From fd8f60064e096b3c011cfc18e86a224308d762f7 Mon Sep 17 00:00:00 2001 From: "peter.danner" Date: Sun, 30 Oct 2005 09:01:22 +0000 Subject: updated for wbPK git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@538 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../XMLLoginParameterResolverEncryptedData.java | 277 +++++++++++---------- 1 file changed, 149 insertions(+), 128 deletions(-) (limited to 'id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java') diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 8a93148bb..a0780358e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -5,24 +5,30 @@ import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; - -import javax.crypto.Cipher; -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; - import java.security.InvalidAlgorithmParameterException; -import java.security.Key; import java.security.InvalidKeyException; +import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Security; +import java.util.HashMap; +import java.util.Map; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.IvParameterSpec; +import javax.xml.parsers.ParserConfigurationException; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; @@ -31,14 +37,6 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.URLEncoder; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; - -import java.io.IOException; -import java.util.*; - -import javax.xml.parsers.ParserConfigurationException; -import org.w3c.dom.*; -import org.xml.sax.SAXException; /** * XMLLoginParameterResolver an implementation of implementation of interface @@ -195,8 +193,8 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes * configuration method * @param configuration enabled enable user mapping to parameter set for the parameter set. */ - public void configure(String configuration) throws LoginParameterResolverException { - File idFile; + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + File idFile; Element rootElement; Security.addProvider(new IAIK()); @@ -248,7 +246,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes throw new LoginParameterResolverException("config.11", new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() }); } - buildInfo(rootElement); + buildInfo(rootElement, businessService.booleanValue()); isConfigured = true; } @@ -330,7 +328,8 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException, NotAllowedException { + String clientIPAddress, + boolean businessService) throws LoginParameterResolverException, NotAllowedException { Map result = new HashMap(); if (!isConfigured) { @@ -339,25 +338,32 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes identityFile + "' is not configured!", null); } - //get the Identity of the user - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOABPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; + //get the Identity of the user + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; - //try bPK and named search - params = bPKIdentitySearch(bPK); + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); if (null == params) params = namedIdentitySearch(famName, givenName, dateOfBirth); //if both searches failed, report error. if(null == params) - throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); //HTTP 401 - Basic Authentication if (oaConf.getAuthType().equals("basic")) { @@ -395,34 +401,42 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes public Map getAuthenticationParameters( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException, NotAllowedException { - - Map result = new HashMap(); + String clientIPAddress, + boolean businessService) throws LoginParameterResolverException, NotAllowedException { - if (!isConfigured) { - Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); - return result; - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOABPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - - //try bPK and named search - params = bPKIdentitySearch(bPK); - - if (null == params) - params = namedIdentitySearch(famName, givenName, dateOfBirth); - - //if both searches failed, report error. - if(null == params) - throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); - - //TODO MOAID XMLLPR URLEncoder.encode + Map result = new HashMap(); + + if (!isConfigured) { + Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); + return result; + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //TODO MOAID XMLLPR URLEncoder.encode if (oaConf.getAuthType().equals("param")) { try { if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1")); @@ -458,7 +472,9 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes if (predicate.equals("MOADateOfBirth")) return authData.getDateOfBirth(); if (predicate.equals("MOABPK")) - return authData.getPBK(); + return authData.getBPK(); + if (predicate.equals("MOAWBPK")) + return authData.getWBPK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; @@ -500,9 +516,11 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file. * @param root document root element. */ - private void buildInfo(Element root) { + private void buildInfo(Element root, boolean businessService) { NodeList idList = root.getElementsByTagName(XSD_IDELEM); NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM); + String wType =""; + if (businessService) wType = "w"; for (int i = 0; i < idList.getLength(); i++) Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); @@ -536,12 +554,22 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), tmpElem.getAttribute(XSD_PARAM3ATTR)) ); - } else { //bPKIdentity Elements + } else { - tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); + //(w)bPKIdentity Elements + if (businessService) { + tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM); + } else { + tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); + } if (1 == tmpList.getLength()) { tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute(XSD_BPKATTR); + String tmpStr = ""; + if (businessService) { + tmpStr = tmpElem.getAttribute(XSD_WBPKATTR); + } else { + tmpStr = tmpElem.getAttribute(XSD_BPKATTR); + } boolean tmpBool = false; if (tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) @@ -557,99 +585,92 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), tmpElem.getAttribute(XSD_PARAM3ATTR)) ); } else { - Logger.warn( - "XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); + if (businessService) { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found"); + } else { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); + } } } } Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug("bPKMap:" + bPKMap.toString()); + Logger.debug(wType + "bPKMap:" + bPKMap.toString()); } - /** - * searches for a given bPK and returns the appropriate LPRParams structure - * @param bPK search argument - * @returns LPRParams if bPK could be found in internal mappings or null otherwise. + + + + /** + * searches for a given bPK and returns the appropriate LPRParams structure + * @param bPK search argument + * @returns LPRParams if bPK could be found in internal mappings or null otherwise. */ - LPRParams bPKIdentitySearch(String bPK) { - //search for mapping with bPK of the user - Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); - LPRParams params = (LPRParams) bPKMap.get(bPK); - if (null == params) { - Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); - return null; - } else if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return params; - } - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); - return null; + LPRParams bPKIdentitySearch(String bPK, String wType) { + //search for mapping with (w)bPK of the user + Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK); + LPRParams params = (LPRParams) bPKMap.get(bPK); + if (null == params) { + Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!"); + return null; + } else if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled"); + return null; } - /** - * searches for a given namedIdentity and returns the appropriate LPRParams structure - * @param surName surname search argument - * @param givenName givenname search argument - * @param dateOfBirth dateofbirth search argument - * @returns LPRParams if bPK could be found in internal mappings or null otherwise. + /** + * searches for a given namedIdentity and returns the appropriate LPRParams structure + * @param surName surname search argument + * @param givenName givenname search argument + * @param dateOfBirth dateofbirth search argument + * @returns LPRParams if (w)bPK could be found in internal mappings or null otherwise. */ - LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { - Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + - " GivenName: " + givenName + - " DateOfBirth" + dateOfBirth); - - //try first a search with surname, givenname and birthdate + LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { + Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth); + //try first a search with surname, givenname and birthdate LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth); if (null == params) { - Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + - givenName + "BirthDate: " + dateOfBirth + " not found!"); - - //try a search with surname, givenname only - params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); - if(null == params) { - Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + - givenName + " not found!"); - return null; - } + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!"); + //try a search with surname, givenname only + params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); + if(null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!"); + return null; + } } if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: Surname:" + surName - + " GivenName: " - + givenName - + " found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return params; + Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; } - Logger.info( - "XMLLoginParameterResolver: SurName:" - + surName - + " GivenName: " - + givenName - + "found in list; user is NOT enabled"); + Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled"); return null; } - //public static final String XSD_MAPPING = "Mapping"; - + //public static final String XSD_MAPPING = "Mapping"; //public static final String XSD_DOCELEM = "MOAIdentities"; public static final String XSD_IDELEM = "Identity"; public static final String XSD_NAMEDIDELEM = "NamedIdentity"; public static final String XSD_BPKIDELEM = "bPKIdentity"; + public static final String XSD_WBPKIDELEM = "wbPKIdentity"; public static final String XSD_PARAMELEM = "Parameters"; public static final String XSD_SURNAMEATTR = "SurName"; - public static final String XSD_GIVENNAMEATTR = "GivenName"; + public static final String XSD_GIVENNAMEATTR = "GivenName"; public static final String XSD_BIRTHDATEATTR = "BirthDate"; - public static final String XSD_BIRTHDATEBLANKATTR = "any"; + public static final String XSD_BIRTHDATEBLANKATTR = "any"; public static final String XSD_BPKATTR = "bPK"; + public static final String XSD_WBPKATTR = "wbPK"; public static final String XSD_UNATTR = "UN"; - public static final String XSD_PWATTR = "PW"; - public static final String XSD_PARAM1ATTR = "Param1"; - public static final String XSD_PARAM2ATTR = "Param2"; - public static final String XSD_PARAM3ATTR = "Param3"; + public static final String XSD_PWATTR = "PW"; + public static final String XSD_PARAM1ATTR = "Param1"; + public static final String XSD_PARAM2ATTR = "Param2"; + public static final String XSD_PARAM3ATTR = "Param3"; private Map bPKMap; private Map namedMap; - private boolean isConfigured = false; + private boolean isConfigured = false; } \ No newline at end of file -- cgit v1.2.3