From e1cf4a7091359fc31e1500f724f89a155975e002 Mon Sep 17 00:00:00 2001
From: rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Mon, 26 Apr 2004 13:29:44 +0000
Subject: =?UTF-8?q?Unterst=C3=BCtzung=20von=20ID-Attributen=20hinzugef?=
 =?UTF-8?q?=C3=BCgt,=20so=20dass=20MOA-SP=20diese=20auch=20parsen=20kann.?=
 =?UTF-8?q?=20(RSCH)=20Konkrete=20=C3=84nderung:=20Mini-dtd=20wurde=20hinz?=
 =?UTF-8?q?ugef=C3=BCgt;=20Element=20XMLContent=20in=20VerifySignatureEnvi?=
 =?UTF-8?q?roment=20gegen=20Base64Content=20ausgetauscht.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@113 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../builder/VerifyXMLSignatureRequestBuilder.java  | 154 +++++++++++----------
 1 file changed, 80 insertions(+), 74 deletions(-)

(limited to 'id.server/src/at/gv')
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 863162fd9..58332984e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -4,12 +4,16 @@ import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 
 import org.w3c.dom.Element;
+import org.w3c.dom.Text;
 
 import at.gv.egovernment.moa.id.*;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.OutputXML2File;
 import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
@@ -30,7 +34,8 @@ public class VerifyXMLSignatureRequestBuilder {
   /**
    * Constructor for VerifyXMLSignatureRequestBuilder.
    */
-  public VerifyXMLSignatureRequestBuilder() {}
+  public VerifyXMLSignatureRequestBuilder() {
+  }
   /**
    * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
    * from an IdentityLink with a known trustProfileID which 
@@ -40,31 +45,30 @@ public class VerifyXMLSignatureRequestBuilder {
    * @return Element - The complete request as Dom-Element
    * @throws ParseException
    */
-  public Element build(IdentityLink idl, String trustProfileID) throws ParseException
-     { //samlAssertionObject
+  public Element build(IdentityLink idl, String trustProfileID)
+    throws ParseException { //samlAssertionObject
       request =
         "<?xml version='1.0' encoding='UTF-8' ?>"
-          + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
+          + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
           + "  <VerifySignatureInfo>"
           + "    <VerifySignatureEnvironment>"
-          + "      <XMLContent xml:space=\"preserve\"/>"
+          + "      <Base64Content>"
+          + "      </Base64Content>"
           + "    </VerifySignatureEnvironment>"
           + "    <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
           + "  </VerifySignatureInfo>"
           + "  <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig �berpr�fung
-    +"     <ReferenceInfo>" + "     <VerifyTransformsInfoProfile/>"
-    // Profile ID f�r create    (alle auslesen aus IDCOnfig VerifyAuthBlock)
-  +"     </ReferenceInfo>" + "  </SignatureManifestCheckParams>"
-
-      // Testweise ReturnReferenceInputData = False
-
-  +"  <ReturnHashInputData/>"
+  +"     <ReferenceInfo>" + "     <VerifyTransformsInfoProfile/>"
+      // Profile ID f�r create    (alle auslesen aus IDCOnfig VerifyAuthBlock)
+  +"     </ReferenceInfo>"
+    + "  </SignatureManifestCheckParams>"
+    + "  <ReturnHashInputData/>"
     + "  <TrustProfileID>"
     + trustProfileID
     + "</TrustProfileID>"
     + "</VerifyXMLSignatureRequest>";
 
-  try {
+    try {
       InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
       reqElem = DOMUtils.parseXmlValidating(s);
 
@@ -77,23 +81,36 @@ public class VerifyXMLSignatureRequestBuilder {
           + MOA
           + "VerifySignatureEnvironment/"
           + MOA
-          + "XMLContent";
-
-      Element insertTo =
-        (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
-      insertTo.appendChild(
-        insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true));
-
-     String SIGN_MANI_CHECK_PARAMS_XPATH =
-        "//"
-          + MOA
-          + "VerifyXMLSignatureRequest/"
-          + MOA
-          + "SignatureManifestCheckParams";
-      insertTo =
-        (Element) XPathUtils.selectSingleNode(
-          reqElem,
-          SIGN_MANI_CHECK_PARAMS_XPATH);
+          + "Base64Content";
+
+      Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
+
+      String dtdString =
+        "<!DOCTYPE saml:Assertion [\n"
+          + "  <!ATTLIST saml:Assertion AssertionID ID #REQUIRED\n"
+          + ">\n"
+          + "]>";
+
+      String serializedAssertion = DOMUtils.serializeNode(idl.getSamlAssertion());
+      //insert mini dtd after xml declaration to allow usage of AssertionID 
+      //encode then base64 and put this into Element Base64Content
+      String dtdAndIL =
+        serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2)
+          + dtdString
+          + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2);
+      String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8"));
+			//replace all '\r' characters by no char.
+			String replaced = "";
+			for (int i = 0; i < b64dtdAndIL.length(); i ++) {
+				if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i);
+			}
+			b64dtdAndIL = replaced;
+      Text b64content = (Text) insertTo.getFirstChild();
+      b64content.setData(b64dtdAndIL);
+
+      String SIGN_MANI_CHECK_PARAMS_XPATH =
+        "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams";
+      insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH);
       insertTo.removeChild(
         (Element) XPathUtils.selectSingleNode(
           reqElem,
@@ -102,9 +119,7 @@ public class VerifyXMLSignatureRequestBuilder {
       for (int i = 0; i < 1; i++) //dsigTransforms.length; i++)  
         {
         Element refInfo =
-          insertTo.getOwnerDocument().createElementNS(
-            Constants.MOA_NS_URI,
-            "ReferenceInfo");
+          insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo");
         insertTo.appendChild(refInfo);
         Element verifyTransformsInfoProfile =
           insertTo.getOwnerDocument().createElementNS(
@@ -114,33 +129,31 @@ public class VerifyXMLSignatureRequestBuilder {
         verifyTransformsInfoProfile.appendChild(
           insertTo.getOwnerDocument().importNode(dsigTransforms[i], true));
       }
-   }
-  catch (Throwable t) {
-    throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)");
-        "builder.00",
-        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" },
-        t);
-  }
+    } catch (Throwable t) {
+      throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)");
+      "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+    }
 
     return reqElem;
   }
 
- /**
-  * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
-  * from an IdentityLink with a known trustProfileID which 
-  * has to exist in MOA-SP
-  * @param idl - The IdentityLink
-  * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
-  * @return Element - The complete request as Dom-Element
-  * @throws ParseException
-  */
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from the signed AUTH-Block with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param csr - signed AUTH-Block
+   * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID 
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * @return Element - The complete request as Dom-Element
+   * @throws ParseException
+   */
   public Element build(
     CreateXMLSignatureResponse csr,
     String[] verifyTransformsInfoProfileID,
     String trustProfileID)
     throws ParseException { //samlAssertionObject
     request =
-          "<?xml version='1.0' encoding='UTF-8' ?>"
+      "<?xml version='1.0' encoding='UTF-8' ?>"
         + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
         + "  <VerifySignatureInfo>"
         + "    <VerifySignatureEnvironment>"
@@ -148,25 +161,24 @@ public class VerifyXMLSignatureRequestBuilder {
         + "    </VerifySignatureEnvironment>"
         + "    <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
         + "  </VerifySignatureInfo>"
-       + "  <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
+        + "  <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
         + "     <ReferenceInfo>";
-    
+
     for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
-     request += "     <VerifyTransformsInfoProfileID>" + 
-                verifyTransformsInfoProfileID[i] + 
-                "</VerifyTransformsInfoProfileID>";
+      request += "     <VerifyTransformsInfoProfileID>"
+        + verifyTransformsInfoProfileID[i]
+        + "</VerifyTransformsInfoProfileID>";
       // Profile ID f�r create    (auslesen aus IDCOnfig VerifyAuthBlock ODER per String �bergeben....)
-                
+
     }
 
-    request +=  "     </ReferenceInfo>"
-              + "  </SignatureManifestCheckParams>"
-            // Testweise ReturnReferenceInputData = False
-              +"  <ReturnHashInputData/>"
-              + "  <TrustProfileID>"
-              + trustProfileID
-              + "</TrustProfileID>"
-              + "</VerifyXMLSignatureRequest>";
+    request += "     </ReferenceInfo>" + "  </SignatureManifestCheckParams>"
+    // Testweise ReturnReferenceInputData = False
+    +"  <ReturnHashInputData/>"
+      + "  <TrustProfileID>"
+      + trustProfileID
+      + "</TrustProfileID>"
+      + "</VerifyXMLSignatureRequest>";
 
     try {
       // Build a DOM-Tree of the obove String
@@ -184,17 +196,11 @@ public class VerifyXMLSignatureRequestBuilder {
           + MOA
           + "XMLContent";
 
-      Element insertTo =
-        (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
-      insertTo.appendChild(
-        insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
+      Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
+      insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
 
-    }
-    catch (Throwable t) {
-      throw new ParseException(
-        "builder.00",
-        new Object[] { "VerifyXMLSignatureRequest" },
-        t);
+    } catch (Throwable t) {
+      throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
     }
 
     return reqElem;
-- 
cgit v1.2.3

