the identificationType. + * "identificationType" type of the identificationValue in the IdentityLink. + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + /** * Sets the dateOfBirth. * @param dateOfBirth The dateOfBirth to set @@ -115,12 +128,20 @@ public class IdentityLink { /** * Sets the identificationValue. - * "identificationValue" is the translation of "ZMR-Zahl". + * "identificationValue" is the translation of "Stammzahl". * @param identificationValue The identificationValue to set */ public void setIdentificationValue(String identificationValue) { this.identificationValue = identificationValue; } + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } /** * Returns the samlAssertion. diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index f9ef54884..49baf1bf5 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -97,6 +97,16 @@ public class IdentityLinkAssertionParser { + "Identification/" + PDATA + "Value"; + + /** Xpath expression to the Identification Value element */ + private static final String PERSON_IDENT_TYPE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Type"; + /** Xpath expression to the RSAKeyValue element */ private static final String RSA_KEY_VALUE_XPATH = ROOT @@ -179,12 +189,13 @@ public class IdentityLinkAssertionParser { IdentityLink identityLink; try { identityLink = new IdentityLink(); - //ÄNDERN: NUR der Identification-Teil identityLink.setSamlAssertion(assertionElem); identityLink.setPrPerson((Element) XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH)); identityLink.setIdentificationValue( XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); + identityLink.setIdentificationType( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); identityLink.setGivenName( XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); identityLink.setFamilyName( diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 6ff52bc4a..95878007e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -35,7 +35,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { *
    *
  • Logs the error
  • *
  • Places error message and exception thrown into the request - * as request attributes (to be used by "/errorpage.jsp")
  • + * as request attributes (to be used by "/errorpage-auth.jsp") *
  • Sets HTTP status 500 (internal server error)
  • *
* @@ -59,9 +59,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { req.setAttribute("ExceptionThrown", exceptionThrown); } - //forward this to errorpage.jsp wher the HTML error page is generated + //forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { dispatcher.forward(req, resp); } catch (ServletException e) { @@ -80,9 +80,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { Logger.error(ex.toString()); req.setAttribute("WrongParameters", ex.getMessage()); - // forward this to errorpage.jsp where the HTML error page is generated + // forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { dispatcher.forward(req, resp); } catch (ServletException e) { diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index 1dc1897b2..f33377547 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -1,17 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.PrintWriter; import java.text.DateFormat; import java.util.Date; import java.util.Locale; +import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger; * @version $Id$ */ public class ConfigurationServlet extends HttpServlet { - /** Constant for the DTD-Doc type */ - private static final String DOC_TYPE = - "\n"; /** * Handle a HTTP GET request, used to indicated that the MOA @@ -36,13 +34,7 @@ public class ConfigurationServlet extends HttpServlet { throws ServletException, IOException { MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("MOA configuration update"); - out.println(""); try { MOAIDAuthInitializer.initialized=false; MOAIDAuthInitializer.initialize(); @@ -50,21 +42,13 @@ public class ConfigurationServlet extends HttpServlet { { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); Logger.info(message); - //TODO low-priority: change to ErrorPage - out.println("

"); - out.println(message); - out.println("

"); + HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response); + } catch (Throwable t) { String errorMessage = msg.getMessage("config.04", null); Logger.error(errorMessage, t); - out.println("

"); - out.println(errorMessage); - out.println("

"); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response); } - out.println(""); - - out.flush(); - out.close(); } /** @@ -77,4 +61,15 @@ public class ConfigurationServlet extends HttpServlet { doGet(request, response); } + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + } + } + + diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 8de475f95..ec8cb7b1a 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -53,7 +53,7 @@ public class VerifyXMLSignatureResponseValidator { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) throw new ValidateException("validator.06", null); - //TODO enhance error messages (reason why check failed) + //TODO MOA-ID enhance error messages (reason why check failed) if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) if (whatToCheck.equals(CHECK_IDENTITY_LINK)) throw new ValidateException("validator.07", null); -- cgit v1.2.3