From 7bba49753c8a44fade100d3676ab0a62372d44e1 Mon Sep 17 00:00:00 2001
From: "harald.bratko" <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 10 Jan 2007 15:37:52 +0000
Subject: Adapted for MOA-ID 1.4 (validating additional infoboxes).

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@769 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../moa/id/config/ConfigurationBuilder.java        | 235 ++++++++++++++++++++-
 1 file changed, 228 insertions(+), 7 deletions(-)

(limited to 'id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java')

diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7d3a6d4ab..6a9aee0ca 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -9,8 +9,12 @@ import java.math.BigInteger;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.Vector;
 
 import org.w3c.dom.Attr;
 import org.w3c.dom.Element;
@@ -18,7 +22,11 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
 import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
 import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
 import at.gv.egovernment.moa.id.data.IssuerAndSerial;
@@ -98,8 +106,13 @@ public class ConfigurationBuilder {
    ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF  + "VerifyTransformsInfoProfileID";
 
   /** an XPATH-Expression */ 
- private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
+  private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
+ 
+  /** an XPATH-Expression */ 
+  public static final String AUTH_VERIFY_INFOBOXES_XPATH =
+    ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
+ 
   /** an XPATH-Expression */ 
   private static final String PROXY_AUTH_XPATH =
     ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
@@ -121,6 +134,8 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   private static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
   /** an XPATH-Expression */ 
+  private static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
+  /** an XPATH-Expression */ 
   private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
   /** an XPATH-Expression */ 
   private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
@@ -183,6 +198,15 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   private static final String TRUSTED_CA_CERTIFICATES_XPATH =
     ROOT + CONF + "TrustedCACertificates";
+  
+  /** an XPATH-Expression */ 
+  private static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile";
+  /** an XPATH-Expression */ 
+  private static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID";
+  /** an XPATH-Expression */ 
+  private static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox";
+  
+  
 
   
 	/**
@@ -386,16 +410,27 @@ public class ConfigurationBuilder {
   /**
    * Build an array of the OnlineApplication Parameters containing information 
    * about the authentication component
+   * 
+   * @param defaultVerifyInfoboxParameters Default parameters for verifying additional
+   *                                infoboxes. Maybe <code>null</code>.
+   * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+   *                                the identity link signer certificate. Needed for
+   *                                checking if this ID is not used for validating other 
+   *                                infoboxes.
+   * 
    * @return An OAProxyParameter array containing beans
    * with all relevant information for the authentication component of the online 
    * application
    */
-  public OAAuthParameter[] buildOnlineApplicationAuthParameters() throws ConfigurationException {
+  public OAAuthParameter[] buildOnlineApplicationAuthParameters(
+    VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID)
+  throws ConfigurationException 
+  {
 
     String bkuSelectionTemplateURL =     
-    	  XPathUtils.getAttributeValue(configElem_,AUTH_BKUSELECT_TEMPLATE_XPATH,null);
+    	  XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
     String templateURL =     
-        XPathUtils.getAttributeValue(configElem_,AUTH_TEMPLATE_XPATH,null);
+        XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
     
     List OA_set = new ArrayList();
     NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
@@ -460,7 +495,10 @@ public class ConfigurationBuilder {
           oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames));
         } catch (Exception ex) {
           Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms.");
-        }               
+        } 
+        Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
+        oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
+          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); 
       } 
       OA_set.add(oap);
     }
@@ -834,6 +872,190 @@ public class ConfigurationBuilder {
     identityLinkDomainIdentifier.append(identificationNumber);
     return identityLinkDomainIdentifier.toString();
   }
+  
+    /**
+   * Builds the parameters for verifying additional infoboxes (additional to the
+   * IdentityLink infobox).
+   * 
+   * @param verifyInfoboxesElem     The <code>VerifyInfoboxes</code> element from the 
+   *                                config file. This maybe the global element or the
+   *                                elment from an Online application.
+   * @param defaultVerifyInfoboxParameters Default parameters to be used, if no 
+   *                                <code>VerifyInfoboxes</code> element is present.
+   *                                 This only applies to parameters
+   *                                of an specific online application and is set to 
+   *                                <code>null</code> when building the global parameters.
+   * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+   *                                the identity link signer certificate. Needed for
+   *                                checking if this ID is not used for validating other 
+   *                                infoboxes.
+   *                           
+   * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters}
+   *         object needed for verifying additional infoboxes.
+   *         
+   * @throws ConfigurationException If the trust profile for validating the identity link 
+   *                                signer certificate is used for validating another infobox.
+   */
+  public VerifyInfoboxParameters buildVerifyInfoboxParameters(
+    Node verifyInfoboxesElem, 
+    VerifyInfoboxParameters defaultVerifyInfoboxParameters,
+    String moaSpIdentityLinkTrustProfileID)
+  throws ConfigurationException
+  {
+    
+    if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) {
+      return null;
+    }
+    Vector identifiers = new Vector(); 
+    List defaultIdentifiers = null;
+    Map defaultInfoboxParameters = null;
+    if (defaultVerifyInfoboxParameters != null) {
+      defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers();
+      defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
+    }
+    Hashtable infoboxParameters = new Hashtable();
+    if (verifyInfoboxesElem != null) {
+      // get the DefaultTrustProfileID
+      String defaultTrustProfileID = null;    
+      Node defaultTrustProfileNode =
+        XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH);
+      if (defaultTrustProfileNode != null) {
+        Node trustProfileIDNode =
+          XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH);
+        defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); 
+        if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+          throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+        }
+      }      
+      // get the Infoboxes
+      NodeList infoboxes = 
+        XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH);        
+      for (int i=0; i<infoboxes.getLength(); i++) {
+        Element infoBoxElem = (Element)infoboxes.item(i);
+        // get the identifier of the infobox
+        String identifier = infoBoxElem.getAttribute("Identifier");
+        identifiers.add(identifier);
+        VerifyInfoboxParameter verifyInfoboxParameter = new VerifyInfoboxParameter(identifier);
+        verifyInfoboxParameter.setFriendlyName(identifier);
+        // get the attributes
+        // (1) required: override global value in any case
+        verifyInfoboxParameter.setRequired(BoolUtils.valueOf(
+          infoBoxElem.getAttribute("required")));
+        // (2) provideStammzahl: override global value in any case
+        verifyInfoboxParameter.setProvideStammzahl(BoolUtils.valueOf(
+          infoBoxElem.getAttribute("provideStammzahl")));
+        // (3) proviedIdentityLink: override global value in any case
+        verifyInfoboxParameter.setProvideIdentityLink(BoolUtils.valueOf(
+          infoBoxElem.getAttribute("provideIdentityLink")));
+        // set default trustprofileID
+        if (defaultTrustProfileID != null) {
+          verifyInfoboxParameter.setTrustProfileID(defaultTrustProfileID);
+        }
+        // get the parameter elements
+        boolean localValidatorClass = false;
+        boolean localFriendlyName = false;
+        List params = DOMUtils.getChildElements(infoBoxElem);
+        Iterator it = params.iterator();
+        while (it.hasNext()) {
+          Element paramElem = (Element)it.next();                 
+          String paramName = paramElem.getLocalName();
+          if (paramName.equals("FriendlyName")) {
+            verifyInfoboxParameter.setFriendlyName(paramElem.getFirstChild().getNodeValue());
+            localFriendlyName = true;
+          } else if (paramName.equals("TrustProfileID")) {
+            String trustProfileID = paramElem.getFirstChild().getNodeValue();
+            if (trustProfileID != null) {
+              if (trustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+                throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+              }
+              verifyInfoboxParameter.setTrustProfileID(trustProfileID);
+            } 
+          } else if (paramName.equals("ValidatorClass")) {
+            String validatorClassName = paramElem.getFirstChild().getNodeValue();
+            if (validatorClassName != null) {
+              verifyInfoboxParameter.setValidatorClassName(validatorClassName);
+              localValidatorClass = true;
+            }            
+          } else if (paramName.equals("SchemaLocations")) {
+            List schemaElems = DOMUtils.getChildElements(paramElem);
+            List schemaLocations = new Vector(schemaElems.size());
+            Iterator schemaIterator = schemaElems.iterator();
+            while (schemaIterator.hasNext()) {
+              Element schemaElem = (Element)schemaIterator.next();
+              String namespace = schemaElem.getAttribute("namespace");
+              String schemaLocation = schemaElem.getAttribute("schemaLocation");
+              // avoid adding the same schema twice
+              Iterator schemaLocationIterator = schemaLocations.iterator();
+              boolean add = true;
+              while (schemaLocationIterator.hasNext()) {                
+                String existingNamespace = ((Schema)schemaLocationIterator.next()).getNamespace();
+                if (namespace.equals(existingNamespace)) {
+                  Logger.warn("Multiple schemas specified for namespace \"" + namespace + 
+                    "\"; only using the first one.");
+                  add = false;
+                  break;
+                }
+              }
+              if (add) {
+                schemaLocations.add(new SchemaImpl(namespace, schemaLocation));
+              }
+            }
+            verifyInfoboxParameter.setSchemaLocations(schemaLocations);            
+          } else if (paramName.equals("ApplicationSpecificParameters")) {
+            verifyInfoboxParameter.setApplicationSpecificParams(paramElem);
+          }
+        }        
+        // use default values for those parameters not yet set by local configuration
+        if (defaultInfoboxParameters != null) {
+          Object defaultVerifyIP = defaultInfoboxParameters.get(identifier);
+          if (defaultVerifyIP != null) {
+            VerifyInfoboxParameter defaultVerifyInfoboxParameter = 
+              (VerifyInfoboxParameter)defaultVerifyIP;
+            // if no friendly is set, use default
+            if (!localFriendlyName) {
+              verifyInfoboxParameter.setFriendlyName(
+                defaultVerifyInfoboxParameter.getFriendlyName());
+            }
+            // if no TrustProfileID is set, use default, if available
+            if (verifyInfoboxParameter.getTrustProfileID() == null) {
+              verifyInfoboxParameter.setTrustProfileID(
+                defaultVerifyInfoboxParameter.getTrustProfileID());
+            } 
+            // if no local validator class is set, use default
+            if (!localValidatorClass) {
+              verifyInfoboxParameter.setValidatorClassName(
+                defaultVerifyInfoboxParameter.getValidatorClassName());
+            }
+            // if no schema locations set, use default         
+            if (verifyInfoboxParameter.getSchemaLocations() == null) {
+              verifyInfoboxParameter.setSchemaLocations(
+                defaultVerifyInfoboxParameter.getSchemaLocations());
+            }
+            // if no application specific parameters set, use default
+            if (verifyInfoboxParameter.getApplicationSpecificParams() == null) {
+              verifyInfoboxParameter.setApplicationSpecificParams(
+                defaultVerifyInfoboxParameter.getApplicationSpecificParams());
+            }
+          }
+        }
+        infoboxParameters.put(identifier, verifyInfoboxParameter);
+      }
+      // add the infobox identifiers not present within the local configuration to the 
+      // identifier list
+      if (defaultIdentifiers != null) {
+        Iterator identifierIterator = defaultIdentifiers.iterator();
+        while (identifierIterator.hasNext()) {
+          String defaultIdentifier = (String)identifierIterator.next();
+          if (!identifiers.contains(defaultIdentifier)) {
+            identifiers.add(defaultIdentifier);
+          }
+        }
+      }
+      return new VerifyInfoboxParameters(identifiers, infoboxParameters);
+    } else {
+      return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters);
+    }       
+  }
 
   /**
    * Method warn.
@@ -856,6 +1078,5 @@ public class ConfigurationBuilder {
    */
   private static void warn(String messageId, Object[] args, Throwable t) {
     Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
-  }    
-
+  } 
 }
-- 
cgit v1.2.3