From 7bba49753c8a44fade100d3676ab0a62372d44e1 Mon Sep 17 00:00:00 2001
From: "harald.bratko" <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 10 Jan 2007 15:37:52 +0000
Subject: Adapted for MOA-ID 1.4 (validating additional infoboxes).

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@769 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../moa/id/config/ConfigurationBuilder.java        | 235 ++++++++++++-
 .../id/config/auth/AuthConfigurationProvider.java  |  58 +++-
 .../moa/id/config/auth/OAAuthParameter.java        |  25 +-
 .../moa/id/config/auth/VerifyInfoboxParameter.java | 362 +++++++++++++++++++++
 .../id/config/auth/VerifyInfoboxParameters.java    | 135 ++++++++
 5 files changed, 789 insertions(+), 26 deletions(-)
 create mode 100644 id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
 create mode 100644 id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java

(limited to 'id.server/src/at/gv/egovernment/moa/id/config')

diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7d3a6d4ab..6a9aee0ca 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -9,8 +9,12 @@ import java.math.BigInteger;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.Vector;
 
 import org.w3c.dom.Attr;
 import org.w3c.dom.Element;
@@ -18,7 +22,11 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
 import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
 import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
 import at.gv.egovernment.moa.id.data.IssuerAndSerial;
@@ -98,8 +106,13 @@ public class ConfigurationBuilder {
    ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF  + "VerifyTransformsInfoProfileID";
 
   /** an XPATH-Expression */ 
- private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
+  private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
+ 
+  /** an XPATH-Expression */ 
+  public static final String AUTH_VERIFY_INFOBOXES_XPATH =
+    ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
+ 
   /** an XPATH-Expression */ 
   private static final String PROXY_AUTH_XPATH =
     ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
@@ -121,6 +134,8 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   private static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
   /** an XPATH-Expression */ 
+  private static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
+  /** an XPATH-Expression */ 
   private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
   /** an XPATH-Expression */ 
   private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
@@ -183,6 +198,15 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   private static final String TRUSTED_CA_CERTIFICATES_XPATH =
     ROOT + CONF + "TrustedCACertificates";
+  
+  /** an XPATH-Expression */ 
+  private static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile";
+  /** an XPATH-Expression */ 
+  private static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID";
+  /** an XPATH-Expression */ 
+  private static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox";
+  
+  
 
   
 	/**
@@ -386,16 +410,27 @@ public class ConfigurationBuilder {
   /**
    * Build an array of the OnlineApplication Parameters containing information 
    * about the authentication component
+   * 
+   * @param defaultVerifyInfoboxParameters Default parameters for verifying additional
+   *                                infoboxes. Maybe <code>null</code>.
+   * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+   *                                the identity link signer certificate. Needed for
+   *                                checking if this ID is not used for validating other 
+   *                                infoboxes.
+   * 
    * @return An OAProxyParameter array containing beans
    * with all relevant information for the authentication component of the online 
    * application
    */
-  public OAAuthParameter[] buildOnlineApplicationAuthParameters() throws ConfigurationException {
+  public OAAuthParameter[] buildOnlineApplicationAuthParameters(
+    VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID)
+  throws ConfigurationException 
+  {
 
     String bkuSelectionTemplateURL =     
-    	  XPathUtils.getAttributeValue(configElem_,AUTH_BKUSELECT_TEMPLATE_XPATH,null);
+    	  XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
     String templateURL =     
-        XPathUtils.getAttributeValue(configElem_,AUTH_TEMPLATE_XPATH,null);
+        XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
     
     List OA_set = new ArrayList();
     NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
@@ -460,7 +495,10 @@ public class ConfigurationBuilder {
           oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames));
         } catch (Exception ex) {
           Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms.");
-        }               
+        } 
+        Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
+        oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
+          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); 
       } 
       OA_set.add(oap);
     }
@@ -834,6 +872,190 @@ public class ConfigurationBuilder {
     identityLinkDomainIdentifier.append(identificationNumber);
     return identityLinkDomainIdentifier.toString();
   }
+  
+    /**
+   * Builds the parameters for verifying additional infoboxes (additional to the
+   * IdentityLink infobox).
+   * 
+   * @param verifyInfoboxesElem     The <code>VerifyInfoboxes</code> element from the 
+   *                                config file. This maybe the global element or the
+   *                                elment from an Online application.
+   * @param defaultVerifyInfoboxParameters Default parameters to be used, if no 
+   *                                <code>VerifyInfoboxes</code> element is present.
+   *                                 This only applies to parameters
+   *                                of an specific online application and is set to 
+   *                                <code>null</code> when building the global parameters.
+   * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+   *                                the identity link signer certificate. Needed for
+   *                                checking if this ID is not used for validating other 
+   *                                infoboxes.
+   *                           
+   * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters}
+   *         object needed for verifying additional infoboxes.
+   *         
+   * @throws ConfigurationException If the trust profile for validating the identity link 
+   *                                signer certificate is used for validating another infobox.
+   */
+  public VerifyInfoboxParameters buildVerifyInfoboxParameters(
+    Node verifyInfoboxesElem, 
+    VerifyInfoboxParameters defaultVerifyInfoboxParameters,
+    String moaSpIdentityLinkTrustProfileID)
+  throws ConfigurationException
+  {
+    
+    if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) {
+      return null;
+    }
+    Vector identifiers = new Vector(); 
+    List defaultIdentifiers = null;
+    Map defaultInfoboxParameters = null;
+    if (defaultVerifyInfoboxParameters != null) {
+      defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers();
+      defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
+    }
+    Hashtable infoboxParameters = new Hashtable();
+    if (verifyInfoboxesElem != null) {
+      // get the DefaultTrustProfileID
+      String defaultTrustProfileID = null;    
+      Node defaultTrustProfileNode =
+        XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH);
+      if (defaultTrustProfileNode != null) {
+        Node trustProfileIDNode =
+          XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH);
+        defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); 
+        if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+          throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+        }
+      }      
+      // get the Infoboxes
+      NodeList infoboxes = 
+        XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH);        
+      for (int i=0; i<infoboxes.getLength(); i++) {
+        Element infoBoxElem = (Element)infoboxes.item(i);
+        // get the identifier of the infobox
+        String identifier = infoBoxElem.getAttribute("Identifier");
+        identifiers.add(identifier);
+        VerifyInfoboxParameter verifyInfoboxParameter = new VerifyInfoboxParameter(identifier);
+        verifyInfoboxParameter.setFriendlyName(identifier);
+        // get the attributes
+        // (1) required: override global value in any case
+        verifyInfoboxParameter.setRequired(BoolUtils.valueOf(
+          infoBoxElem.getAttribute("required")));
+        // (2) provideStammzahl: override global value in any case
+        verifyInfoboxParameter.setProvideStammzahl(BoolUtils.valueOf(
+          infoBoxElem.getAttribute("provideStammzahl")));
+        // (3) proviedIdentityLink: override global value in any case
+        verifyInfoboxParameter.setProvideIdentityLink(BoolUtils.valueOf(
+          infoBoxElem.getAttribute("provideIdentityLink")));
+        // set default trustprofileID
+        if (defaultTrustProfileID != null) {
+          verifyInfoboxParameter.setTrustProfileID(defaultTrustProfileID);
+        }
+        // get the parameter elements
+        boolean localValidatorClass = false;
+        boolean localFriendlyName = false;
+        List params = DOMUtils.getChildElements(infoBoxElem);
+        Iterator it = params.iterator();
+        while (it.hasNext()) {
+          Element paramElem = (Element)it.next();                 
+          String paramName = paramElem.getLocalName();
+          if (paramName.equals("FriendlyName")) {
+            verifyInfoboxParameter.setFriendlyName(paramElem.getFirstChild().getNodeValue());
+            localFriendlyName = true;
+          } else if (paramName.equals("TrustProfileID")) {
+            String trustProfileID = paramElem.getFirstChild().getNodeValue();
+            if (trustProfileID != null) {
+              if (trustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+                throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+              }
+              verifyInfoboxParameter.setTrustProfileID(trustProfileID);
+            } 
+          } else if (paramName.equals("ValidatorClass")) {
+            String validatorClassName = paramElem.getFirstChild().getNodeValue();
+            if (validatorClassName != null) {
+              verifyInfoboxParameter.setValidatorClassName(validatorClassName);
+              localValidatorClass = true;
+            }            
+          } else if (paramName.equals("SchemaLocations")) {
+            List schemaElems = DOMUtils.getChildElements(paramElem);
+            List schemaLocations = new Vector(schemaElems.size());
+            Iterator schemaIterator = schemaElems.iterator();
+            while (schemaIterator.hasNext()) {
+              Element schemaElem = (Element)schemaIterator.next();
+              String namespace = schemaElem.getAttribute("namespace");
+              String schemaLocation = schemaElem.getAttribute("schemaLocation");
+              // avoid adding the same schema twice
+              Iterator schemaLocationIterator = schemaLocations.iterator();
+              boolean add = true;
+              while (schemaLocationIterator.hasNext()) {                
+                String existingNamespace = ((Schema)schemaLocationIterator.next()).getNamespace();
+                if (namespace.equals(existingNamespace)) {
+                  Logger.warn("Multiple schemas specified for namespace \"" + namespace + 
+                    "\"; only using the first one.");
+                  add = false;
+                  break;
+                }
+              }
+              if (add) {
+                schemaLocations.add(new SchemaImpl(namespace, schemaLocation));
+              }
+            }
+            verifyInfoboxParameter.setSchemaLocations(schemaLocations);            
+          } else if (paramName.equals("ApplicationSpecificParameters")) {
+            verifyInfoboxParameter.setApplicationSpecificParams(paramElem);
+          }
+        }        
+        // use default values for those parameters not yet set by local configuration
+        if (defaultInfoboxParameters != null) {
+          Object defaultVerifyIP = defaultInfoboxParameters.get(identifier);
+          if (defaultVerifyIP != null) {
+            VerifyInfoboxParameter defaultVerifyInfoboxParameter = 
+              (VerifyInfoboxParameter)defaultVerifyIP;
+            // if no friendly is set, use default
+            if (!localFriendlyName) {
+              verifyInfoboxParameter.setFriendlyName(
+                defaultVerifyInfoboxParameter.getFriendlyName());
+            }
+            // if no TrustProfileID is set, use default, if available
+            if (verifyInfoboxParameter.getTrustProfileID() == null) {
+              verifyInfoboxParameter.setTrustProfileID(
+                defaultVerifyInfoboxParameter.getTrustProfileID());
+            } 
+            // if no local validator class is set, use default
+            if (!localValidatorClass) {
+              verifyInfoboxParameter.setValidatorClassName(
+                defaultVerifyInfoboxParameter.getValidatorClassName());
+            }
+            // if no schema locations set, use default         
+            if (verifyInfoboxParameter.getSchemaLocations() == null) {
+              verifyInfoboxParameter.setSchemaLocations(
+                defaultVerifyInfoboxParameter.getSchemaLocations());
+            }
+            // if no application specific parameters set, use default
+            if (verifyInfoboxParameter.getApplicationSpecificParams() == null) {
+              verifyInfoboxParameter.setApplicationSpecificParams(
+                defaultVerifyInfoboxParameter.getApplicationSpecificParams());
+            }
+          }
+        }
+        infoboxParameters.put(identifier, verifyInfoboxParameter);
+      }
+      // add the infobox identifiers not present within the local configuration to the 
+      // identifier list
+      if (defaultIdentifiers != null) {
+        Iterator identifierIterator = defaultIdentifiers.iterator();
+        while (identifierIterator.hasNext()) {
+          String defaultIdentifier = (String)identifierIterator.next();
+          if (!identifiers.contains(defaultIdentifier)) {
+            identifiers.add(defaultIdentifier);
+          }
+        }
+      }
+      return new VerifyInfoboxParameters(identifiers, infoboxParameters);
+    } else {
+      return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters);
+    }       
+  }
 
   /**
    * Method warn.
@@ -856,6 +1078,5 @@ public class ConfigurationBuilder {
    */
   private static void warn(String messageId, Object[] args, Throwable t) {
     Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
-  }    
-
+  } 
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index d354ba910..e45d7cba8 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -7,6 +7,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
 import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -15,6 +16,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * A class providing access to the Auth Part of the MOA-ID configuration data.
@@ -116,6 +118,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
    * X509 SubjectNames which will be trusted
    */
   private String[] identityLinkX509SubjectNames;
+  /**
+   * default parameters for verifying additional infoboxes.
+   */
+  private VerifyInfoboxParameters defaultVerifyInfoboxParameters;
  
   /**
    * configuration parameters for online applications
@@ -133,6 +139,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
    * the bku Selection Connection Parameters
    */
   private ConnectionParameter bKUConnectionParameter;
+  
  /**
    * Return the single instance of configuration data.
    * 
@@ -214,24 +221,30 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 				throw new ConfigurationException("config.03", null, t);
 		  }
 		  		  
-      // build the internal datastructures
-      builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
-      bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
-      bKUSelectable = (bKUConnectionParameter!=null);
-      bKUSelectionType = builder.buildAuthBKUSelectionType();
-		  genericConfiguration = builder.buildGenericConfiguration();
-		  transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
-		  transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
-	    moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
-	    moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
-	    moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
-	    moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
-	    onlineApplicationAuthParameters  = builder.buildOnlineApplicationAuthParameters();
-      identityLinkX509SubjectNames =  builder.getIdentityLink_X509SubjectNames();
-      defaultChainingMode = builder.getDefaultChainingMode();
-      chainingModes = builder.buildChainingModes();  
-      trustedCACertificates = builder.getTrustedCACertificates();
-      trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);     
+        // build the internal datastructures
+    	builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
+    	bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+    	bKUSelectable = (bKUConnectionParameter!=null);
+    	bKUSelectionType = builder.buildAuthBKUSelectionType();
+    	genericConfiguration = builder.buildGenericConfiguration();
+    	transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+    	transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
+    	moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+    	moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+    	moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+    	moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+        defaultVerifyInfoboxParameters = null;
+        Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
+        if (defaultVerifyInfoboxParamtersElem != null) {
+          defaultVerifyInfoboxParameters = 
+            builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
+        }
+    	onlineApplicationAuthParameters  = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
+    	identityLinkX509SubjectNames =  builder.getIdentityLink_X509SubjectNames();
+    	defaultChainingMode = builder.getDefaultChainingMode();
+    	chainingModes = builder.buildChainingModes();  
+    	trustedCACertificates = builder.getTrustedCACertificates();
+    	trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);     
 
     } catch (Throwable t) {
       throw new ConfigurationException("config.02", null, t);
@@ -387,4 +400,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
     return bKUSelectionType;
   }
 
+  /**
+   * Returns the defaultVerifyInfoboxParameters.
+   *
+   * @return The defaultVerifyInfoboxParameters.
+   */
+  public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() {
+    return defaultVerifyInfoboxParameters;
+  }
+
 }
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 4a41f9e75..abdf13dd1 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -64,6 +64,10 @@ public class OAAuthParameter extends OAParameter {
    * template for web page "Anmeldung mit B&uuml;rgerkarte"
    */
   private String templateURL;
+  /**
+   * Parameters for verifying infoboxes.
+   */
+  private VerifyInfoboxParameters verifyInfoboxParameters;
   
   /**
    * Returns <code>true</code> if the Security Layer version is version 1.2,
@@ -157,7 +161,17 @@ public class OAAuthParameter extends OAParameter {
    */
   public String getTemplateURL() {
     return templateURL;
-  }  
+  } 
+  
+  /**
+   * Returns the parameters for verifying additional infoboxes.
+   *
+   * @return The parameters for verifying additional infoboxes.
+   *         Maybe <code>null</code>.
+   */
+  public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+    return verifyInfoboxParameters;
+  }
    
   /**
    * Sets the security layer version.
@@ -242,4 +256,13 @@ public class OAAuthParameter extends OAParameter {
 	public void setTemplateURL(String templateURL) {
 		this.templateURL = templateURL;
 	}
+
+  /**
+   * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
+   *
+   * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
+   */
+  public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
+    this.verifyInfoboxParameters = verifyInfoboxParameters;
+  }
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
new file mode 100644
index 000000000..9caa9519e
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
@@ -0,0 +1,362 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class is a container for parameters that maybe needed for verifying an infobox.
+ * 
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameter {
+  
+  /**
+   * The default package name (first part) of a infobox validator class.
+   */
+  public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator.";
+  
+  /**
+   * The identifier of the infobox to be verified. This identifier must exactly the
+   * identifier of the infobox returned by BKU.
+   */
+  private String identifier_;
+  
+  /**
+   * The friendly name of the infobox. 
+   * This name is used within browser messages, thus it should be the german equivalent of
+   * the {@link #identifier_ infobox identifier} (e.g. &quot;<code>Stellvertretungen</code>&quot; 
+   * for &quot;<code>Mandates</code>&quot; or &quot;<code>GDAToken</code>&quot; for
+   * &quot;<code>EHSPToken</code>&quot;. 
+   * <br>If not specified within the config file the {@link #identifier_ infobox identifier}
+   * will be used.
+   */
+  private String friendlyName_;
+  
+  /** 
+   * The Id of the TrustProfile to be used for validating certificates.
+   */
+  private String trustProfileID_;
+  
+  /**
+   * The full name of the class to be used for verifying the infobox.
+   */
+  private String validatorClassName_;
+  
+  /**
+   * Schema location URIs that may be needed by the
+   * validator to parse infobox tokens.
+   * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} 
+   * specifying the location of an XML schema. 
+   */
+  private List schemaLocations_;
+  
+  /**
+   * Application specific parameters that may be needed for verifying an infobox.
+   */
+  private Element applicationSpecificParams_;
+  
+  /**
+   * Specifies if the infobox is be required to be returned by the BKU.
+   */
+  private boolean required_;
+  
+  /**
+   * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+   * application or not.
+   */
+  private boolean provideStammzahl_;
+  
+  /**
+   * Specifies whether the <code>identity link</code> should be passed to the verifying
+   * application or not.
+   */
+  private boolean provideIdentityLink_;
+  
+  /**
+   * Initializes this VerifiyInfoboxParamater with the given identifier and a default
+   * validator class name.
+   * 
+   * @param identifier The identifier of the infobox to be verified.
+   */
+  public VerifyInfoboxParameter(String identifier) {
+    identifier_ = identifier;
+    StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK);
+    sb.append(identifier.toLowerCase());
+    sb.append(".");
+    sb.append(identifier.substring(0, 1).toUpperCase());
+    sb.append(identifier.substring(1));
+    sb.append("Validator");
+    validatorClassName_ = sb.toString();
+  }
+
+  /**
+   * Returns application specific parameters.
+   * Each child element of this element contains a verifying application specific parameter. 
+   * 
+   * @see #applicationSpecificParams_ 
+   * 
+   * @return Application specific parameters.
+   */
+  public Element getApplicationSpecificParams() {
+    return applicationSpecificParams_;
+  }
+
+  /**
+   * Sets the application specific parameters.
+   * 
+   * @see #applicationSpecificParams_
+   *
+   * @param applicationSpecificParams The application specific parameters to set.
+   */
+  public void setApplicationSpecificParams(Element applicationSpecificParams) {
+    applicationSpecificParams_ = applicationSpecificParams;
+  }
+
+  /**
+   * Returns the friendly name.
+   * 
+   * @see #friendlyName_
+   *
+   * @return The friendly name.
+   */
+  public String getFriendlyName() {
+    return friendlyName_;
+  }
+
+  /**
+   * Sets the friendly name.
+   *
+   * @param friendlyName The friendly name to set.
+   */
+  public void setFriendlyName(String friendlyName) {
+    friendlyName_ = friendlyName;
+  }
+
+  /**
+   * Returns the infobox identifier.
+   * 
+   * @see #identifier_
+   *
+   * @return The infobox identifier.
+   */
+  public String getIdentifier() {
+    return identifier_;
+  }
+
+  /**
+   * Sets the the infobox identifier.
+   * 
+   * @see #identifier_
+   *
+   * @param identifier The infobox identifier to set.
+   */
+  public void setIdentifier(String identifier) {
+    identifier_ = identifier;
+  }
+
+  /**
+   * Specifies whether the identity link should be passed to the verifying application
+   * or not.
+   *
+   * @return <code>True</code> if the identity link should be passed to the verifying 
+   * application, otherwise <code>false</code>.
+   */
+  public boolean getProvideIdentityLink() {
+    return provideIdentityLink_;
+  }
+
+  /**
+   * Sets the {@link #provideIdentityLink_} parameter.
+   *
+   * @param provideIdentityLink <code>True</code> if the identity link should be passed to 
+   * the verifying application, otherwise <code>false</code>.
+   */
+  public void setProvideIdentityLink(boolean provideIdentityLink) {
+    provideIdentityLink_ = provideIdentityLink;
+  }
+
+  /**
+   * Specifies whether the <code>Stammzahl</code> should be passed to the verifying 
+   * application or not.
+   *
+   * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the  
+   * verifying application, otherwise <code>false</code>.
+   */
+  public boolean getProvideStammzahl() {
+    return provideStammzahl_;
+  }
+
+  /**
+   * Sets the {@link provideStammzahl_} parameter.
+   *
+   * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be   
+   * passed to the verifying application, otherwise <code>false</code>.
+   */
+  public void setProvideStammzahl(boolean provideStammzahl) {
+    provideStammzahl_ = provideStammzahl;
+  }
+
+  /**
+   * Specifies whether the infobox is required or not.
+   *
+   * @return <code>True</code> if the infobox is required to be returned by the BKU,
+   * otherwise <code>false</code>.
+   */
+  public boolean isRequired() {
+    return required_;
+  }
+
+  /**
+   * Sets the {@link required_} parameter.
+   *
+   * @param required <code>True</code> if the infobox is required to be returned by the 
+   * BKU, otherwise <code>false</code>.
+   */
+  public void setRequired(boolean required) {
+    required_ = required;
+  }
+
+  /**
+   * Schema location URIs that may be needed by the
+   * validator to parse infobox tokens.
+   * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} 
+   * specifying the location of an XML schema. 
+   *  
+   * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects 
+   *         each of them specifying the location of an XML schema.
+   */
+  public List getSchemaLocations() {
+    return schemaLocations_;
+  }
+
+  /**
+   * Sets the schema locations.
+   * 
+   * @see #schemaLocations_
+   *
+   * @param schemaLocations The schema location list to be set.
+   */
+  public void setSchemaLocations(List schemaLocations) {
+    schemaLocations_ = schemaLocations;
+  }
+
+  /**
+   * Returns the ID of the trust profile to be used for verifying certificates.
+   *
+   * @return The ID of the trust profile to be used for verifying certificates.
+   *         Maybe <code>null</code>.
+   */
+  public String getTrustProfileID() {
+    return trustProfileID_;
+  }
+
+  /**
+   * Sets the ID of the trust profile to be used for verifying certificates.
+   *
+   * @param trustProfileID The ID of the trust profile to be used for verifying certificates.
+   */
+  public void setTrustProfileID(String trustProfileID) {
+    trustProfileID_ = trustProfileID;
+  }
+
+  /**
+   * Returns the name of the class to be used for verifying this infobox.
+   *
+   * @return The name of the class to be used for verifying this infobox.
+   */
+  public String getValidatorClassName() {
+    return validatorClassName_;
+  }
+
+  /**
+   * Sets the name of the class to be used for verifying this infobox.
+   *
+   * @param validatorClassName The name of the class to be used for verifying this infobox.
+   */
+  public void setValidatorClassName(String validatorClassName) {
+    validatorClassName_ = validatorClassName;
+  }
+  
+  /**
+   * Get a string representation of this object.
+   * This method is for debugging purposes only.
+   *
+   * @return A string representation of this object.
+   */
+  public String toString() {
+    
+    StringBuffer buffer = new StringBuffer(1024);
+
+    buffer.append("  <Infobox Identifier=\"");
+    buffer.append(identifier_);
+    buffer.append("\" required=\"");
+    buffer.append(required_);
+    buffer.append("\" provideStammzahl=\"");
+    buffer.append(provideStammzahl_);
+    buffer.append("\" provideIdentityLink=\"");
+    buffer.append(provideIdentityLink_);
+    buffer.append("\">");
+    buffer.append("\n");
+    if (friendlyName_ != null) {
+      buffer.append("    <FriendlyName>");
+      buffer.append(friendlyName_);
+      buffer.append("</FriendlyName>");
+      buffer.append("\n");
+    }
+    if (trustProfileID_ != null) {
+      buffer.append("    <TrustProfileID>");
+      buffer.append(trustProfileID_);
+      buffer.append("</TrustProfileID>");
+      buffer.append("\n");
+    }
+    if (validatorClassName_ != null) {
+      buffer.append("    <ValidatorClass>");
+      buffer.append(validatorClassName_);
+      buffer.append("</ValidatorClass>");
+      buffer.append("\n");    
+    }
+    if (schemaLocations_ != null) {
+      buffer.append("    <SchemaLocations>");
+      buffer.append("\n");
+      Iterator it = schemaLocations_.iterator();
+      while (it.hasNext()) {
+        buffer.append("      <Schema namespace=\"");
+        Schema schema = (Schema)it.next();
+        buffer.append(schema.getNamespace());
+        buffer.append("\" schemaLocation=\"");
+        buffer.append(schema.getSchemaLocation());
+        buffer.append("\"/>\n");
+      }
+      buffer.append("    </SchemaLocations>");
+      buffer.append("\n");
+    }
+    if (applicationSpecificParams_ != null) {
+      try {
+        String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_);
+        buffer.append("    ");
+        buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams));
+        buffer.append("\n");
+      } catch (TransformerException e) {
+        // do nothing
+      } catch (IOException e) {
+        // do nothing
+      }
+    }
+    buffer.append("  </Infobox>");
+    
+
+    return buffer.toString() ;
+  }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
new file mode 100644
index 000000000..b9f669196
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This class contains the parameters for verifying all the infoboxes configured for an
+ * online application.
+ * 
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameters {
+  
+  /**
+   * A map of {@link VerifyInfoboxParameter} objects.
+   * Each of these objects contains parameters that maybe needed for validating an
+   * infobox.
+   */
+  private Map infoboxParameters_;
+  
+  /**
+   * A list of the identifiers of the infoboxes supported by this
+   * VerifyInfoboxParameters;
+   */
+  private List identifiers_;
+  
+  /**
+   * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate  
+   * in the context of the actual online application. 
+   * The string will be added as value of the <code>PushInfobox</code> parameter in the
+   * HTML form used for reading the infoboxes from the BKU. 
+   */
+  private String pushInfobox_;
+  
+  /**
+   * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_}
+   * map.
+   */
+  public VerifyInfoboxParameters() {
+    infoboxParameters_ = new Hashtable();
+    pushInfobox_ = "";
+  }
+  
+  /**
+   * Initializes this VerifyInfoboxParameters with the given 
+   * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string
+   * from the keys of the given map.
+   */
+  public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) {
+    identifiers_ = identifiers;
+    infoboxParameters_ = infoboxParameters;
+    // build the pushInfobox string    
+    if ((identifiers != null) && (!identifiers.isEmpty())) {
+      StringBuffer identifiersSB = new StringBuffer();
+      int identifiersNum = identifiers.size();
+      int i = 1;
+      Iterator it = identifiers.iterator();      
+      while (it.hasNext()) {
+        identifiersSB.append((String)it.next());
+        if (i != identifiersNum) {
+          identifiersSB.append(",");
+        }
+        i++;
+      }
+      pushInfobox_ = identifiersSB.toString();     
+    } else {
+      pushInfobox_ = "";
+    }
+  }
+
+  /**
+   * Returns the (comma separated) identifiers of the infoboxes configured for the actual
+   * online application.
+   * 
+   * @see #pushInfobox_
+   *
+   * @return The (comma separated) identifiers of the infoboxes configured for the actual
+   * online application.
+   */
+  public String getPushInfobox() {
+    return pushInfobox_;
+  }
+
+  /**
+   * Sets the {@link #pushInfobox_} string.
+   *
+   * @param pushInfobox The pushInfobox string to be set.
+   */
+  public void setPushInfobox(String pushInfobox) {
+    pushInfobox_ = pushInfobox;
+  }
+
+  /**
+   * Returns map of {@link VerifyInfoboxParameter} objects.
+   * Each of these objects contains parameters that maybe needed for validating an
+   * infobox.
+   *
+   * @return The map of {@link VerifyInfoboxParameter} objects.
+   */
+  public Map getInfoboxParameters() {
+    return infoboxParameters_;
+  }
+
+  /**
+   * Sets the map of {@link VerifyInfoboxParameter} objects.
+   * 
+   * @see #infoboxParameters_
+   *
+   * @param infoboxParameters The infoboxParameters to set.
+   */
+  public void setInfoboxParameters(Map infoboxParameters) {
+    infoboxParameters_ = infoboxParameters;
+  }
+
+  /**
+   * Returns the identifiers of the supported infoboxes. 
+   * 
+   * @return The identifiers.
+   */
+  public List getIdentifiers() {
+    return identifiers_;
+  }
+
+  /**
+   * Sets the identifiers.
+   *
+   * @param identifiers The identifiers to set.
+   */
+  public void setIdentifiers(List identifiers) {
+    identifiers_ = identifiers;
+  }
+
+}
-- 
cgit v1.2.3