MOAIDException.
- *
- * @param messageId The identifier of the message associated with this
- * exception.
- * @param parameters Additional message parameters.
- */
- public MOAIDException(String messageId, Object[] parameters) {
- super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
- this.messageId = messageId;
- }
-
- /**
- * Create a new MOAIDException.
- *
- * @param messageId The identifier of the message associated with this
- * MOAIDException.
- * @param parameters Additional message parameters.
- * @param wrapped The exception wrapped by this
- * MOAIDException.
- */
- public MOAIDException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
-
- super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
- this.messageId = messageId;
- this.wrapped = wrapped;
- }
-
- /**
- * Print a stack trace of this exception to System.err.
- *
- * @see java.lang.Throwable#printStackTrace()
- */
- public void printStackTrace() {
- printStackTrace(System.err);
- }
-
- /**
- * Print a stack trace of this exception, including the wrapped exception.
- *
- * @param s The stream to write the stack trace to.
- * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
- */
- public void printStackTrace(PrintStream s) {
- if (getWrapped() == null)
- super.printStackTrace(s);
- else {
- s.print("Root exception: ");
- getWrapped().printStackTrace(s);
- }
- }
-
- /**
- * Print a stack trace of this exception, including the wrapped exception.
- *
- * @param s The stream to write the stacktrace to.
- * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
- */
- public void printStackTrace(PrintWriter s) {
- if (getWrapped() == null)
- super.printStackTrace(s);
- else {
- s.print("Root exception: ");
- getWrapped().printStackTrace(s);
- }
- }
-
- /**
- * @return message ID
- */
- public String getMessageId() {
- return messageId;
- }
-
- /**
- * @return wrapped exception
- */
- public Throwable getWrapped() {
- return wrapped;
- }
-
- /**
- * Convert this MOAIDException to an ErrorResponse
- * element from the MOA namespace.
- *
- * @return An ErrorResponse element, containing the subelements
- * ErrorCode and Info required by the MOA schema.
- */
- public Element toErrorResponse() {
- DocumentBuilder builder;
- DOMImplementation impl;
- Document doc;
- Element errorResponse;
- Element errorCode;
- Element info;
-
- // create a new document
- try {
- builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- impl = builder.getDOMImplementation();
- } catch (ParserConfigurationException e) {
- return null;
- }
-
- // build the ErrorResponse element
- doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
- errorResponse = doc.getDocumentElement();
-
- // add MOA namespace declaration
- errorResponse.setAttributeNS(
- Constants.XMLNS_NS_URI,
- "xmlns",
- Constants.MOA_NS_URI);
-
- // build the child elements
- errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
- errorCode.appendChild(doc.createTextNode(messageId));
- info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
- info.appendChild(doc.createTextNode(toString()));
- errorResponse.appendChild(errorCode);
- errorResponse.appendChild(info);
- return errorResponse;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/ParseException.java b/id.server/src/at/gv/egovernment/moa/id/ParseException.java
deleted file mode 100644
index a5e0088d9..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/ParseException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-
-/**
- * Exception thrown while parsing an XML structure.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ParseException extends MOAIDException {
-
- /**
- * Constructor for ParseException.
- * @param messageId
- * @param parameters
- */
- public ParseException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ParseException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ParseException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java b/id.server/src/at/gv/egovernment/moa/id/ServiceException.java
deleted file mode 100644
index 9e6ab2361..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package at.gv.egovernment.moa.id;
-
-
-/**
- * Exception thrown while calling the MOA-SPSS web service.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ServiceException extends MOAIDException {
-
- /**
- * Constructor for ServiceException.
- * @param messageId
- * @param parameters
- */
- public ServiceException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ServiceException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ServiceException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
deleted file mode 100644
index 4c44e807c..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ /dev/null
@@ -1,699 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import iaik.pki.PKIException;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
-import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.OutputXML2File;
-
-/**
- * API for MOA ID Authentication Service.AuthenticationServer.
- *
- * @return the single instance of AuthenticationServer
- */
- public static AuthenticationServer getInstance() {
- if (instance == null)
- instance = new AuthenticationServer();
- return instance;
- }
- /**
- * Constructor for AuthenticationServer.
- */
- public AuthenticationServer() {
- super();
- }
- /**
- * Processes request to select a BKU.
- * bkuSelectionType==HTMLComplete, a returnURI for the
- * "BKU Auswahl" service is returned.
- * bkuSelectionType==HTMLSelect, an HTML form for BKU selection is returned.
- * @param authURL base URL of MOA-ID Auth component
- * @param target "Geschäftsbereich"
- * @param oaURL online application URL requested
- * @param bkuSelectionTemplateURL template for BKU selection form to be used
- * in case of HTMLSelect; may be null
- * @param templateURL URL providing an HTML template for the HTML form to be used
- * for call startAuthentication
- * @return for bkuSelectionType==HTMLComplete, the returnURI for the
- * "BKU Auswahl" service;
- * for bkuSelectionType==HTMLSelect, an HTML form for BKU selection
- * @throws WrongParametersException upon missing parameters
- * @throws AuthenticationException when the configured BKU selection service cannot be reached,
- * and when the given bkuSelectionTemplateURL cannot be reached
- * @throws ConfigurationException on missing configuration data
- * @throws BuildException while building the HTML form
- */
- public String selectBKU(
- String authURL,
- String target,
- String oaURL,
- String bkuSelectionTemplateURL,
- String templateURL)
- throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
-
- //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
-
- ConnectionParameter bkuConnParam =
- AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
- if (bkuConnParam == null)
- throw new ConfigurationException(
- "config.08",
- new Object[] { "BKUSelection/ConnectionParameter" });
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
- AuthenticationSession session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- String returnURL =
- new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
- String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
- if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL;
- return redirectURL;
- } else {
- // bkuSelectionType==HTMLSelect
- String bkuSelectTag;
- try {
- //TODO full Plattform Support, test with different Templates
-
- bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
- } catch (Throwable ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { bkuConnParam.getUrl(), ex.toString()},
- ex);
- }
- String bkuSelectionTemplate = null;
- if (bkuSelectionTemplateURL != null) {
- try {
- bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { bkuSelectionTemplateURL, ex.toString()},
- ex);
- }
- }
- String htmlForm =
- new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
- return htmlForm;
- }
- }
- /**
- * Method readBKUSelectTag.
- * @param conf the ConfigurationProvider
- * @param connParam the ConnectionParameter for that connection
- * @return String
- * @throws ConfigurationException on config-errors
- * @throws PKIException on PKI errors
- * @throws IOException on any data error
- * @throws GeneralSecurityException on security errors
- */
- private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- if (connParam.isHTTPSURL())
- return SSLUtils.readHttpsURL(conf, connParam);
- else
- return HTTPUtils.readHttpURL(connParam.getUrl());
- }
- /**
- * Processes the beginning of an authentication session.
- * <InfoboxReadRequest><InfoboxReadRequest>null; in this case, the default location will be used
- * @param templateURL URL providing an HTML template for the HTML form generated
- * @return HTML form
- * @throws AuthenticationException
- * @see GetIdentityLinkFormBuilder
- * @see InfoboxReadRequestBuilder
- */
- public String startAuthentication(
- String authURL,
- String target,
- String oaURL,
- String templateURL,
- String bkuURL,
- String sessionID)
- throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
-
- if (isEmpty(sessionID)) {
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
-
- //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr =
- AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
- }
- AuthenticationSession session;
- if (sessionID != null)
- session = getSession(sessionID);
- else {
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
- session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- }
- String infoboxReadRequest = new InfoboxReadRequestBuilder().build();
- String dataURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_IDENTITY_LINK,
- session.getSessionID());
- String template = null;
- if (session.getTemplateURL() != null) {
- try {
- template = new String(FileUtils.readURL(session.getTemplateURL()));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { session.getTemplateURL(), ex.toString()},
- ex);
- }
- }
- String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build();
- String certInfoDataURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_START_AUTHENTICATION,
- session.getSessionID());
- String htmlForm =
- new GetIdentityLinkFormBuilder().build(
- template,
- bkuURL,
- infoboxReadRequest,
- dataURL,
- certInfoRequest,
- certInfoDataURL);
- return htmlForm;
- }
- /**
- * Processes an <InfoboxReadResponse> sent by the
- * security layer implementation.<InfoboxReadResponse><InfoboxReadResponse><CreateXMLSignatureRequest>
- * containg the authentication block, meant to be returned to the
- * security layer implementation<InfoboxReadResponse>
- * @return String representation of the <CreateXMLSignatureRequest>
- */
- public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse)
- throws
- AuthenticationException,
- ParseException,
- ConfigurationException,
- ValidateException,
- ServiceException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
- if (isEmpty(xmlInfoboxReadResponse))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
- AuthenticationSession session = getSession(sessionID);
- if (session.getTimestampIdentityLink() != null)
- throw new AuthenticationException("auth.01", new Object[] { sessionID });
- session.setTimestampIdentityLink();
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- // parses the <saml:Assertion> from given session data.
- * @param session authentication session
- * @return <saml:Assertion> as a String
- */
- private String buildAuthenticationBlock(AuthenticationSession session) {
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getGivenName() + " " + identityLink.getFamilyName();
- String gebDat = identityLink.getDateOfBirth();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
- String authBlock =
- new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL, gebDat);
- return authBlock;
- }
- /**
- * Processes a <CreateXMLSignatureResponse> sent by the
- * security layer implementation.<CreateXMLSignatureResponse><CreateXMLSignatureResponse> for error codes<CreateXMLSignatureResponse><CreateXMLSignatureResponse>
- * @return SAML artifact needed for retrieving authentication data, encoded BASE64
- */
- public String verifyAuthenticationBlock(
- String sessionID,
- String xmlCreateXMLSignatureReadResponse)
- throws
- AuthenticationException,
- BuildException,
- ParseException,
- ConfigurationException,
- ServiceException,
- ValidateException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
- if (isEmpty(xmlCreateXMLSignatureReadResponse))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- AuthenticationSession session = getSession(sessionID);
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- // parses <saml:Assertion>
- * @param session authentication session
- * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP
- * @return AuthenticationData object
- * @throws ConfigurationException while accessing configuration data
- * @throws BuildException while building the <saml:Assertion>
- */
- private AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
- throws ConfigurationException, BuildException {
-
- IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
- authData.setMajorVersion(1);
- authData.setMinorVersion(0);
- authData.setAssertionID(Random.nextRandom());
- authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
- String bpkBase64 =
- new BPKBuilder().buildBPK(
- identityLink.getIdentificationValue(),
- session.getTarget());
- authData.setIdentificationType(identityLink.getIdentificationType());
- authData.setPBK(bpkBase64);
- authData.setGivenName(identityLink.getGivenName());
- authData.setFamilyName(identityLink.getFamilyName());
- authData.setDateOfBirth(identityLink.getDateOfBirth());
- authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
- authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
- authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideStammzahl());
-
- try {
- String ilAssertion =
- oaParam.getProvideIdentityLink()
- ? DOMUtils.serializeNode(identityLink.getSamlAssertion())
- : "";
- String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
- String samlAssertion =
- new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion);
- authData.setSamlAssertion(samlAssertion);
- return authData;
- } catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] { "AuthenticationData", ex.toString()},
- ex);
- }
- }
- /**
- * Retrieves AuthenticationData indexed by the SAML artifact.
- * The AuthenticationData is deleted from the store upon end of this call.
- *
- * @return AuthenticationData
- */
- public AuthenticationData getAuthenticationData(String samlArtifact)
- throws AuthenticationException {
- String assertionHandle;
- try {
- assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
- } catch (ParseException ex) {
- throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()});
- }
- AuthenticationData authData = null;
- synchronized (authenticationDataStore) {
- authData = (AuthenticationData) authenticationDataStore.get(assertionHandle);
- if (authData == null) {
- Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
- throw new AuthenticationException("1206", new Object[] { samlArtifact });
- }
- authenticationDataStore.remove(assertionHandle);
- }
- long now = new Date().getTime();
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207", new Object[] { samlArtifact });
- Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
- return authData;
- }
- /**
- * Stores authentication data indexed by the assertion handle contained in the
- * given saml artifact.
- * @param samlArtifact SAML artifact
- * @param authData authentication data
- * @throws AuthenticationException when SAML artifact is invalid
- */
- private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
- throws AuthenticationException {
-
- try {
- SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
- // check type code 0x0001
- byte[] typeCode = parser.parseTypeCode();
- if (typeCode[0] != 0 || typeCode[1] != 1)
- throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
- String assertionHandle = parser.parseAssertionHandle();
- synchronized (authenticationDataStore) {
- Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact);
- authenticationDataStore.put(assertionHandle, authData);
- }
- } catch (AuthenticationException ex) {
- throw ex;
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
- }
- }
- /**
- * Creates a new session and puts it into the session store.
- *
- * @param id Session ID
- * @return AuthenticationSession created
- * @exception AuthenticationException
- * thrown when an AuthenticationSession is running
- * already for the given session ID
- */
- private static AuthenticationSession newSession() throws AuthenticationException {
- String sessionID = Random.nextRandom();
- AuthenticationSession newSession = new AuthenticationSession(sessionID);
- synchronized (sessionStore) {
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
- if (session != null)
- throw new AuthenticationException("auth.01", new Object[] { sessionID });
- sessionStore.put(sessionID, newSession);
- }
- return newSession;
- }
- /**
- * Retrieves a session from the session store.
- *
- * @param id session ID
- * @return AuthenticationSession stored with given session ID,
- * null if session ID unknown
- */
- public static AuthenticationSession getSession(String id) throws AuthenticationException {
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(id);
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[] { id });
- return session;
- }
- /**
- * Cleans up expired session and authentication data stores.
- */
- public void cleanup() {
- long now = new Date().getTime();
- synchronized (sessionStore) {
- Set keys = new HashSet(sessionStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String sessionID = (String) iter.next();
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
- if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
- Logger.info(
- MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.02",
- new Object[] { sessionID }));
- sessionStore.remove(sessionID);
- }
- }
- }
- synchronized (authenticationDataStore) {
- Set keys = new HashSet(authenticationDataStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String samlArtifact = (String) iter.next();
- AuthenticationData authData =
- (AuthenticationData) authenticationDataStore.get(samlArtifact);
- if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
- Logger.info(
- MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.03",
- new Object[] { samlArtifact }));
- authenticationDataStore.remove(samlArtifact);
- }
- }
- }
- }
-
- /**
- * Sets the sessionTimeOut.
- * @param sessionTimeOut time out in seconds
- */
- public void setSecondsSessionTimeOut(long seconds) {
- sessionTimeOut = 1000 * seconds;
- }
- /**
- * Sets the authDataTimeOut.
- * @param authDataTimeOut time out in seconds
- */
- public void setSecondsAuthDataTimeOut(long seconds) {
- authDataTimeOut = 1000 * seconds;
- }
-
- /**
- * Checks a parameter.
- * @param param parameter
- * @return true if the parameter is null or empty
- */
- private boolean isEmpty(String param) {
- return param == null || param.length() == 0;
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
deleted file mode 100644
index 7e5ed6ec7..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Thread cleaning the AuthenticationServer session store
- * and authentication data store from garbage.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationSessionCleaner implements Runnable {
-
- /** interval the AuthenticationSessionCleaner is run in */
- private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min
-
- /**
- * Runs the thread. Cleans the AuthenticationServer session store
- * and authentication data store from garbage, then sleeps for given interval, and restarts.
- */
- public void run() {
- while (true) {
- try {
- Logger.debug("AuthenticationSessionCleaner run");
- AuthenticationServer.getInstance().cleanup();
- }
- catch (Exception e) {
- Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
- }
- try {
- Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
- }
- catch (InterruptedException e) {
- }
- }
- }
-
- /**
- * start the sessionCleaner
- */
- public static void start() {
- // start the session cleanup thread
- Thread sessionCleaner =
- new Thread(new AuthenticationSessionCleaner());
- sessionCleaner.setName("SessionCleaner");
- sessionCleaner.setDaemon(true);
- sessionCleaner.setPriority(Thread.MIN_PRIORITY);
- sessionCleaner.start();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
deleted file mode 100644
index ddba20049..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * Constants used throughout moa-id-auth component.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public interface MOAIDAuthConstants {
-
- /** servlet parameter "Target" */
- public static final String PARAM_TARGET = "Target";
- /** servlet parameter "OA" */
- public static final String PARAM_OA = "OA";
- /** servlet parameter "bkuURI" */
- public static final String PARAM_BKU = "bkuURI";
- /** servlet parameter "BKUSelectionTemplate" */
- public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
- /** servlet parameter "returnURI" */
- public static final String PARAM_RETURN = "returnURI";
- /** servlet parameter "Template" */
- public static final String PARAM_TEMPLATE = "Template";
- /** servlet parameter "MOASessionID" */
- public static final String PARAM_SESSIONID = "MOASessionID";
- /** servlet parameter "XMLResponse" */
- public static final String PARAM_XMLRESPONSE = "XMLResponse";
- /** servlet parameter "SAMLArtifact" */
- public static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
- /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */
- public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
- /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
- public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
- /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
- public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock";
- /** Logging hierarchy used for controlling debug output of XML structures to files */
- public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth";
- /** Header Name for controlling the caching mechanism of the browser */
- public static final String HEADER_EXPIRES = "Expires";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT";
- /** Header Name for controlling the caching mechanism of the browser */
- public static final String HEADER_PRAGMA = "Pragma";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_PRAGMA = "no-cache";
- /** Header Name for controlling the caching mechanism of the browser */
- public static final String HEADER_CACHE_CONTROL = "Cache-control";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate";
- /** Header Value for controlling the caching mechanism of the browser */
- public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0";
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
deleted file mode 100644
index 359280fe2..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ /dev/null
@@ -1,145 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import iaik.pki.PKIException;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.security.GeneralSecurityException;
-import java.util.HashMap;
-
-import java.io.File;
-import java.io.IOException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
-import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
-import at.gv.egovernment.moa.util.Constants;
-import javax.activation.MailcapCommandMap;
-import javax.activation.CommandMap;
-import java.util.Properties;
-import javax.mail.Session;
-
-/**
- * Web application initializer
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDAuthInitializer {
-
- /** a boolean identifying if the MOAIDAuthInitializer has been startet */
- public static boolean initialized = false;
-
-
-
- /**
- * Initializes the web application components which need initialization:
- * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
- */
- public static void initialize()
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
- if (initialized)
- return;
- initialized=true;
- Logger.setHierarchy("moa.id.auth");
- Logger.info("Default java file.encoding: " + System.getProperty( "file.encoding" ));
-
- //JDK bug workaround according to: http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
- // register content data handlers for S/MIME types
- MailcapCommandMap mc = new MailcapCommandMap();
- CommandMap.setDefaultCommandMap(mc);
-
- // create some properties and get the default Session
- Properties props = new Properties();
- props.put("mail.smtp.host", "localhost");
- Session session = Session.getDefaultInstance(props, null);
-
- // TODO remove (only used for debugging)
- Logger.debug("System supportet https.cipherSuites: " + System.getProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"));
-
- // Restricts TLS cipher suites
- System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
- // load some jsse classes so that the integrity of the jars can be verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction with
- // iaik-jce (on jdk1.3)
- ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader();
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- }
- catch (ClassNotFoundException e) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
- }
-
- // Initializes SSLSocketFactory store
- SSLUtils.initialize();
-
- // Initializes Namespace Map
- Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
- Constants.nSMap.put(Constants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#");
- Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-
- // Loads the configuration
- AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
- ConnectionParameter moaSPConnParam = authConf.getMoaSpConnectionParameter();
-
- // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK
- if (moaSPConnParam == null) {
- try {
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext("startup"));
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- new IaikConfigurator().configure(config);
- }
- catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
- throw new ConfigurationException("config.10", new Object[] { ex.toString() }, ex);
- }
- }
-
- // Initializes IAIKX509TrustManager logging
- String log4jConfigURL = System.getProperty("log4j.configuration");
- if (log4jConfigURL != null) {
- IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
- }
-
- // Initializes the Axis secure socket factory for use in calling the MOA-SP web service
- if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, moaSPConnParam);
- AxisSecureSocketFactory.initialize(ssf);
- }
-
- // sets the authentication session and authentication data time outs
- String param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
- if (param != null) {
- long sessionTimeOut = 0;
- try { sessionTimeOut = new Long(param).longValue(); }
- catch (NumberFormatException ex) {
- Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY}));
- }
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance().setSecondsSessionTimeOut(sessionTimeOut);
- }
- param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
- if (param != null) {
- long authDataTimeOut = 0;
- try { authDataTimeOut = new Long(param).longValue(); }
- catch (NumberFormatException ex) {
- Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY}));
- }
- if (authDataTimeOut > 0)
- AuthenticationServer.getInstance().setSecondsAuthDataTimeOut(authDataTimeOut);
- }
-
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java
deleted file mode 100644
index 3ce2798ea..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package at.gv.egovernment.moa.id.auth;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown when the AuthenticationServer API is
- * called with wrong parameters provided.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class WrongParametersException extends MOAIDException {
-
- /**
- * Constructor
- */
- public WrongParametersException(String call, String parameter) {
- super("auth.05", new Object[] {call, parameter});
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
deleted file mode 100644
index 41f439d04..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the authentication block <saml:Assertion>
- * to be included in a <CreateXMLSignatureResponse>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationBlockAssertionBuilder implements Constants {
- /** private static String nl contains the NewLine representation in Java*/
- private static String nl = "\n";
- /** private static String AUTH_BLOCK contains an XML-Auth-Block-Template */
- private static String AUTH_BLOCK =
- "<saml:Assertion>.
- *
- * @param issuer authentication block issuer; "GivenName FamilyName"
- * @param issueInstant current timestamp
- * @param authURL URL of MOA-ID authentication component
- * @param target "Geschäftsbereich"
- * @param oaURL public URL of online application requested
- * @return String representation of authentication block
- * <saml:Assertion> built
- */
- public String build(String issuer, String issueInstant, String authURL, String target, String oaURL, String GebDat) {
- String assertion = MessageFormat.format(
- AUTH_BLOCK, new Object[] { issuer, issueInstant, authURL, target, oaURL, GebDat});
- return assertion;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
deleted file mode 100644
index eaf9aa0ae..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ /dev/null
@@ -1,115 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the authentication data <saml:Assertion>
- * to be provided by the MOA ID Auth component.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationDataAssertionBuilder implements Constants {
- /** private static String NL contains the NewLine representation in Java*/
- private static final String NL = "\n";
- /**
- * XML template for the <saml:Assertion> to be built
- */
- private static final String AUTH_DATA =
- "" + NL +
- "<saml:Attribute> named "isPublicAuthority",
- * to be inserted into the <saml:Assertion>
- */
- private static final String PUBLIC_AUTHORITY_ATT =
- " <saml:Assertion>.
- *
- * @param authData the AuthenticationData to build the
- * <saml:Assertion> from
- * @param xmlPersonData lt;pr:Person> element as a String
- * @param xmlAuthBlock authentication block to be included in a
- * lt;saml:SubjectConfirmationData> element; may include
- * the "Stammzahl" or not; may be empty
- * @param xmlIdentityLink the IdentityLink
- * @return the <saml:Assertion>
- * @throws BuildException if an error occurs during the build process
- */
- public String build(
- AuthenticationData authData,
- String xmlPersonData,
- String xmlAuthBlock,
- String xmlIdentityLink) throws BuildException {
-
- String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
- String publicAuthorityAttribute = "";
- if (authData.isPublicAuthority()) {
- String publicAuthorityIdentification = authData.getPublicAuthorityCode();
- if (publicAuthorityIdentification == null)
- publicAuthorityIdentification = "True";
- publicAuthorityAttribute = MessageFormat.format(
- PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification });
- }
-
- String assertion = MessageFormat.format(AUTH_DATA, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- authData.getPBK(),
- removeXMLDeclaration(xmlAuthBlock),
- removeXMLDeclaration(xmlIdentityLink),
- removeXMLDeclaration(xmlPersonData),
- isQualifiedCertificate,
- publicAuthorityAttribute});
- return assertion;
- }
-
- /**
- * Removes the XML declaration from an XML expression.
- * @param xmlString XML expression as String
- * @return XML expression, XML declaration removed
- */
- private String removeXMLDeclaration(String xmlString) {
- if (xmlString.startsWith(""Ableitung f¨r die bereichsspezifische Personenkennzeichnung"
- * version 1.0.1 from "reference.e-government.gv.at".
- *
- * @author Paul Schamberger
- * @version $Id$
- */
-public class BPKBuilder {
-
- /**
- * Builds the BPK from given parameters.
- * @param identificationValue Base64 encoded "Stammzahl"
- * @param target "Bereich lt. Verordnung des BKA"
- * @return PBK in a BASE64 encoding
- * @throws BuildException in case of error while building the BPK
- */
- public String buildBPK(String identificationValue, String target)
- throws BuildException {
-
- if (identificationValue == null || identificationValue.length() == 0
- || target == null || target.length() == 0)
- throw new BuildException(
- "builder.00",
- new Object[] {"BPK",
- "Unvollständige Parameterangaben: identificationValue=" + identificationValue +
- ",target=" + target});
- String basisbegriff = identificationValue + "+" + target;
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
- String hashBase64 = Base64Utils.encode(hash);
- return hashBase64;
- }
- catch (Exception ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"BPK", ex.toString()},
- ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java
deleted file mode 100644
index e5bbaa585..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.id.BuildException;
-
-/**
- * Base class for HTML/XML builders providing commonly useful functions.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class Builder {
-
- /**
- * Replaces a special tag in an XML or HTML template by a value.
- * @param htmlTemplate template
- * @param tag special tag
- * @param value value replacing the tag
- * @return XML or HTML code, the tag replaced
- * @throws BuildException when template does not contain the tag
- */
- protected String replaceTag(String template, String tag, String value) throws BuildException {
- int index = template.indexOf(tag);
- if (index < 0)
- throw new BuildException(
- "builder.01",
- new Object[] {"<" + tag.substring(1, tag.length() - 1) + ">"});
- return template.substring(0, index) + value + template.substring(index + tag.length());
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
deleted file mode 100644
index 5ceb1d1c0..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.IOException;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * Builder for the <VerifyXMLSignatureRequest> structure
- * used for presenting certificate information in the secure viewer of the security layer implementation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder {
-
- /** special tag in the VerifyXMLRequest template to be substituted for a <dsig:Signature> */
- private static final String SIGNATURE_TAG = "<VerifyXMLSignatureRequest> structure.
- * @return the XML structure
- * @throws BuildException
- */
- public String build() throws BuildException {
- String resCertInfoRequest = "resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml";
- String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml";
- String certInfoRequest;
- try {
- certInfoRequest = FileUtils.readResource(resCertInfoRequest, "UTF-8");
- }
- catch (IOException ex) {
- throw new BuildException("auth.04", new Object[] {resCertInfoRequest, ex.toString()});
- }
- try {
- String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8");
- certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature);
- return certInfoRequest;
- }
- catch (IOException ex) {
- throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()});
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
deleted file mode 100644
index 48320c4f5..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the <CreateXMLSignatureRequest> structure
- * used for requesting a signature under the authentication block from the
- * security layer implementation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CreateXMLSignatureRequestBuilder implements Constants {
- /** private static String nl contains the NewLine representation in Java*/
- private static final String nl = "\n";
- /**
- * XML template for the <moa:CreateXMLSignatureRequest> to be built
- */
- private static final String CREATE_XML_SIGNATURE_REQUEST =
- "" + nl +
- "<CreateXMLSignatureRequest>.
- *
- * @param authBlock String representation of XML authentication block
- * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeypair)
- * @return String representation of <CreateXMLSignatureRequest>
- */
- public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) {
- String dsigTransformInfosString = "";
- for (int i = 0; i < dsigTransformInfos.length; i++)
- dsigTransformInfosString += dsigTransformInfos[i];
- String request = MessageFormat.format(
- CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, keyBoxIdentifier, dsigTransformInfosString });
- return request;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
deleted file mode 100644
index 30cc1df5a..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ /dev/null
@@ -1,83 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Builds a DataURL parameter meant for the security layer implementation
- * to respond to.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DataURLBuilder {
-
- /**
- * Constructor for DataURLBuilder.
- */
- public DataURLBuilder() {
- super();
- }
-
- /**
- * Constructs a data URL for VerifyIdentityLink or VerifyAuthenticationBlock,
- * including the MOASessionID as a parameter.
- *
- * @param authBaseURL base URL (context path) of the MOA ID Authentication component,
- * including a trailing '/'
- * @param authServletName request part of the data URL
- * @param sessionID sessionID to be included in the dataURL
- * @return String
- */
- public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
-
- String individualDataURLPrefix = null;
- String dataURL;
- try {
- //check if an individual prefix is configured
- individualDataURLPrefix = AuthConfigurationProvider.getInstance().
- getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
-
- if (null != individualDataURLPrefix) {
-
- //check individualDataURLPrefix
- if(!individualDataURLPrefix.startsWith("http"))
- throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
-
- //when ok then use it
- dataURL = individualDataURLPrefix + authServletName;
- } else
- dataURL = authBaseURL + authServletName;
-
- } catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
- dataURL = authBaseURL + authServletName;
- }
-
- dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
- return dataURL;
- }
-
- /**
- * Method addParameter.
- * @param urlString represents the url
- * @param paramname is the parameter to be added
- * @param value is the value of that parameter
- * @return String
- */
- private String addParameter(String urlString, String paramname, String value) {
- String url = urlString;
- if (paramname != null) {
- if (url.indexOf("?") < 0)
- url += "?";
- else
- url += "&";
- url += paramname + "=" + value;
- }
- return url;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
deleted file mode 100644
index dbc14804d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ /dev/null
@@ -1,138 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.IOException;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import at.gv.egovernment.moa.id.BuildException;
-
-/**
- * Builder for HTML form requesting the security layer implementation
- * to get the identity link from smartcard by a <InfoboxReadRequest>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class GetIdentityLinkFormBuilder extends Builder {
- /** private static String NL contains the NewLine representation in Java*/
- private static final String nl = "\n";
- /** special tag in the HTML template to be substituted for the BKU URL */
- private static final String BKU_TAG = "null, in this case a default layout will be produced
- * @param xmlRequest XML Request to be sent as a parameter in the form
- * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to;
- * may be null, in this case the default URL will be used
- * @param dataURL DataURL to be sent as a parameter in the form
- */
- public String build(
- String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL)
- throws BuildException {
-
- String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
- String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
- htmlForm = replaceTag(htmlForm, BKU_TAG, bku);
- htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest));
- htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL);
- htmlForm = replaceTag(htmlForm, BKU_TAG, bku);
- htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest));
- htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL);
- return htmlForm;
- }
- /**
- * Encodes a string for inclusion as a parameter in the form.
- * Double quotes are substituted by """.
- * @param s the string to be encoded
- * @return the string encoded
- * @throws BuildException on any exception encountered
- */
- public static String encodeParameter(String s) throws BuildException {
- StringReader in = new StringReader(s);
- StringWriter out = new StringWriter();
- try {
- for (int ch = in.read(); ch >= 0; ch = in.read()) {
- if (ch == '"')
- out.write(""");
- else if (ch == '<')
- out.write("<");
- else if (ch == '>')
- out.write(">");
- else if (ch == 'ä')
- out.write("ä");
- else if (ch == 'ö')
- out.write("ö");
- else if (ch == 'ü')
- out.write("ü");
- else if (ch == 'Ä')
- out.write("Ä");
- else if (ch == 'Ö')
- out.write("Ö");
- else if (ch == 'Ü')
- out.write("Ü");
- else if (ch == 'ß')
- out.write("ß");
- else
- out.write(ch);
- }
- }
- catch (IOException ex) {
- throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()});
- }
- return out.toString();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
deleted file mode 100644
index d3e100671..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the <InfoboxReadRequest> structure
- * used for requesting the identity link from the security layer implementation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class InfoboxReadRequestBuilder implements Constants {
-
- /**
- * XML template for the <sl10:InfoboxReadRequest> to be built
- */
- String INFOBOX_READ_REQUEST =
- "" +
- "<InfoboxReadRequest>.
- *
- * @return <InfoboxReadRequest> as String
- */
- public String build() {
- String request = INFOBOX_READ_REQUEST;
- return request;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
deleted file mode 100644
index 819ed79bb..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Builder for the lt;pr:Person> element to be inserted
- * in the authentication data lt;saml:Assertion>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PersonDataBuilder {
-
- /**
- * Constructor for PersonDataBuilder.
- */
- public PersonDataBuilder() {
- super();
- }
- /**
- * Builds the <pr:Person> element.<prPerson> from the identity link
- * and the information regarding inclusion of "Stammzahl" in the
- * <pr:Person> data.
- *
- * @param identityLink IdentityLink containing the
- * attribute prPerson
- * @param provideStammzahl true if "Stammzahl" is to be included;
- * false otherwise
- * @return the <pr:Person> element as a String
- * @throws BuildException on any error
- */
- public String build(IdentityLink identityLink, boolean provideStammzahl)
- throws BuildException {
-
- try {
- Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true);
- if (! provideStammzahl) {
- Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value");
- //remove IdentificationValue
- prIdentification.getFirstChild().setNodeValue("");
- }
- String xmlString = DOMUtils.serializeNode(prPerson);
- return xmlString;
- }
- catch (Exception ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"PersonData", ex.toString()},
- ex);
- }
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
deleted file mode 100644
index 27e19e830..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.ByteArrayOutputStream;
-import java.security.MessageDigest;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.Base64Utils;
-
-/**
- * Builder for the SAML artifact, as defined in the
- * Browser/Artifact profile of SAML.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLArtifactBuilder {
-
- /**
- * Constructor for SAMLArtifactBuilder.
- */
- public SAMLArtifactBuilder() {
- super();
- }
-
- /**
- * Builds the SAML artifact, encoded BASE64.
- * TypeCode: 0x0001.SourceID: SHA-1 hash of the authURLAssertionHandle: SHA-1 hash of the MOASessionIDSourceID
- * @param sessionID MOASessionID to be used for construction
- * of AssertionHandle
- * @return the 42-byte SAML artifact, encoded BASE64
- */
- public String build(String authURL, String sessionID) throws BuildException {
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] sourceID = md.digest(authURL.getBytes());
- byte[] assertionHandle = md.digest(sessionID.getBytes());
- ByteArrayOutputStream out = new ByteArrayOutputStream(42);
- out.write(0);
- out.write(1);
- out.write(sourceID, 0, 20);
- out.write(assertionHandle, 0, 20);
- byte[] samlArtifact = out.toByteArray();
- String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
- return samlArtifactBase64;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()},
- ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
deleted file mode 100644
index d7dac3907..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
+++ /dev/null
@@ -1,104 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.text.MessageFormat;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.*;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.OutputXML2File;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-
-/**
- * Builder for the lt;samlp:Response> used for passing
- * result and status information from the GetAuthenticationData
- * web service.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLResponseBuilder implements Constants {
- /** XML - Template for samlp:Response */
- private static final String RESPONSE =
- "" +
- "lt;samlp:Request> responded to
- * @param issueInstant current timestamp
- * @param statusCode status code
- * @param subStatusCode sub-status code refining the status code; may be null
- * @param statusMessage status message
- * @param samlAssertion SAML assertion representing authentication data
- * @return SAML response as a DOM element
- */
- public Element build(
- String responseID,
- String inResponseTo,
- String issueInstant,
- String statusCode,
- String subStatusCode,
- String statusMessage,
- String samlAssertion)
- throws BuildException {
-
- try {
- String xmlSubStatusCode =
- subStatusCode == null ?
- "" :
- MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode});
- OutputXML2File.debugOutputXML2File("SamlAssertion.xml", samlAssertion, MOAIDAuthConstants.DEBUG_OUTPUT_HIERARCHY);
-
- String xmlResponse = MessageFormat.format(RESPONSE, new Object[] {
- responseID,
- inResponseTo,
- issueInstant,
- statusCode,
- xmlSubStatusCode,
- statusMessage,
- removeXMLDeclaration(samlAssertion) });
- Element domResponse = DOMUtils.parseDocument(xmlResponse, true, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return domResponse;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] { "samlp:Response", ex.toString() },
- ex);
- }
- }
- /**
- * Removes the XML declaration from an XML expression.
- * @param xmlString XML expression as String
- * @return XML expression, XML declaration removed
- */
- private String removeXMLDeclaration(String xmlString) {
- if (xmlString.startsWith("";
- /** special tag in the HTML template to be substituted for the <select;gt; tag
- * containing the BKU selection options */
- private static final String SELECT_TAG = "<VerifyXMLSignatureRequestBuilder> structure
- * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureRequestBuilder {
- /** The MOA-Prefix */
- private static final String MOA = Constants.MOA_PREFIX + ":";
- /** the request as string */
- private String request;
- /** the request as DOM-Element */
- private Element reqElem;
-
- /**
- * Constructor for VerifyXMLSignatureRequestBuilder.
- */
- public VerifyXMLSignatureRequestBuilder() {
- }
- /**
- * Builds a <VerifyXMLSignatureRequest>
- * from an IdentityLink with a known trustProfileID which
- * has to exist in MOA-SP
- * @param idl - The IdentityLink
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- * @return Element - The complete request as Dom-Element
- * @throws ParseException
- */
- public Element build(IdentityLink idl, String trustProfileID)
- throws ParseException { //samlAssertionObject
- request =
- ""
- + "<VerifyXMLSignatureRequest>
- * from the signed AUTH-Block with a known trustProfileID which
- * has to exist in MOA-SP
- * @param csr - signed AUTH-Block
- * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- * @return Element - The complete request as Dom-Element
- * @throws ParseException
- */
- public Element build(
- CreateXMLSignatureResponse csr,
- String[] verifyTransformsInfoProfileID,
- String trustProfileID)
- throws ParseException { //samlAssertionObject
- request =
- ""
- + "AuthenticationServer API calls.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationSession {
- /**
- * session ID
- */
- private String sessionID;
- /**
- * "Geschäftsbereich" the online application belongs to
- */
- private String target;
- /**
- * public online application URL requested
- */
- private String oaURLRequested;
- /**
- * public online application URL prefix
- */
- private String oaPublicURLPrefix;
- /**
- * URL of MOA ID authentication component
- */
- private String authURL;
- /**
- * HTML template URL
- */
- private String templateURL;
- /**
- * identity link read from smartcard
- */
- private IdentityLink identityLink;
- /**
- * authentication block to be signed by the user
- */
- private String authBlock;
- /**
- * timestamp logging when authentication session has been created
- */
- private Date timestampStart;
- /**
- * timestamp logging when identity link has been received
- */
- private Date timestampIdentityLink;
-
- /**
- * Constructor for AuthenticationSession.
- *
- * @param id Session ID
- */
- public AuthenticationSession(String id) {
- sessionID = id;
- setTimestampStart();
- }
-
- /**
- * Returns the identityLink.
- * @return IdentityLink
- */
- public IdentityLink getIdentityLink() {
- return identityLink;
- }
-
- /**
- * Returns the sessionID.
- * @return String
- */
- public String getSessionID() {
- return sessionID;
- }
-
- /**
- * Sets the identityLink.
- * @param identityLink The identityLink to set
- */
- public void setIdentityLink(IdentityLink identityLink) {
- this.identityLink = identityLink;
- }
-
- /**
- * Sets the sessionID.
- * @param sessionID The sessionID to set
- */
- public void setSessionID(String sessionId) {
- this.sessionID = sessionId;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getOAURLRequested() {
- return oaURLRequested;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getPublicOAURLPrefix() {
- return oaPublicURLPrefix;
- }
-
- /**
- * Returns the target.
- * @return String
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Sets the oaURLRequested.
- * @param oaURLRequested The oaURLRequested to set
- */
- public void setOAURLRequested(String url) {
- this.oaURLRequested = url;
- }
-
- /**
- * Sets the oaPublicURLPrefix
- * @param url The oaPublicURLPrefix to set
- */
- public void setPublicOAURLPrefix(String url) {
- this.oaPublicURLPrefix = url;
- }
-
- /**
- * Sets the target.
- * @param target The target to set
- */
- public void setTarget(String target) {
- this.target = target;
- }
-
- /**
- * Returns the authURL.
- * @return String
- */
- public String getAuthURL() {
- return authURL;
- }
-
- /**
- * Sets the authURL.
- * @param authURL The authURL to set
- */
- public void setAuthURL(String authURL) {
- this.authURL = authURL;
- }
-
- /**
- * Returns the authBlock.
- * @return String
- */
- public String getAuthBlock() {
- return authBlock;
- }
-
- /**
- * Sets the authBlock.
- * @param authBlock The authBlock to set
- */
- public void setAuthBlock(String authBlock) {
- this.authBlock = authBlock;
- }
-
- /**
- * Returns the timestampIdentityLink.
- * @return Date
- */
- public Date getTimestampIdentityLink() {
- return timestampIdentityLink;
- }
-
- /**
- * Returns the timestampStart.
- * @return Date
- */
- public Date getTimestampStart() {
- return timestampStart;
- }
-
- /**
- * Sets the current date as timestampIdentityLink.
- */
- public void setTimestampIdentityLink() {
- timestampIdentityLink = new Date();
- }
-
- /**
- * Sets the current date as timestampStart.
- */
- public void setTimestampStart() {
- timestampStart = new Date();
- }
-
- /**
- * @return template URL
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
- /**
- * @param string the template URL
- */
- public void setTemplateURL(String string) {
- templateURL = string;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
deleted file mode 100644
index 81945f644..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import org.w3c.dom.Element;
-
-/**
- * This bean saves all information of the CreateXMLSignature-Response:
- * a {@link SAMLAttribute} array, the SamlAssertion-Element and the
- * saml NameIdentifier
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class CreateXMLSignatureResponse {
- /** the samlNameIdentifier */
-private String samlNameIdentifier;
- /** an array of saml-attributes */
-private SAMLAttribute[] samlAttributes;
- /**
- * the original saml:Assertion-Element
- */
- private Element samlAssertion;
-/**
- * Returns the samlAssertion.
- * @return Element
- */
-public Element getSamlAssertion() {
- return samlAssertion;
-}
-
-/**
- * Returns the samlAttribute.
- * @return SAMLAttribute[]
- */
-public SAMLAttribute[] getSamlAttributes() {
- return samlAttributes;
-}
-
-/**
- * Returns the samlNameIdentifier.
- * @return String
- */
-public String getSamlNameIdentifier() {
- return samlNameIdentifier;
-}
-
-/**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
-public void setSamlAssertion(Element samlAssertion) {
- this.samlAssertion = samlAssertion;
-}
-
-/**
- * Sets the samlAttribute.
- * @param samlAttribute The samlAttribute to set
- */
-public void setSamlAttributes(SAMLAttribute[] samlAttributes) {
- this.samlAttributes = samlAttributes;
-}
-
-/**
- * Sets the samlNameIdentifier.
- * @param samlNameIdentifier The samlNameIdentifier to set
- */
-public void setSamlNameIdentifier(String samlNameIdentifier) {
- this.samlNameIdentifier = samlNameIdentifier;
-}
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
deleted file mode 100644
index cc58db916..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ /dev/null
@@ -1,210 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.security.PublicKey;
-
-import org.w3c.dom.Element;
-
-
-/**
- * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
- * "IdentityLink" is the translation of "Personenbindung".
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLink {
- /**
- * "identificationValue" is the translation of "Stammzahl".
- */
- private String identificationValue;
- /**
- * "identificationType" type of the identificationValue in the IdentityLink.
- */
- private String identificationType;
- /**
- * first name
- */
- private String givenName;
- /**
- * family name
- */
- private String familyName;
- /**
- * date of birth
- */
- private String dateOfBirth;
- /**
- * the original saml:Assertion-Element
- */
- private Element samlAssertion;
- /**
- * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
- */
- private Element prPerson;
- /**
- * we need for each dsig:Reference Element all
- * transformation elements
- */
- private Element[] dsigReferenceTransforms;
-
-
- /**
- * we need all public keys stored in
- * the identity link
- */
- private PublicKey[] publicKey;
-
- /**
- * Constructor for IdentityLink
- */
- public IdentityLink() {
- }
-
- /**
- * Returns the dateOfBirth.
- * @return Calendar
- */
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Returns the identificationValue.
- * "identificationValue" is the translation of "Stammzahl".
- * @return String
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Returns the identificationType.
- * "identificationType" type of the identificationValue in the IdentityLink.
- * @return String
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * "identificationValue" is the translation of "Stammzahl".
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the Type of the identificationValue.
- * @param identificationType The type of identificationValue to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Returns the samlAssertion.
- * @return Element
- */
- public Element getSamlAssertion() {
- return samlAssertion;
- }
-
- /**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(Element samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Returns the dsigReferenceTransforms.
- * @return Element[]
- */
- public Element[] getDsigReferenceTransforms() {
- return dsigReferenceTransforms;
- }
-
- /**
- * Sets the dsigReferenceTransforms.
- * @param dsigReferenceTransforms The dsigReferenceTransforms to set
- */
- public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
- this.dsigReferenceTransforms = dsigReferenceTransforms;
- }
-
- /**
- * Returns the publicKey.
- * @return PublicKey[]
- */
- public PublicKey[] getPublicKey() {
- return publicKey;
- }
-
- /**
- * Sets the publicKey.
- * @param publicKey The publicKey to set
- */
- public void setPublicKey(PublicKey[] publicKey) {
- this.publicKey = publicKey;
- }
-
- /**
- * Returns the prPerson.
- * @return Element
- */
- public Element getPrPerson() {
- return prPerson;
- }
-
- /**
- * Sets the prPerson.
- * @param prPerson The prPerson to set
- */
- public void setPrPerson(Element prPerson) {
- this.prPerson = prPerson;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
deleted file mode 100644
index c787b2a81..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-/**
- * This bean saves all data of a single SAMLAttribute:
- * the name, value and namespace
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class SAMLAttribute {
-/** the name to be stored */
-private String name;
-/** the namespace to be stored */
-private String namespace;
-/** the value to be stored */
-private String value;
-
- /**
- * Constructor for SAMLAttribute.
- */
- public SAMLAttribute(String name, String namespace, String value) {
-
- this.name = name;
- this.namespace = namespace;
- this.value = value;
-
- }
-
-/**
- * Returns the name.
- * @return String
- */
-public String getName() {
- return name;
-}
-
-/**
- * Returns the namespace.
- * @return String
- */
-public String getNamespace() {
- return namespace;
-}
-
-/**
- * Returns the value.
- * @return String
- */
-public String getValue() {
- return value;
-}
-
-/**
- * Sets the name.
- * @param name The name to set
- */
-public void setName(String name) {
- this.name = name;
-}
-
-/**
- * Sets the namespace.
- * @param namespace The namespace to set
- */
-public void setNamespace(String namespace) {
- this.namespace = namespace;
-}
-
-/**
- * Sets the value.
- * @param value The value to set
- */
-public void setValue(String value) {
- this.value = value;
-}
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
deleted file mode 100644
index 8233d1478..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ /dev/null
@@ -1,177 +0,0 @@
-package at.gv.egovernment.moa.id.auth.data;
-
-import iaik.x509.X509Certificate;
-
-/**
- * This bean saves all information of the MOA-SP-Answer
- * after the verification of any signature
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class VerifyXMLSignatureResponse {
- /** The xmlDsigSubjectName to be stored */
- private String xmlDsigSubjectName;
- /** The signatureCheckCode to be stored */
- private int signatureCheckCode;
- /** The xmlDSIGManifestCheckCode to be stored */
- private int xmlDSIGManifestCheckCode;
- /** The xmlDSIGManigest to be stored */
- private boolean xmlDSIGManigest;
- /** The certificateCheckCode to be stored */
- private int certificateCheckCode;
- /** The publicAuthority to be stored */
- private boolean publicAuthority;
- /** The publicAuthorityCode to be stored */
- private String publicAuthorityCode;
- /** The qualifiedCertificate to be stored */
- private boolean qualifiedCertificate;
- /** The x509certificate to be stored */
- private X509Certificate x509certificate;
-
- /**
- * Returns the certificateCheckCode.
- * @return int
- */
- public int getCertificateCheckCode() {
- return certificateCheckCode;
- }
-
- /**
- * Returns the signatureCheckCode.
- * @return int
- */
- public int getSignatureCheckCode() {
- return signatureCheckCode;
- }
-
- /**
- * Returns the xmlDSIGManifestCheckCode.
- * @return int
- */
- public int getXmlDSIGManifestCheckCode() {
- return xmlDSIGManifestCheckCode;
- }
-
- /**
- * Returns the xmlDsigSubjectName.
- * @return String
- */
- public String getXmlDsigSubjectName() {
- return xmlDsigSubjectName;
- }
-
- /**
- * Sets the certificateCheckCode.
- * @param certificateCheckCode The certificateCheckCode to set
- */
- public void setCertificateCheckCode(int certificateCheckCode) {
- this.certificateCheckCode = certificateCheckCode;
- }
-
- /**
- * Sets the signatureCheckCode.
- * @param signatureCheckCode The signatureCheckCode to set
- */
- public void setSignatureCheckCode(int signatureCheckCode) {
- this.signatureCheckCode = signatureCheckCode;
- }
-
- /**
- * Sets the xmlDSIGManifestCheckCode.
- * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
- */
- public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
- this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
- }
-
- /**
- * Sets the xmlDsigSubjectName.
- * @param xmlDsigSubjectName The xmlDsigSubjectName to set
- */
- public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
- this.xmlDsigSubjectName = xmlDsigSubjectName;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return int
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityCode The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityCode) {
- this.publicAuthorityCode = publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the x509certificate.
- * @return X509Certificate
- */
- public X509Certificate getX509certificate() {
- return x509certificate;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the x509certificate.
- * @param x509certificate The x509certificate to set
- */
- public void setX509certificate(X509Certificate x509certificate) {
- this.x509certificate = x509certificate;
- }
-
- /**
- * Returns the xmlDSIGManigest.
- * @return boolean
- */
- public boolean isXmlDSIGManigest() {
- return xmlDSIGManigest;
- }
-
- /**
- * Sets the xmlDSIGManigest.
- * @param xmlDSIGManigest The xmlDSIGManigest to set
- */
- public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
- this.xmlDSIGManigest = xmlDSIGManigest;
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
deleted file mode 100644
index a18cf7322..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ /dev/null
@@ -1,92 +0,0 @@
-package at.gv.egovernment.moa.id.auth.invoke;
-
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
-
-import org.apache.axis.message.SOAPBodyElement;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-
-/**
- * Invoker of the SignatureVerification web service of MOA-SPSS.<InfoboxReadResponse> returned from
- * the security layer
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-public class CreateXMLSignatureResponseParser {
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
- private static final String SL10 = Constants.SL10_PREFIX + ":";
- /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */
- private static final String SL11 = Constants.SL11_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = Constants.SAML_PREFIX + ":";
- /** Xpath prefix for reaching XML-DSIG Namespaces */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + SL11 + "CreateXMLSignatureResponse/";
- /** Xpath expression to the SAML:Assertion element */
- private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion";
- /** Xpath expression to the SAML:NameIdentifier element */
- private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier";
- /** Xpath expression to the AttributeStatement element */
- private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute";
- /** Xpath expression to the AttributeValue element */
- private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue";
-
- /** This is the root element of the XML-Document provided by the Security Layer Card */
- private Element sigResponse;
-
- /**
- * Constructor for CreateXMLSignatureResponseParser.
- * A DOM-representation of the incoming String will be created
- * @param xmlResponse <InfoboxReadResponse> as String
- * @throws AuthenticationException if any authentication error occurs
- * @throws ParseException if an element cannot be parsed
- */
- public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException {
- ErrorResponseParser erp = new ErrorResponseParser(xmlResponse);
- if (erp.getErrorCode() != null) {
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
- }
-
- try {
-
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
- sigResponse = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Constructor for CreateXMLSignatureResponseParser.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlResponse <InfoboxReadResponse> as InputStream
- * @throws AuthenticationException if any Authentication error occurs
- * @throws ParseException if an element cannot be parsed
- */
- public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException {
-
- ErrorResponseParser erp = new ErrorResponseParser(is);
- if (erp.getErrorCode() != null) {
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
- }
-
- try {
-
- sigResponse = DOMUtils.parseXmlValidating(is);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Constructor for CreateXMLSignatureResponseParser.
- * The incoming Element will be used for further operations
- * @param xmlResponse <InfoboxReadResponse> as InputStream
- */
- public CreateXMLSignatureResponseParser(Element xmlResponse) {
- sigResponse = xmlResponse;
-
- }
-
- /**
- * Parses the identity link from <InfoboxReadResponse>
- * @return Identity link
- * @throws ParseException
- */
-
- public CreateXMLSignatureResponse parseResponse() throws ParseException {
- CreateXMLSignatureResponse cResp;
- try {
-
- cResp = new CreateXMLSignatureResponse();
- cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse, SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null));
- cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse, SAML_ASSERTION_XPATH));
- NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse, SAML_ATTRIBUTE_XPATH);
- Element samlAttr;
- List samlAttributes = new ArrayList();
- while ((samlAttr = (Element) attrIter.nextNode()) != null) {
- String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", "");
- String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", "");
- String attrValue = XPathUtils.getElementValue(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH, "");
- samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
- }
- SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
- samlAttributes.toArray(result);
- cResp.setSamlAttributes(result);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- return cResp;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
deleted file mode 100644
index 4fbc58977..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses an <InfoboxReadResponse>.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-public class ErrorResponseParser {
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
- private static final String SL10 = Constants.SL10_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + SL10 + "ErrorResponse/";
- /** Xpath expression to the ErrorCode element */
- private static final String ERROR_CODE_XPATH =
- ROOT + SL10 + "ErrorCode";
- /** Xpath expression to the Info element */
- private static final String ERROR_INFO_XPATH =
- ROOT + SL10 + "Info";
-
-
- /** This is the root element of the XML-Document provided by the Security Layer Card */
- private Element errorElement;
-
- /**
- * Constructor for InfoboxReadResponseParser.
- * A DOM-representation of the incoming String will be created
- * @param xmlResponse <InfoboxReadResponse> as String
- * @throws ParseException on any error
- */
- public ErrorResponseParser(String xmlResponse) throws ParseException {
- try {
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
- errorElement = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Constructor for InfoboxReadResponseParser.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlResponse <InfoboxReadResponse> as InputStream
- * @throws ParseException on any error
- */
- public ErrorResponseParser(InputStream xmlResponse) throws ParseException {
- try {
- errorElement = DOMUtils.parseXmlValidating(xmlResponse);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
- /**
- * Method getErrorCode. returns the error code
- * @return String
- */
- public String getErrorCode() {
-
- return XPathUtils.getElementValue(errorElement,ERROR_CODE_XPATH,null);
- }
-
- /**
- * Method getErrorInfo: returns the information about the error
- * @return String
- */
- public String getErrorInfo() {
-
- return XPathUtils.getElementValue(errorElement,ERROR_INFO_XPATH,null);
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
deleted file mode 100644
index dd44419da..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ /dev/null
@@ -1,309 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.security.interfaces.RSAPublicKey;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.PublicKey;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.*;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
-
-/**
- * Parses an identity link <saml:Assertion>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLinkAssertionParser {
-
- //
- // XPath namespace prefix shortcuts
- //
-
- /** Xpath prefix for reaching PersonData Namespaces */
- private static final String PDATA = Constants.PD_PREFIX + ":";
- /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
- private static final String SL10 = Constants.SL10_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = Constants.SAML_PREFIX + ":";
- /** Xpath prefix for reaching XML-DSIG Namespaces */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** Xpath prefix for reaching ECDS Namespaces */
- private static final String ECDSA = Constants.ECDSA_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + SAML + "Assertion/";
- /** Xpath expression to the SAMLSubjectConfirmationData element */
- private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Subject/"
- + SAML
- + "SubjectConfirmation/"
- + SAML
- + "SubjectConfirmationData";
- /** Xpath expression to the PersonData element */
- private static final String PERSON_XPATH =
- SAML_SUBJECT_CONFIRMATION_DATA_XPATH
- + "/"
- + PDATA
- + "Person";
- /** Xpath expression to the PersonData GivenName element */
- private static final String PERSON_GIVEN_NAME_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Name/"
- + PDATA
- + "GivenName";
- /** Xpath expression to the PersonData FamilyName element */
- private static final String PERSON_FAMILY_NAME_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Name/"
- + PDATA
- + "FamilyName";
- /** Xpath expression to the PersonData DateOfBirth element */
- private static final String PERSON_DATE_OF_BIRTH_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "DateOfBirth";
- /** Xpath expression to the Identification element */
- private static final String PERSON_IDENT_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Identification";
-
- /** Xpath expression to the Identification Value element */
- private static final String PERSON_IDENT_VALUE_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Identification/"
- + PDATA
- + "Value";
-
- /** Xpath expression to the Identification Value element */
- private static final String PERSON_IDENT_TYPE_XPATH =
- PERSON_XPATH
- + "/"
- + PDATA
- + "Identification/"
- + PDATA
- + "Type";
-
- /** Xpath expression to the RSAKeyValue element */
- private static final String RSA_KEY_VALUE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/"
- + SAML
- + "AttributeValue/"
- + DSIG
- + "RSAKeyValue";
-
- /** Xpath expression to the ECKeyValue element */
- private static final String ECDSA_KEY_VALUE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/"
- + SAML
- + "AttributeValue/"
- + ECDSA
- + "ECDSAKeyValue";
-
-
- /** Xpath expression to the RSA Modulus element */
- private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus";
- /** Xpath expression to the RSA Exponent element */
- private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent";
- /** Xpath expression to the DSIG X509Certificate element */
- private static final String DSIG_CERTIFICATES_XPATH =
- ROOT
- + DSIG
- + "Signature/"
- + DSIG
- + "KeyInfo/"
- + DSIG
- + "X509Data/"
- + DSIG
- + "X509Certificate";
- /** Xpath expression to the DSIG Transforms element */
- private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH =
- ROOT
- + DSIG
- + "Signature/"
- + DSIG
- + "SignedInfo/"
- + DSIG
- + "Reference/"
- + DSIG
- + "Transforms";
-
- /**This is the root element of the XML-Document provided by the Security Layer Card*/
- private Element assertionElem;
-
- /**
- * Constructor for IdentityLinkAssertionParser.
- * A DOM-representation of the incoming String will be created
- * @param xmlAssertion <saml:Assertion> as String
- * @throws ParseException on any parsing error
- */
- public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException {
- try {
- InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8"));
- assertionElem = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Constructor for IdentityLinkAssertionParser.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlAssertion <saml:Assertion> as InputStream
- * @throws ParseException on any parsing error
- */
- public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception {
- try {
- assertionElem = DOMUtils.parseXmlValidating(xmlAssertion);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
- /**
- * Parses the identity link from the <saml:Assertion>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
-
- public IdentityLink parseIdentityLink() throws ParseException {
- IdentityLink identityLink;
- try {
- identityLink = new IdentityLink();
- identityLink.setSamlAssertion(assertionElem);
- identityLink.setPrPerson((Element)
- XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH));
- identityLink.setIdentificationValue(
- XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
- identityLink.setIdentificationType(
- XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, ""));
- identityLink.setGivenName(
- XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
- identityLink.setFamilyName(
- XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""));
- identityLink.setDateOfBirth(
- XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, ""));
- NodeIterator dsigRefTransforms =
- XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH);
- List transElems = new ArrayList();
- Element transformsElem;
- while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) {
- transElems.add(transformsElem);
- }
- Element[] result = new Element[transElems.size()];
- transElems.toArray(result);
- identityLink.setDsigReferenceTransforms(result);
-
- identityLink.setPublicKey(getPublicKeys());
-
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
-
- return identityLink;
- }
-
- /**
- * Parses an array of Public Keys from the <InfoboxReadResponse>
- * @return RSAPublicKey[]
- * @throws IOException can occur when decoding the base64 values of the modulus and exponent
- */
- public PublicKey[] getPublicKeys() throws IOException, ECDSAConverterException{
-
-
- List pubKeys = new ArrayList();
- //Try to get RSA-Keys
- NodeIterator rsaIter =
- XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, RSA_KEY_VALUE_XPATH);
- Element rsaElem;
-
- while ((rsaElem = (Element) rsaIter.nextNode()) != null) {
- String modulus =
- XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, "");
- String exponent =
- XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, "");
-
- RSAPublicKey resPub =
- new iaik.security.rsa.RSAPublicKey(
- new BigInteger(1, Base64Utils.decode(modulus, true)),
- new BigInteger(1, Base64Utils.decode(exponent, true)));
- pubKeys.add(resPub);
- }
-
- //Try to get ECDSA-Keys
- NodeIterator ecdsaIter =
- XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, ECDSA_KEY_VALUE_XPATH);
- Element ecdsaElem;
- PublicKey ecPubKey = null;
- while ((ecdsaElem = (Element) ecdsaIter.nextNode()) != null) {
- try {
- ecPubKey = ECDSAKeyValueConverter.element2ECDSAPublicKey(ecdsaElem);
- pubKeys.add(ecPubKey);
- }
- catch(Exception e) {
- //TODO test
- throw new ECDSAConverterException("parser.03", new Object[] { e.toString() }, e);
- }
- }
-
- PublicKey[] result = new PublicKey[pubKeys.size()];
- pubKeys.toArray(result);
- return result;
-
- }
- /**
- * Parses a string array of decoded base64 certificates from
- * the <InfoboxReadResponse> found in the dsig-signature
- * @return String[] with raw-certificates from the dsig-signature keyinfo
- * @throws Exception
- */
- public String[] getCertificates() throws Exception {
- List certs = new ArrayList();
- NodeIterator rsaIter =
- XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH);
- Element certElem;
- while ((certElem = (Element) rsaIter.nextNode()) != null) {
- String content = DOMUtils.getText(certElem);
- certs.add(new String(Base64Utils.decode(content, true)));
- }
- String[] result = new String[certs.size()];
- certs.toArray(result);
- return result;
-
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
deleted file mode 100644
index 012a5b559..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ /dev/null
@@ -1,109 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses an <InfoboxReadResponse>.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-public class InfoboxReadResponseParser {
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
- private static final String SL10 = Constants.SL10_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = Constants.SAML_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + SL10 + "InfoboxReadResponse/";
- /** Xpath expression to the SAML:Assertion element */
- private static final String SAML_ASSERTION_XPATH = ROOT + SL10 + "BinaryFileData/" + SL10 + "XMLContent/" + SAML + "Assertion";
-
- /** This is the root element of the XML-Document provided by the Security Layer Card*/
- private Element infoBoxElem;
-
- /**
- * Constructor for InfoboxReadResponseParser.
- * A DOM-representation of the incoming String will be created
- * @param xmlResponse <InfoboxReadResponse> as String
- * @throws ParseException on any parsing error
- */
- public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException {
-
- ErrorResponseParser erp = new ErrorResponseParser(xmlResponse);
- if (erp.getErrorCode() != null) {
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
- }
-
- try {
-
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
- infoBoxElem = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Constructor for InfoboxReadResponseParser.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlResponse <InfoboxReadResponse> as InputStream
- * @throws ParseException on any parsing error
- */
- public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException {
-
- ErrorResponseParser erp = new ErrorResponseParser(is);
- if (erp.getErrorCode() != null) {
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
- }
-
- try {
-
- infoBoxElem = DOMUtils.parseXmlValidating(is);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Parses the embedded <saml:Assertion> element from <InfoboxReadResponse>
- * @return <saml:Assertion> as String
- * @throws ParseException on any parsing error
- */
- public String parseSAMLAssertion() throws ParseException {
- try {
- Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem, SAML_ASSERTION_XPATH);
- return DOMUtils.serializeNode(samlAssertion);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
- }
- }
-
- /**
- * Parses the identity link from the <saml:Assertion>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
-
- public IdentityLink parseIdentityLink() throws ParseException {
- String samlAssertionString = parseSAMLAssertion();
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString);
- return ilParser.parseIdentityLink();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
deleted file mode 100644
index 7c4c01abe..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import java.io.IOException;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.util.Base64Utils;
-
-/**
- * Parser for a SAML artifact.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLArtifactParser {
- /** byte array containing the SamlArtifact bytes */
- private byte[] samlArtifactBytes;
-
- /**
- * Constructor
- * @param samlArtifact as String
- * @throws ParseException on any parsing error
- */
- public SAMLArtifactParser(String samlArtifact) throws ParseException {
- try {
- samlArtifactBytes = Base64Utils.decode(samlArtifact, false);
- }
- catch (IOException ex) {
- throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
- }
- }
- /**
- * Parses the type code.
- * @return type code
- * @throws ParseException when SAML artifact is invalid
- */
- public byte[] parseTypeCode() throws ParseException {
- try {
- byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]};
- return typeCode;
- }
- catch (Throwable ex) {
- throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
- }
- }
- /**
- * Parses the assertion handle.
- * @return assertion handle
- * @throws ParseException when SAML artifact is invalid
- */
- public String parseAssertionHandle() throws ParseException {
- try {
- return new String(samlArtifactBytes, 22, 20);
- }
- catch (Throwable ex) {
- throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
deleted file mode 100644
index e628cb997..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ /dev/null
@@ -1,157 +0,0 @@
-package at.gv.egovernment.moa.id.auth.parser;
-
-import iaik.utils.Base64InputStream;
-import iaik.x509.X509Certificate;
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.*;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses a <VerifyXMLSignatureResponse> returned by
- * MOA-SPSS.
- * This class implements the Singleton pattern
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-
-public class VerifyXMLSignatureResponseParser {
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching MOA Namespaces */
- private static final String MOA = Constants.MOA_PREFIX + ":";
- /** Xpath prefix for reaching DSIG Namespaces */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */
- private static final String SL11 = Constants.SL11_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
-
- /** Xpath expression to the X509SubjectName element */
- private static final String DSIG_SUBJECT_NAME_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- DSIG + "X509SubjectName";
- /** Xpath expression to the X509Certificate element */
- private static final String DSIG_X509_CERTIFICATE_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- DSIG + "X509Certificate";
- /** Xpath expression to the PublicAuthority element */
- private static final String PUBLIC_AUTHORITY_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- MOA + "PublicAuthority";
- /** Xpath expression to the PublicAuthorityCode element */
- private static final String PUBLIC_AUTHORITY_CODE_XPATH =
- PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";
- /** Xpath expression to the QualifiedCertificate element */
- private static final String QUALIFIED_CERTIFICATE_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- SL11 + "QualifiedCertificate";
-
- /** Xpath expression to the SignatureCheckCode element */
- private static final String SIGNATURE_CHECK_CODE_XPATH =
- ROOT + MOA + "SignatureCheck/" + MOA + "Code";
- /** Xpath expression to the XMLDSIGManifestCheckCode element */
- private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH =
- ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
- /** Xpath expression to the CertificateCheckCode element */
- private static final String CERTIFICATE_CHECK_CODE_XPATH =
- ROOT + MOA + "CertificateCheck/" + MOA + "Code";
-
-
- /** This is the root element of the XML-Document provided by the Security Layer Card*/
- private Element verifyXMLSignatureResponse;
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * A DOM-representation of the incoming String will be created
- * @param xmlResponse <InfoboxReadResponse> as String
- * @throws ParseException on any parsing error
- */
- public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
- try {
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
-
- verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlResponse <InfoboxReadResponse> as InputStream
- * @throws Exception on any parsing error
- */
- public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
- {
- try {
- verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", null, t);
- }
- }
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * The incoming Element will be used for further operations
- * @param xmlResponse <InfoboxReadResponse> as Element
- */
- public VerifyXMLSignatureResponseParser(Element xmlResponse)
- {
- verifyXMLSignatureResponse =xmlResponse;
-
- }
-
- /**
- * Parse identity link from <InfoboxReadResponse>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
-
- public VerifyXMLSignatureResponse parseData() throws ParseException {
- VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
-
- try {
- respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
- Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
- respData.setQualifiedCertificate(e!=null);
-
- Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
- verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
-
- respData.setX509certificate(new X509Certificate(in));
- Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH);
- respData.setPublicAuthority(publicAuthority != null);
- respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
- respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
-
- String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
- if (xmlDsigCheckCode!=null)
- {
- respData.setXmlDSIGManigest(true);
- respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
- }
- else
- respData.setXmlDSIGManigest(false);
- respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", null, t);
- }
- return respData;
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
deleted file mode 100644
index 95878007e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ /dev/null
@@ -1,156 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.URLDecoder;
-
-/**
- * Base class for MOA-ID Auth Servlets, providing standard error handling
- * and constant names.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
-
-
- /**
- * Handles an error. "/errorpage-auth.jsp")WrongParametersException.
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
- Logger.error(ex.toString());
- req.setAttribute("WrongParameters", ex.getMessage());
-
- // forward this to errorpage-auth.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Logs all servlet parameters for debugging purposes.
- */
- protected void logParameters(HttpServletRequest req) {
- for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements(); ) {
- String parname = (String)enum.nextElement();
- Logger.debug("Parameter " + parname + req.getParameter(parname));
- }
- }
- /**
- * Parses the request input stream for parameters,
- * assuming parameters are encoded UTF-8.
- * @param req servlet request
- * @return mapping parameter name -> value
- */
- protected Map getParameters(HttpServletRequest req) throws IOException {
- Map parameters = new HashMap();
- InputStream in = req.getInputStream();
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
- parameters.put(paramName, paramValue);
- }
- }
- while (paramName.length() > 0);
- in.close();
-
- return parameters;
- }
- /**
- * Reads bytes up to a delimiter, consuming the delimiter.
- * @param in input stream
- * @param delimiter delimiter character
- * @return String constructed from the read bytes
- * @throws IOException
- */
- protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- boolean done = false;
- int b;
- while (! done && (b = in.read()) >= 0) {
- if (b == delimiter)
- done = true;
- else
- bout.write(b);
- }
- return bout.toString();
- }
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
deleted file mode 100644
index f33377547..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
- /**
- * Handle a HTTP GET request, used to indicated that the MOA
- * configuration needs to be updated (reloaded).
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
- MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
-
- try {
- MOAIDAuthInitializer.initialized=false;
- MOAIDAuthInitializer.initialize();
- String message = msg.getMessage("config.00", new Object[]
- { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
-
- Logger.info(message);
- HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
-
- } catch (Throwable t) {
- String errorMessage = msg.getMessage("config.04", null);
- Logger.error(errorMessage, t);
- HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
- }
- }
-
- /**
- * Do the same as doGet.
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- }
-
-}
-
-
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
deleted file mode 100644
index c41b514c8..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.util.Calendar;
-
-import org.apache.axis.AxisFault;
-import org.w3c.dom.Element;
-
-import org.w3c.dom.NodeList;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Web service for picking up authentication data created in the MOA-ID Auth component.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
- */
-public class GetAuthenticationDataService implements Constants {
-
- /**
- * Constructor for GetAuthenticationDataService.
- */
- public GetAuthenticationDataService() {
- super();
- }
-
- /**
- * Takes a lt;samlp:Request> containing a
- * SAML artifact and returns the corresponding
- * authentication data lt;saml:Assertion>
- * (obtained from the AuthenticationServer),
- * enclosed in a lt;samlp:Response>.
- * lt;samlp:StatusCode>s,
- * possibly containing enclosed sub-lt;samlp:StatusCode>s.
- * The status codes are defined in the SAML specification.
- *
- * @param requests request elements of type lt;samlp:Request>;
- * only 1 request element is allowed
- * @return response element of type lt;samlp:Response>,
- * packed into an Element[]
- * @throws AxisFault thrown when an error occurs in assembling the
- * lt;samlp:Response>
- */
- public Element[] Request(Element[] requests)
- throws AxisFault {
-
- Element request = requests[0];
- Element[] responses = new Element[1];
- String requestID = "";
- String statusCode = "";
- String subStatusCode = null;
- String statusMessageCode = null;
- String statusMessage = null;
- String samlAssertion = "";
- if (requests.length > 1) {
- // more than 1 request given as parameter
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1201";
- }
- else {
- try {
- DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
- NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
- if (samlArtifactList.getLength() == 0) {
- // no SAML artifact given in request
- statusCode = "samlp:Requester";
- statusMessageCode = "1202";
- }
- else if (samlArtifactList.getLength() > 1) {
- // too many SAML artifacts given in request
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1203";
- }
- else {
- Element samlArtifactElem = (Element)samlArtifactList.item(0);
- requestID = samlArtifactElem.getAttribute("RequestID");
- String samlArtifact = DOMUtils.getText(samlArtifactElem);
- try {
- AuthenticationData authData = AuthenticationServer.getInstance().
- getAuthenticationData(samlArtifact);
- // success
- samlAssertion = authData.getSamlAssertion();
- statusCode = "samlp:Success";
- statusMessageCode = "1200";
- }
- catch (AuthenticationException ex) {
- // no authentication data for given SAML artifact
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:ResourceNotRecognized";
- statusMessage = ex.toString();
- }
- }
- }
- catch (Throwable t) {
- // invalid request format
- statusCode = "samlp:Requester";
- statusMessageCode = "1204";
- }
- }
- try {
- String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
- if (statusMessage == null)
- statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
- responses[0] = new SAMLResponseBuilder().build(
- responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
- }
- catch (MOAIDException e) {
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- catch (Throwable t) {
- MOAIDException e = new MOAIDException("1299", null, t);
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- return responses;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
deleted file mode 100644
index 50d3225d2..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for selecting a BKU.
- * "text/html"500
- * <CreateXMLSignatureResponse>302"Location": URL of the online application requested, with
- * parameters "Target" and "SAMLArtifact" added500
- * CreateXMLSignatureRequest.
- * <InfoboxReadResponse>"text/xml"500
- * null, if none has been created. */
- private static CreateXMLSignatureResponseValidator instance;
-
- /**
- * Constructor for a singleton CreateXMLSignatureResponseValidator.
- * @return an instance of CreateXMLSignatureResponseValidator
- * @throws ValidateException if no instance can be created
- */
- public static synchronized CreateXMLSignatureResponseValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new CreateXMLSignatureResponseValidator();
- }
- return instance;
- }
-
-
- /**
- * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
- * @param createXMLSignatureResponse
- * @param gbTarget
- * @param oaURL
- * @throws ValidateException
- */
- public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, String gbTarget, String oaURL)
- throws ValidateException {
-
- // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-
-
- XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH);
-
- SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes();
-
- boolean foundOA = false;
- boolean foundGB = false;
- for (int i = 0; i < samlattributes.length; i++)
- {
- if (samlattributes[i].getName().equals("Geschaeftsbereich"))
- if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#"))
-
- {
- foundGB = true;
- if (!gbTarget.equals(samlattributes[i].getValue()))
- {
- throw new ValidateException("validator.13", null);
- }
- }
- else throw new ValidateException("validator.12", null);
- if (samlattributes[i].getName().equals("OA"))
- if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#"))
- {
- foundOA = true;
- if (!oaURL.equals(samlattributes[i].getValue())) // CHECKS für die AttributeVALUES fehlen noch
- {
- throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()});
- }
-
- }
- else throw new ValidateException("validator.15", null);
- }
- if (!foundOA) throw new ValidateException("validator.14", null);
- if (!foundGB) throw new ValidateException("validator.11", null);
-
- //Check if dsig:Signature exists
- Element dsigSignature = (Element) XPathUtils.selectSingleNode(createXMLSignatureResponse.getSamlAssertion(),DSIG + "Signature");
- if (dsigSignature==null) throw new ValidateException("validator.05", null);
-
-
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
deleted file mode 100644
index 24029120e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ /dev/null
@@ -1,161 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import java.util.HashMap;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- *
- * This class is used to validate an {@link IdentityLink}
- * returned by the security layer
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class IdentityLinkValidator implements Constants {
-
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching PersonData Namespaces */
- private static final String PDATA = PD_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = SAML_PREFIX + ":";
- /** Xpath prefix for reaching XML-DSIG Namespaces */
- private static final String DSIG = DSIG_PREFIX + ":";
- /** Xpath prefix for reaching ECDSA Namespaces */
- private static final String ECDSA = ECDSA_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + SAML + "Assertion/";
- /** Xpath expression to the SAML:SubjectConfirmationData element */
- private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Subject/"
- + SAML
- + "SubjectConfirmation/"
- + SAML
- + "SubjectConfirmationData";
-/** Xpath expression to the PersonData:Person element */
- private static final String PERSON_XPATH =
- SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person";
- /** Xpath expression to the SAML:Attribute element */
- private static final String ATTRIBUTE_XPATH =
- ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
- /** Xpath expression to the SAML:AttributeName attribute */
- private static final String ATTRIBUTE_NAME_XPATH =
- ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
- /** Xpath expression to the SAML:AttributeNamespace attribute */
- private static final String ATTRIBUTE_NAMESPACE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/@AttributeNamespace";
- /** Xpath expression to the SAML:AttributeValue element */
- private static final String ATTRIBUTE_VALUE_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/"
- + SAML
- + "AttributeValue";
-
- /** Singleton instance. null, if none has been created. */
- private static IdentityLinkValidator instance;
-
- /**
- * Constructor for a singleton IdentityLinkValidator.
- * @return a new IdentityLinkValidator instance
- * @throws ValidateException if no instance can be created
- */
- public static synchronized IdentityLinkValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new IdentityLinkValidator();
- }
- return instance;
- }
-
- /**
- * Method validate. Validates the {@link IdentityLink}
- * @param identityLink The identityLink to validate
- * @throws ValidateException on any validation error
- */
- public void validate(IdentityLink identityLink) throws ValidateException {
-
- //Search the SAML:ASSERTION Object (A2.054)
- if (identityLink.getSamlAssertion() == null)
- throw new ValidateException("validator.00", null);
-
- // Check how many saml:Assertion/saml:AttributeStatement/
- // saml:Subject/ saml:SubjectConfirmation/
- // saml:SubjectConfirmationData/pr:Person of type
- // PhysicalPersonType exist (A2.056)
- NodeList nl =
- XPathUtils.selectNodeList(identityLink.getSamlAssertion(), PERSON_XPATH);
- // If we have just one Person-Element we don't need to check the attributes
- int counterPhysicalPersonType = 0;
- if (nl.getLength() > 1)
- for (int i = 0; i < nl.getLength(); i++) {
- String xsiType =
- ((Element) nl.item(i))
- .getAttributeNodeNS(
- "http://www.w3.org/2001/XMLSchema-instance",
- "type")
- .getNodeValue();
- // We have to check if xsiType contains "PhysicalPersonType"
- // An equal-check will fail because of the Namespace-prefix of the attribute value
- if (xsiType.indexOf("PhysicalPersonType") > -1)
- counterPhysicalPersonType++;
- }
- if (counterPhysicalPersonType > 1)
- throw new ValidateException("validator.01", null);
-
- //Check the SAML:ATTRIBUTES
- nl = XPathUtils.selectNodeList(identityLink.getSamlAssertion(), ATTRIBUTE_XPATH);
- for (int i = 0; i < nl.getLength(); i++) {
- String attributeName =
- XPathUtils.getAttributeValue(
- (Element) nl.item(i),
- "@AttributeName",
- null);
- String attributeNS =
- XPathUtils.getAttributeValue(
- (Element) nl.item(i),
- "@AttributeNamespace",
- null);
- if (attributeName.equals("CitizenPublicKey")) {
-
- if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") ||
- attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) {
- Element attributeValue =
- (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue");
- if (attributeValue==null)
- attributeValue =
- (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
- if (attributeValue == null)
- throw new ValidateException("validator.02", null);
-
- }
- else
- throw new ValidateException("validator.03", new Object [] {attributeNS} );
- }
- else
- throw new ValidateException("validator.04", new Object [] {attributeName} );
- }
-
- //Check if dsig:Signature exists
- Element dsigSignature = (Element) XPathUtils.selectSingleNode(identityLink.getSamlAssertion(),ROOT + DSIG + "Signature");
- if (dsigSignature==null) throw new ValidateException("validator.05", null);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
deleted file mode 100644
index a6685fca8..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown while validating an incoming XML structure
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ValidateException extends MOAIDException {
-
- /**
- * Constructor for ValidateException.
- * @param messageId
- * @param parameters
- */
- public ValidateException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ValidateException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ValidateException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
deleted file mode 100644
index 5adbc5b3d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ /dev/null
@@ -1,151 +0,0 @@
-package at.gv.egovernment.moa.id.auth.validator;
-
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParserException;
-import iaik.x509.X509Certificate;
-
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-
-/**
- * This class is used to validate an {@link VerifyXMLSignatureResponse}
- * returned by MOA-SPSS
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureResponseValidator {
-
- /** Identification string for checking identity link */
- public static final String CHECK_IDENTITY_LINK = "IdentityLink";
- /** Identification string for checking authentication block */
- public static final String CHECK_AUTH_BLOCK = "AuthBlock";
-
- /** Singleton instance. null, if none has been created. */
- private static VerifyXMLSignatureResponseValidator instance;
-
- /**
- * Constructor for a singleton VerifyXMLSignatureResponseValidator.
- */
- public static synchronized VerifyXMLSignatureResponseValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new VerifyXMLSignatureResponseValidator();
- }
- return instance;
- }
-
- /**
- * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS.
- *
- * @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse>
- * @param identityLinkSignersSubjectDNNames subject names configured
- * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
- * @throws ValidateException on any validation error
- */
- public void validate(
- VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- String[] identityLinkSignersSubjectDNNames, String whatToCheck)
- throws ValidateException {
-
- if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
- throw new ValidateException("validator.06", null);
-
- if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
- String checkFailedReason ="";
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
-
- if (whatToCheck.equals(CHECK_IDENTITY_LINK))
- throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
- else
- throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
- }
- if (verifyXMLSignatureResponse.isXmlDSIGManigest())
- if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
- throw new ValidateException("validator.08", null);
- //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
- if (identityLinkSignersSubjectDNNames != null) {
- String subjectDN = "";
- X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
- try {
- subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
- }
- catch (RFC2253NameParserException e) {
- throw new ValidateException("validator.17", null);
- }
- boolean found = false;
- for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) {
- if (identityLinkSignersSubjectDNNames[i].equals(subjectDN))
- found = true;
- }
- if (!found)
- throw new ValidateException(
- "validator.18",
- new Object[] { subjectDN });
- }
- }
-
- /**
- * Method validateCertificate.
- * @param vsr is the VerifyXMLSignatureResponse
- * @param idl
- * @throws ValidateException
- */
- public void validateCertificate(
- VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- IdentityLink idl)
- throws ValidateException {
-
- X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
- PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
-
- PublicKey pubKeySignature = x509Response.getPublicKey();
-
- boolean found = false;
- for (int i = 0; i < pubKeysIdentityLink.length; i++) {
-
- //compare RSAPublicKeys
- if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) &&
- (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) {
-
- RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature;
- RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
-
- //TODO check the usage of equals method
- if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus())
- && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent()))
- found = true;
- }
-
- //compare ECDSAPublicKeys
- //TODO check implementation
- if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) &&
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) {
-
- ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature;
- ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i];
-
- if(ecdsakey.equals(ecdsaPubKeySignature))
- found = true;
- }
- }
-
- if (!found)
- throw new ValidateException("validator.09", null);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
deleted file mode 100644
index 53f763630..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ /dev/null
@@ -1,699 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-import iaik.pki.pathvalidation.ChainingModes;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
-import java.io.ByteArrayInputStream;
-import java.math.BigInteger;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * A class that builds configuration data from a DOM based representation.
- *
- * @author Patrick Peck
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class ConfigurationBuilder {
-
- //
- // XPath namespace prefix shortcuts
- //
- /** an XPATH-Expression */
- private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
- /** an XPATH-Expression */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
-
- //
- // chaining mode constants appearing in the configuration file
- //
- /** an XPATH-Expression */
- private static final String CM_CHAINING = "chaining";
- /** an XPATH-Expression */
- private static final String CM_PKIX = "pkix";
- /** an XPATH-Expression */
- private static final String DEFAULT_ENCODING = "UTF-8";
-
- /**
- * Default online application configuration file name
- * (used when /OnlineApplication/ProxyComponent@configFileURL is null).
- */
- public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
-
- //
- // XPath expressions to select certain parts of the configuration
- //
- /** an XPATH-Expression */
- private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
- /** an XPATH-Expression */
- private static final String ROOTOA = "/" + CONF + "Configuration/";
- /** an XPATH-Expression */
- private static final String AUTH_BKU_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
- /** an XPATH-Expression */
- private static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
- /** an XPATH-Expression */
- private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
-
- /** an XPATH-Expression */
- private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
- ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
- /** an XPATH-Expression */
- private static final String PROXY_AUTH_XPATH =
- ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
-
- /** an XPATH-Expression */
- private static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
- /** an XPATH-Expression */
- private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
- /** an XPATH-Expression */
- private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
- /** an XPATH-Expression */
- private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
- /** an XPATH-Expression */
- private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETER_URL_XPATH =
- CONF + "ConnectionParameter/@URL";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
- CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
- CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
- /** an XPATH-Expression */
- private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
- CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
- /** an XPATH-Expression */
- private static final String GENERIC_CONFIGURATION_XPATH =
- ROOT + CONF + "GenericConfiguration";
- /** an XPATH-Expression */
- private static final String OACONF_LOGIN_TYPE_XPATH =
- ROOTOA + CONF + "LoginType";
- /** an XPATH-Expression */
- private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
- ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
- /** an XPATH-Expression */
- private static final String OACONF_USER_ID_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
- /** an XPATH-Expression */
- private static final String OACONF_PASSWORD_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
- /** an XPATH-Expression */
- private static final String OACONF_HEADER_AUTH_HEADER_XPATH =
- ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
- /** an XPATH-Expression */
- private static final String CHAINING_MODES_XPATH =
- ROOT + CONF + "ChainingModes";
- /** an XPATH-Expression */
- private static final String CHAINING_MODES_DEFAULT_XPATH =
- CHAINING_MODES_XPATH + "/@systemDefaultMode";
- /** an XPATH-Expression */
- private static final String TRUST_ANCHOR_XPATH =
- ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
- /** an XPATH-Expression */
- private static final String ISSUER_XPATH = DSIG + "X509IssuerName";
- /** an XPATH-Expression */
- private static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
- /** an XPATH-Expression */
- private static final String TRUSTED_CA_CERTIFICATES_XPATH =
- ROOT + CONF + "TrustedCACertificates";
-
-
- /**
- * main configuration file directory name used to configure MOA-ID
- */
- private String rootConfigFileDir;
-
- /** The root element of the MOA-ID configuration */
- private Element configElem;
-
- /**
- * Creates a new MOAConfigurationProvider.
- *
- * @param configElem The root element of the MOA-ID configuration.
- */
- public ConfigurationBuilder(Element configElem, String rootConfigDir) {
- this.configElem = configElem;
- this.rootConfigFileDir = rootConfigDir;
- }
-
- /**
- * Returns the root element of the MOA-ID configuration.
- *
- * @return The root element of the MOA-ID configuration.
- */
- public Element getConfigElem() {
- return configElem;
- }
-
- /**
- * Build a ConnectionParameter object containing all information
- * of the moa-sp element in the authentication component
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter buildAuthBKUConnectionParameter() {
-
- Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
- if (authBKU==null) return null;
- return buildConnectionParameter(authBKU);
- }
-
- /**
- * Method buildAuthBKUSelectionType.
- *
- * Build a string with the configuration value of BKUSelectionAlternative
- *
- * @return String
- */
- public String buildAuthBKUSelectionType() {
-
- Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
- if (authBKU==null) return null;
- return (authBKU).getAttribute("BKUSelectionAlternative");
- }
-
- /**
- * Build a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @return String[] of filenames to the Security Layer Transforms Information
- */
- public String[] buildTransformsInfoFileNames() {
-
- List transformsInfoFileNames = new ArrayList();
- NodeIterator tiIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
- Attr tiElem;
-
- while ((tiElem = (Attr) tiIter.nextNode()) != null) {
-
- String tiFileName = tiElem.getNodeValue();
- transformsInfoFileNames.add(tiFileName);
- }
- String[] result = new String[transformsInfoFileNames.size()];
- transformsInfoFileNames.toArray(result);
-
- return result;
- }
-
- /**
- * Build a ConnectionParameter bean containing all information
- * of the authentication component moa-sp element
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter buildMoaSpConnectionParameter() {
-
- Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH);
- if (connectionParameter==null) return null;
- return buildConnectionParameter(connectionParameter);
- }
-
- /**
- * Return a string with a url-reference to the VerifyIdentityLink trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyIdentityLink trust profile ID
- */
- public String getMoaSpIdentityLinkTrustProfileID() {
- return XPathUtils.getElementValue(
- getConfigElem(),
- AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
- "");
- }
- /**
- * Return a string representation of an URL pointing to trusted CA Certificates
- * @return String representation of an URL pointing to trusted CA Certificates
- */
- public String getTrustedCACertificates() {
- return XPathUtils.getElementValue(
- getConfigElem(),
- TRUSTED_CA_CERTIFICATES_XPATH,null);
- }
-
- /**
- * Return a string with a url-reference to the VerifyAuthBlock trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyAuthBlock trust profile ID
- */
- public String getMoaSpAuthBlockTrustProfileID() {
- return XPathUtils.getElementValue(
- getConfigElem(),
- AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
- "");
- }
- /**
- * Build a string array with references to all verify transform info
- * IDs within the moa-sp part of the authentication component
- * @return A string array containing all urls to the
- * verify transform info IDs
- */
- public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {
-
- List verifyTransformsInfoIDs = new ArrayList();
- NodeIterator vtIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
- Element vtElem;
-
- while ((vtElem = (Element) vtIter.nextNode()) != null) {
-
- String vtInfoIDs = DOMUtils.getText(vtElem);
- verifyTransformsInfoIDs.add(vtInfoIDs);
- }
- String[] result = new String[verifyTransformsInfoIDs.size()];
- verifyTransformsInfoIDs.toArray(result);
-
- return result;
- }
-
- /**
- * Return a string array containing all X509 Subject Names
- * of the Identity Link Signers
- * @return String with a url-reference to the VerifyAuthBlock trust profile ID
- */
- public String[] getIdentityLink_X509SubjectNames() {
-
- List x509SubjectNameList = new ArrayList();
- NodeIterator x509Iter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
- Element x509Elem;
-
- while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
-
- String vtInfoIDs = DOMUtils.getText(x509Elem);
- x509SubjectNameList.add(vtInfoIDs);
- }
- String[] result = new String[x509SubjectNameList.size()];
- x509SubjectNameList.toArray(result);
-
- return result;
- }
-
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the authentication component of the online
- * application
- */
- public OAAuthParameter[] buildOnlineApplicationAuthParameters() {
-
- List OA_set = new ArrayList();
- NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
-
- for (int i = 0; i < OAIter.getLength(); i++) {
- Element oAElem = (Element) OAIter.item(i);
- Element authComponent =
- (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);
-
- OAAuthParameter oap = new OAAuthParameter();
- oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
- oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
-
- //Check if there is an Auth-Block to read from configuration
- if (authComponent!=null)
- {
- oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl")));
- oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
- oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
- }
- OA_set.add(oap);
- }
- OAAuthParameter[] result =
- new OAAuthParameter[OA_set.size()];
- OA_set.toArray(result);
-
- return result;
-
- }
-
- /**
- * Build a bean containing all information about the ProxyComponent
- * @return The ConnectionParameter for the Proxy Component
- */
- public ConnectionParameter buildAuthComponentConnectionParameter()
- {
-
- Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH);
- if (connectionParameter==null) return null;
- return buildConnectionParameter(connectionParameter);
-
- }
- /**
- * Method buildConnectionParameter: internal Method for creating a
- * ConnectionParameter object with all data found in the incoming element
- * @param root: this Element contains the ConnectionParameter
- * @return ConnectionParameter
- */
- protected ConnectionParameter buildConnectionParameter(Element root)
- {
- ConnectionParameter result = new ConnectionParameter();
- result.setAcceptedServerCertificates(
- XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
-
- result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
- result.getAcceptedServerCertificates(), rootConfigFileDir));
-
- result.setUrl(
- XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
- result.setClientKeyStore(
- XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
-
- result.setClientKeyStore(FileUtils.makeAbsoluteURL(
- result.getClientKeyStore(), rootConfigFileDir));
-
- result.setClientKeyStorePassword(
- XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
-
- if ((result.getAcceptedServerCertificates()==null)
- && (result.getUrl()=="")
- && (result.getClientKeyStore()==null)
- && (result.getClientKeyStorePassword()==""))
- return null;
-
- return result;
- }
-
- /**
- * Build an array of OnlineApplication Parameter Beans containing information
- * about the proxy component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the proxy component of the online
- * application
- */
- public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
-
- List oA_list = new ArrayList();
- NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
-
- for (int i = 0; i < OAIter.getLength(); i++) {
- Element oAElem = (Element) OAIter.item(i);
- OAProxyParameter oap = new OAProxyParameter();
-
- oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
- Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
- if (proxyComponentElem != null) {
- oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
- oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir));
- // default session time out: 3600 sec = 1 h
- oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
- oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
- oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
- oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
-
- ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
- oap.setConnectionParameter(conPara);
-
- OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
- oap.setOaConfiguration(oaConf);
-
- oA_list.add(oap);
- }
- }
- OAProxyParameter[] result =
- new OAProxyParameter[oA_list.size()];
- oA_list.toArray(result);
-
- return result;
-
- }
-
- /**
- * Build the mapping of generic configuration properties.
- *
- * @return a {@link Map} of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map buildGenericConfiguration() {
-
- Map genericConfiguration = new HashMap();
- NodeIterator gcIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- GENERIC_CONFIGURATION_XPATH);
- Element gcElem;
-
- while ((gcElem = (Element) gcIter.nextNode()) != null) {
- String gcName = gcElem.getAttribute("name");
- String gcValue = gcElem.getAttribute("value");
-
- genericConfiguration.put(gcName, gcValue);
- }
-
- return genericConfiguration;
- }
- /**
- * Method buildOAConfiguration.
- *
- * Build an {@link OAConfiguration} Object from the given configuration DOM element
- *
- * @param root
- * @return OAConfiguration
- * @throws ConfigurationException
- */
- public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
-
- OAConfiguration oaConfiguration = new OAConfiguration();
-
- //The LoginType hast to be "stateless" or "stateful" to be valid
- oaConfiguration.setLoginType(
- XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator paramAuthIter =
- XPathUtils.selectNodeIterator(
- root,
- OACONF_PARAM_AUTH_PARAMETER_XPATH);
- Element paramAuthElem;
- HashMap paramAuthMap = new HashMap();
- while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
- String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
- String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
- if (paramAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- paramAuthMap.put(name, value);
- }
- oaConfiguration.setParamAuthMapping(paramAuthMap);
- // Try to build the BasicAuthParameters
- oaConfiguration.setBasicAuthUserIDMapping(
- XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
- oaConfiguration.setBasicAuthPasswordMapping(
- XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
-
- Element headerAuthElem;
- HashMap headerAuthMap = new HashMap();
- while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
- String name =
- XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
- String value =
- XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
- // Contains Key (Neue Config-Exception: doppelte werte)
- if (headerAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- headerAuthMap.put(name, value);
- }
- oaConfiguration.setHeaderAuthMapping(headerAuthMap);
-
- if (paramAuthMap.size() == 0) {
- if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
- oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
-
- return oaConfiguration;
- }
-
- /**
- * Reads the configuration file of the online application, and creates a DOM tree from it.
- * If /OnlineApplication/ProxyComponent@configFileURL is not given,
- * uses default configuration file location.
- *
- * @param oap configuration data of online application, meant for use by MOA-ID-PROXY
- * @return Element DOM tree root element
- * @throws ConfigurationException on any exception thrown
- */
- private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
- {
- try {
- String configFileURL = oap.getConfigFileURL();
- if (configFileURL == null) {
- // use default config file URL, when config file URL is not given
- configFileURL = oap.getConnectionParameter().getUrl();
- if (configFileURL.charAt(configFileURL.length() - 1) != '/')
- configFileURL += "/";
- configFileURL += DEFAULT_OA_CONFIG_FILENAME;
- }
- Logger.info("Loading MOA-OA configuration " + configFileURL);
- Element configElem = DOMUtils.parseXmlValidating(
- new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
- return configElem;
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
- }
- }
-
- /**
- * Returns the default chaining mode from the configuration.
- *
- * @return The default chaining mode.
- */
- public String getDefaultChainingMode() {
- String defaultChaining =
- XPathUtils.getAttributeValue(
- getConfigElem(),
- CHAINING_MODES_DEFAULT_XPATH,
- CM_CHAINING);
-
- return translateChainingMode(defaultChaining);
-
- }
- /**
- * Build the chaining modes for all configured trust anchors.
- *
- * @return The mapping from trust anchors to chaining modes.
- */
- public Map buildChainingModes() {
- Map chainingModes = new HashMap();
- NodeIterator trustIter =
- XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
- Element trustAnchorElem;
-
- while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
- IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
- String mode = trustAnchorElem.getAttribute("mode");
-
- if (issuerAndSerial != null) {
- chainingModes.put(issuerAndSerial, translateChainingMode(mode));
- }
- }
-
- return chainingModes;
- }
-
- /**
- * Build an IssuerAndSerial from the DOM representation.
- *
- * @param root The root element (being of type dsig:
- * X509IssuerSerialType.
- * @return The issuer and serial number contained in the root
- * element or null if could not be built for any reason.
- */
- private IssuerAndSerial buildIssuerAndSerial(Element root) {
- String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
- String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);
-
- if (issuer != null && serial != null) {
- try {
- RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
- Principal issuerDN = nameParser.parse();
-
- return new IssuerAndSerial(issuerDN, new BigInteger(serial));
- } catch (RFC2253NameParserException e) {
- warn("config.09", new Object[] { issuer, serial }, e);
- return null;
- } catch (NumberFormatException e) {
- warn("config.09", new Object[] { issuer, serial }, e);
- return null;
- }
- }
- return null;
- }
-
- /**
- * Translate the chaining mode from the configuration file to one used in the
- * IAIK MOA API.
- *
- * @param chainingMode The chaining mode from the configuration.
- * @return The chaining mode as provided by the ChainingModes
- * interface.
- * @see iaik.pki.pathvalidation.ChainingModes
- */
- private String translateChainingMode(String chainingMode) {
- if (chainingMode.equals(CM_CHAINING)) {
- return ChainingModes.CHAIN_MODE;
- } else if (chainingMode.equals(CM_PKIX)) {
- return ChainingModes.PKIX_MODE;
- } else {
- return ChainingModes.CHAIN_MODE;
- }
- }
-
- /**
- * Method warn.
- * @param messageId to identify a country-specific message
- * @param parameters for the logger
- */
- //
- // various utility methods
- //
-
- private static void warn(String messageId, Object[] parameters) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
- }
-
- /**
- * Method warn.
- * @param messageId to identify a country-specific message
- * @param args for the logger
- * @param t as throwabl
- */
- private static void warn(String messageId, Object[] args, Throwable t) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
deleted file mode 100644
index 2ebec0398..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception signalling an error in the configuration.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class ConfigurationException extends MOAIDException {
-
- /**
- * Create a MOAConfigurationException.
- */
- public ConfigurationException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Create a MOAConfigurationException.
- */
- public ConfigurationException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
-
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
deleted file mode 100644
index e65c47bad..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-import java.math.BigInteger;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-
-/**
- * Base class for AuthConfigurationProvider and ProxyConfigurationProvider,
- * providing functions common to both of them.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationProvider {
-
- /**
- * Constructor
- */
- public ConfigurationProvider() {
- super();
- }
-
- /**
- * The name of the system property which contains the file name of the
- * configuration file.
- */
- public static final String CONFIG_PROPERTY_NAME =
- "moa.id.configuration";
-
- /**
- * The name of the generic configuration property giving the certstore directory path.
- */
- public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
- "DirectoryCertStoreParameters.RootDir";
-
- /**
- * The name of the generic configuration property switching the ssl revocation checking on/off
- */
- public static final String TRUST_MANAGER_REVOCATION_CHECKING =
- "TrustManager.RevocationChecking";
-
-
- /**
- * A Map which contains generic configuration information. Maps a
- * configuration name (a String) to a configuration value (also a
- * String).
- */
- protected Map genericConfiguration;
-
- /** The default chaining mode. */
- protected String defaultChainingMode;
-
- /**
- * A Map which contains the IssuerAndSerial to
- * chaining mode (a String) mapping.
- */
- protected Map chainingModes;
-
- /**
- * the URL for the trusted CA Certificates
- */
- protected String trustedCACertificates;
-
- /**
- * main configuration file directory name used to configure MOA-ID
- */
- protected String rootConfigFileDir;
-
- /**
- * Returns the main configuration file directory used to configure MOA-ID
- *
- * @return the directory
- */
- public String getRootConfigFileDir() {
- return rootConfigFileDir;
- }
-
- /**
- * Returns the mapping of generic configuration properties.
- *
- * @return The mapping of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map getGenericConfiguration() {
- return genericConfiguration;
- }
-
- /**
- * Returns the value of a parameter from the generic configuration section.
- *
- * @return the parameter value; null if no such parameter
- */
- public String getGenericConfigurationParameter(String parameter) {
- if (! genericConfiguration.containsKey(parameter))
- return null;
- return (String)genericConfiguration.get(parameter);
- }
-
- /**
- * Return the chaining mode for a given trust anchor.
- *
- * @param trustAnchor The trust anchor for which the chaining mode should be
- * returned.
- * @return The chaining mode for the given trust anchor. If the trust anchor
- * has not been configured separately, the system default will be returned.
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- Principal issuer = trustAnchor.getIssuerDN();
- BigInteger serial = trustAnchor.getSerialNumber();
- IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-
- String mode = (String) chainingModes.get(issuerAndSerial);
- return mode != null ? mode : defaultChainingMode;
- }
-
- /**
- * Returns the trustedCACertificates.
- * @return String
- */
- public String getTrustedCACertificates() {
-
- return trustedCACertificates;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
deleted file mode 100644
index 30b09cfe0..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ /dev/null
@@ -1,106 +0,0 @@
-package at.gv.egovernment.moa.id.config;
-
-/**
- * This bean class is used to store data for various connectionParameter
- * within the MOA-ID configuration
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class ConnectionParameter {
-
- /**
- * Server URL
- */
- private String url;
- /**
- * File URL for a directory containing PKCS#12 server SSL certificates.
- * From these certificates, a X509 trust store will be assembled for use
- * by a JSSE TrustManager.
- * This field will only be used in case of an HTTPS URL.
- */
- private String acceptedServerCertificates;
- /**
- * File URL of a X509 key store containing the private key to be used
- * for an HTTPS connection when the server requires client authentication.
- * This field will only be used in case of an HTTPS URL.
- */
- private String clientKeyStore;
- /**
- * Password protecting the client key store.
- */
- private String clientKeyStorePassword;
-
- /**
- * Checks whether the URL scheme is "https".
- * @return true in case of an URL starting with "https"
- */
- public boolean isHTTPSURL() {
- return getUrl().indexOf("https") == 0;
- }
-
- /**
- * Returns the url.
- * @return String
- */
- public String getUrl() {
- return url;
- }
-
- /**
- * Returns the acceptedServerCertificates.
- * @return String
- */
- public String getAcceptedServerCertificates() {
- return acceptedServerCertificates;
- }
-
- /**
- * Sets the acceptedServerCertificates.
- * @param acceptedServerCertificates The acceptedServerCertificates to set
- */
- public void setAcceptedServerCertificates(String acceptedServerCertificates) {
- this.acceptedServerCertificates = acceptedServerCertificates;
- }
-
- /**
- * Sets the url.
- * @param url The url to set
- */
- public void setUrl(String url) {
- this.url = url;
- }
-
- /**
- * Returns the clientKeyStore.
- * @return String
- */
- public String getClientKeyStore() {
- return clientKeyStore;
- }
-
- /**
- * Returns the clientKeyStorePassword.
- * @return String
- */
- public String getClientKeyStorePassword() {
- return clientKeyStorePassword;
- }
-
- /**
- * Sets the clientKeyStore.
- * @param clientKeyStore The clientKeyStore to set
- */
- public void setClientKeyStore(String clientKeyStore) {
- this.clientKeyStore = clientKeyStore;
- }
-
- /**
- * Sets the clientKeyStorePassword.
- * @param clientKeyStorePassword The clientKeyStorePassword to set
- */
- public void setClientKeyStorePassword(String clientKeyStorePassword) {
- this.clientKeyStorePassword = clientKeyStorePassword;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
deleted file mode 100644
index a722868e0..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ /dev/null
@@ -1,370 +0,0 @@
-package at.gv.egovernment.moa.id.config.auth;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * A class providing access to the Auth Part of the MOA-ID configuration data.
- *
- * Configuration data is read from an XML file, whose location is given by
- * the moa.id.configuration system property.
This class implements the Singleton pattern. The reload()
- * method can be used to update the configuration data. Therefore, it is not
- * guaranteed that consecutive calls to getInstance() will return
- * the same AuthConfigurationProvider all the time. During the
- * processing of a web service request, the current
- * TransactionContext should be used to obtain the
- * AuthConfigurationProvider local to that request.
BKUSelectionType
- */
- public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
- "HTMLComplete";
-
- /**
- * BKUSelectionType HTMLSelect, according to schema type BKUSelectionType
- */
- public static final String BKU_SELECTION_TYPE_HTMLSELECT =
- "HTMLSelect";
-
- /**
- * The name of the generic configuration property allowing https connection to
- * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
- */
- public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
- "FrontendServlets.EnableHTTPConnection";
-
- /**
- * The name of the generic configuration property allowing to set a individual
- * DATA URL used to communicate with the BKU (SecurityLayer)
- */
- public static final String INDIVIDUAL_DATA_URL_PREFIX =
- "FrontendServlets.DataURLPrefix";
-
- /** Singleton instance. null, if none has been created. */
- private static AuthConfigurationProvider instance;
-
- //
- // configuration data
- //
-
- /**
- * configuration files containing transformations for rendering in the
- * secure viewer of the security layer implementation;
- * multiple files can be given for different mime types
- */
- private String[] transformsInfoFileNames;
- /**
- * transformations for rendering in the secure viewer of the security layer implementation,
- * read from {@link transformsInfoFileNames};
- * multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
- /**
- * parameters for connection to MOA SP component
- */
- private ConnectionParameter moaSpConnectionParameter;
- /**
- * trust profile ID to be used for verifying the identity link signature via MOA ID SP
- */
- private String moaSpIdentityLinkTrustProfileID;
- /**
- * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String moaSpAuthBlockTrustProfileID;
- /**
- * transformations to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
- /**
- * X509 SubjectNames which will be trusted
- */
- private String[] identityLinkX509SubjectNames;
-
- /**
- * configuration parameters for online applications
- */
- private OAAuthParameter[] onlineApplicationAuthParameters;
- /**
- * the Selection Type of the bku Selection Element
- */
- private String bKUSelectionType;
- /**
- * is the bku Selection Element present?
- */
- private boolean bKUSelectable;
- /**
- * the bku Selection Connection Parameters
- */
- private ConnectionParameter bKUConnectionParameter;
- /**
- * Return the single instance of configuration data.
- *
- * @return AuthConfigurationProvider The current configuration data.
- * @throws ConfigurationException
- */
- public static synchronized AuthConfigurationProvider getInstance()
- throws ConfigurationException {
-
- if (instance == null) {
- reload();
- }
- return instance;
- }
-
- /**
- * Reload the configuration data and set it if successful.
- *
- * @return AuthConfigurationProvider The loaded configuration data.
- * @throws ConfigurationException Failure to load the configuration data.
- */
- public static synchronized AuthConfigurationProvider reload()
- throws ConfigurationException {
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
- if (fileName == null) {
- throw new ConfigurationException("config.01", null);
- }
- Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
-
- instance = new AuthConfigurationProvider(fileName);
- return instance;
- }
-
- /**
- * Constructor for AuthConfigurationProvider.
- * @param fileName
- * @throws ConfigurationException
- */
- public AuthConfigurationProvider(String fileName)
- throws ConfigurationException {
-
- load(fileName);
- }
-
- /**
- * Load the configuration data from XML file with the given name and build
- * the internal data structures representing the MOA ID configuration.
- *
- * @param fileName The name of the XML file to load.
- * @throws ConfigurationException The MOA configuration could not be
- * read/built.
- */
- private void load(String fileName) throws ConfigurationException {
- InputStream stream = null;
- Element configElem;
- ConfigurationBuilder builder;
-
- try {
- // load the main config file
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseXmlValidating(stream);
- } catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- } catch (IOException e) {
- }
- }
- try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
- // build the internal datastructures
- builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
- bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
- bKUSelectable = (bKUConnectionParameter!=null);
- bKUSelectionType = builder.buildAuthBKUSelectionType();
- genericConfiguration = builder.buildGenericConfiguration();
- transformsInfoFileNames = builder.buildTransformsInfoFileNames();
- loadTransformsInfos();
- moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
- moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
- moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
- moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
- onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters();
- identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); }
-
- catch (Throwable t) {
- throw new ConfigurationException("config.02", null, t);
- }
- }
-
- /**
- * Loads the transformsInfos from files.
- * @throws Exception on any exception thrown
- */
- private void loadTransformsInfos() throws Exception {
-
- transformsInfos = new String[transformsInfoFileNames.length];
- for (int i = 0; i < transformsInfoFileNames.length; i++) {
- String fileURL = transformsInfoFileNames[i];
-
- //if fileURL is relative to rootConfigFileDir make it absolute
- fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
- String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
- transformsInfos[i] = transformsInfo;
- }
- }
- /**
- * Return a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @return String[] of filenames to the Security Layer Transforms Information
- */
- public String[] getTransformsInfoFileNames() {
- return transformsInfoFileNames;
- }
-
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for theauthentication component of the online
- * application
- */
- public OAAuthParameter[] getOnlineApplicationParameters() {
- return onlineApplicationAuthParameters;
- }
-
- /**
- * Provides configuration information regarding the online application behind
- * the given URL, relevant to the MOA-ID Auth component.
- *
- * @param oaURL URL requested for an online application
- * @return an OAAuthParameter, or null
- * if none is applicable
- */
- public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
- OAAuthParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAAuthParameter oaParam = oaParams[i];
- if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
- return oaParam;
- }
- return null;
- }
-
- /**
- * Return a string with a url-reference to the VerifyAuthBlock trust
- * profile id within the moa-sp part of the authentication component
- *
- * @return String with a url-reference to the VerifyAuthBlock trust profile ID
- */
- public String getMoaSpAuthBlockTrustProfileID() {
- return moaSpAuthBlockTrustProfileID;
- }
-
- /**
- * Return a string array with references to all verify transform info
- * IDs within the moa-sp part of the authentication component
- * @return A string array containing all urls to the
- * verify transform info IDs
- */
- public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
- return moaSpAuthBlockVerifyTransformsInfoIDs;
- }
-
- /**
- * Return a ConnectionParameter bean containing all information
- * of the authentication component moa-sp element
- * @return ConnectionParameter of the authentication component moa-sp element
- */
- public ConnectionParameter getMoaSpConnectionParameter() {
- return moaSpConnectionParameter;
- }
-
- /**
- * Return a string with a url-reference to the VerifyIdentityLink trust
- * profile id within the moa-sp part of the authentication component
- * @return String with a url-reference to the VerifyIdentityLink trust profile ID
- */
- public String getMoaSpIdentityLinkTrustProfileID() {
- return moaSpIdentityLinkTrustProfileID;
- }
- /**
- * Returns the transformsInfos.
- * @return String[]
- */
- public String[] getTransformsInfos() {
- return transformsInfos;
- }
-
- /**
- * Returns the identityLinkX509SubjectNames.
- * @return String[]
- */
- public String[] getIdentityLinkX509SubjectNames() {
- return identityLinkX509SubjectNames;
- }
-
- /**
- * Returns the bKUConnectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getBKUConnectionParameter() {
- return bKUConnectionParameter;
- }
-
- /**
- * Returns the bKUSelectable.
- * @return boolean
- */
- public boolean isBKUSelectable() {
- return bKUSelectable;
- }
-
- /**
- * Returns the bKUSelectionType.
- * @return String
- */
- public String getBKUSelectionType() {
- return bKUSelectionType;
- }
-
-}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
deleted file mode 100644
index 223abc632..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ /dev/null
@@ -1,115 +0,0 @@
-package at.gv.egovernment.moa.id.config.auth;
-
-/**
- * Configuration parameters belonging to an online application,
- * to use with the MOA ID Auth component.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class OAAuthParameter {
-
- /**
- * public URL prefix of the online application
- */
- private String publicURLPrefix;
-
- /**
- * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
- */
- private String keyBoxIdentifier;
- /**
- * determines whether "Stammzahl" is to be included in the authentication data
- */
- private boolean provideStammzahl;
- /**
- * determines whether AUTH block is to be included in the authentication data
- */
- private boolean provideAuthBlock;
- /**
- * determines whether identity link is to be included in the authentication data
- */
- private boolean provideIdentityLink;
-
- /**
- * Returns the provideAuthBlock.
- * @return String
- */
- public boolean getProvideAuthBlock() {
- return provideAuthBlock;
- }
-
- /**
- * Returns the provideIdentityLink.
- * @return String
- */
- public boolean getProvideIdentityLink() {
- return provideIdentityLink;
- }
-
- /**
- * Returns the provideStammzahl.
- * @return String
- */
- public boolean getProvideStammzahl() {
- return provideStammzahl;
- }
-
- /**
- * Returns the publicURLPrefix.
- * @return String
- */
- public String getPublicURLPrefix() {
- return publicURLPrefix;
- }
-
- /**
- * Returns the key box identifier.
- * @return String
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
-
- /**
- * Sets the provideAuthBlock.
- * @param provideAuthBlock The provideAuthBlock to set
- */
- public void setProvideAuthBlock(boolean provideAuthBlock) {
- this.provideAuthBlock = provideAuthBlock;
- }
-
- /**
- * Sets the provideIdentityLink.
- * @param provideIdentityLink The provideIdentityLink to set
- */
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- this.provideIdentityLink = provideIdentityLink;
- }
-
- /**
- * Sets the provideStammzahl.
- * @param provideStammzahl The provideStammzahl to set
- */
- public void setProvideStammzahl(boolean provideStammzahl) {
- this.provideStammzahl = provideStammzahl;
- }
-
- /**
- * Sets the publicURLPrefix.
- * @param publicURLPrefix The publicURLPrefix to set
- */
- public void setPublicURLPrefix(String publicURLPrefix) {
- this.publicURLPrefix = publicURLPrefix;
- }
-
- /**
- * Sets the key box identifier.
- * @param keyBoxIdentifier to set
- */
- public void setKeyBoxIdentier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
-
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
deleted file mode 100644
index c9a13fee5..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
+++ /dev/null
@@ -1,145 +0,0 @@
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
- * These include the login type (stateful or stateless), the HTTP authentication type,
- * and information needed to add authentication parameters or headers for a URL connection
- * to the remote online application.
- * @see MOAIDConfiguration-1.1.xsd, element Configuration
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class OAConfiguration {
-
- /** Constant for an login method */
- public static final String LOGINTYPE_STATEFUL = "stateful";
- /** Constant for an login method */
- public static final String LOGINTYPE_STATELESS = "stateless";
-
- /** Constant for an auth method */
- public static final String BASIC_AUTH = "basic";
- /** Constant for an auth method */
- public static final String HEADER_AUTH = "header";
- /** Constant for an auth method */
- public static final String PARAM_AUTH = "param";
-
- /** login type: stateful or stateless */
- String loginType;
- /** authentication type: basic, header, or param */
- String authType;
- /**
- * mapping of parameter names to AuthenticationData field names
- * in case of authentication type "header-auth"
- */
- Map paramAuthMapping;
- /**
- * mapping of parameter names to AuthenticationData field names
- * in case of authentication type "param-auth"
- */
- Map headerAuthMapping;
- /** mapping for user ID to be used in case of authentication type "basic-auth" */
- String basicAuthUserIDMapping;
- /** mapping for password to be used in case of authentication type "basic-auth" */
- String basicAuthPasswordMapping;
-
- /**
- * Returns the basicAuthPasswordMapping.
- * @return String
- */
- public String getBasicAuthPasswordMapping() {
- return basicAuthPasswordMapping;
- }
-
- /**
- * Returns the basicAuthUserIDMapping.
- * @return String
- */
- public String getBasicAuthUserIDMapping() {
- return basicAuthUserIDMapping;
- }
-
- /**
- * Returns the headerAuthMapping.
- * @return HashMap
- */
- public Map getHeaderAuthMapping() {
- return headerAuthMapping;
- }
-
- /**
- * Returns the loginType.
- * @return String
- */
- public String getLoginType() {
- return loginType;
- }
-
- /**
- * Returns the paramAuthMapping.
- * @return HashMap
- */
- public Map getParamAuthMapping() {
- return paramAuthMapping;
- }
-
- /**
- * Sets the basicAuthPasswordMapping.
- * @param basicAuthPasswordMapping The basicAuthPasswordMapping to set
- */
- public void setBasicAuthPasswordMapping(String basicAuthPassword) {
- this.basicAuthPasswordMapping = basicAuthPassword;
- }
-
- /**
- * Sets the basicAuthUserIDMapping.
- * @param basicAuthUserIDMapping The basicAuthUserIDMapping to set
- */
- public void setBasicAuthUserIDMapping(String basicAuthUserID) {
- this.basicAuthUserIDMapping = basicAuthUserID;
- }
-
- /**
- * Sets the headerAuthMapping.
- * @param headerAuthMapping The headerAuthMapping to set
- */
- public void setHeaderAuthMapping(HashMap headerAuth) {
- this.headerAuthMapping = headerAuth;
- }
-
- /**
- * Sets the loginType.
- * @param loginType The loginType to set
- */
- public void setLoginType(String loginType) {
- this.loginType = loginType;
- }
-
- /**
- * Sets the paramAuthMapping.
- * @param paramAuthMapping The paramAuthMapping to set
- */
- public void setParamAuthMapping(HashMap paramAuth) {
- this.paramAuthMapping = paramAuth;
- }
-
- /**
- * Returns the authType.
- * @return String
- */
- public String getAuthType() {
- return authType;
- }
-
- /**
- * Sets the authType.
- * @param authType The authType to set
- */
- public void setAuthType(String authLoginType) {
- this.authType = authLoginType;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
deleted file mode 100644
index a16dcfa26..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ /dev/null
@@ -1,183 +0,0 @@
-package at.gv.egovernment.moa.id.config.proxy;
-
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-
-/**
- * Configuration parameters belonging to an online application,
- * to use with the MOA ID Proxy component.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class OAProxyParameter {
-
- /**
- * public URL prefix of the online application
- */
- private String publicURLPrefix;
- /**
- * URL of online application configuration file;
- * defaults to relative URL /moaconfig.xml
- */
- private String configFileURL;
- /**
- * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface
- * to be used for authenticating the online application;
- * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver}
- */
- private String loginParameterResolverImpl;
-
- /**
- * Configuration Parameter of LoginParameterResolver
- */
- private String loginParameterResolverConfiguration;
-
- /**
- * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface
- * to be used for connecting to the online application;
- * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder}
- */
- private String connectionBuilderImpl;
- /**
- * session time out to be used in case of a stateless online application
- */
- private int sessionTimeOut;
- /**
- * parameters regarding the connection from the proxy to the online application
- */
- private ConnectionParameter connectionParameter;
- /**
- * parameters for logging into the online application
- */
- private OAConfiguration oaConfiguration;
-
-
- /**
- * Returns the configFileURL.
- * @return String
- */
- public String getConfigFileURL() {
- return configFileURL;
- }
-
- /**
- * Returns the sessionTimeOut.
- * @return int
- */
- public int getSessionTimeOut() {
- return sessionTimeOut;
- }
-
- /**
- * Returns the connectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getConnectionParameter() {
- return connectionParameter;
- }
-
- /**
- * Sets the configFileURL.
- * @param configFileURL The configFileURL to set
- */
- public void setConfigFileURL(String oaProxyConfigFileURL) {
- this.configFileURL = oaProxyConfigFileURL;
- }
-
- /**
- * Sets the sessionTimeOut.
- * @param sessionTimeOut The sessionTimeOut to set
- */
- public void setSessionTimeOut(int oaProxySessionTimeOut) {
- this.sessionTimeOut = oaProxySessionTimeOut;
- }
-
- /**
- * Sets the connectionParameter.
- * @param connectionParameter The connectionParameter to set
- */
- public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) {
- this.connectionParameter = proxyConnectionParameter;
- }
-
- /**
- * Returns the publicURLPrefix.
- * @return String
- */
- public String getPublicURLPrefix() {
- return publicURLPrefix;
- }
-
- /**
- * Sets the publicURLPrefix.
- * @param publicURLPrefix The publicURLPrefix to set
- */
- public void setPublicURLPrefix(String url) {
- this.publicURLPrefix = url;
- }
-
- /**
- * Returns the connectionBuilderImpl.
- * @return String
- */
- public String getConnectionBuilderImpl() {
- return connectionBuilderImpl;
- }
-
- /**
- * Returns the loginParameterResolverImpl.
- * @return String
- */
- public String getLoginParameterResolverImpl() {
- return loginParameterResolverImpl;
- }
-
- /**
- * Returns the loginParameterResolverConfiguration.
- * @return String
- */
- public String getLoginParameterResolverConfiguration() {
- return loginParameterResolverConfiguration;
- }
-
- /**
- * Sets the connectionBuilderImpl.
- * @param connectionBuilderImpl The connectionBuilderImpl to set
- */
- public void setConnectionBuilderImpl(String connectionBuilderImp) {
- this.connectionBuilderImpl = connectionBuilderImp;
- }
-
- /**
- * Sets the loginParameterResolverImpl.
- * @param loginParameterResolverImpl The loginParameterResolverImpl to set
- */
- public void setLoginParameterResolverImpl(String loginParameterResolverImpl) {
- this.loginParameterResolverImpl = loginParameterResolverImpl;
- }
-
- /**
- * Sets the loginParameterResolverConfiguration.
- * @param loginParameterResolverImpl The loginParameterResolverImpl to set
- */
- public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) {
- this.loginParameterResolverConfiguration = loginParameterResolverConfiguration;
- }
-
- /**
- * Returns the oaConfiguration.
- * @return OAConfiguration
- */
- public OAConfiguration getOaConfiguration() {
- return oaConfiguration;
- }
-
- /**
- * Sets the oaConfiguration.
- * @param oaConfiguration The oaConfiguration to set
- */
- public void setOaConfiguration(OAConfiguration oaConfiguration) {
- this.oaConfiguration = oaConfiguration;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
deleted file mode 100644
index fdb7e6f55..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ /dev/null
@@ -1,189 +0,0 @@
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.MalformedURLException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * A class providing access to the Proxy Part of the MOA-ID configuration data.
- *
- * Configuration data is read from an XML file, whose location is given by
- * the moa.id.configuration system property.
This class implements the Singleton pattern. The reload()
- * method can be used to update the configuration data. Therefore, it is not
- * guaranteed that consecutive calls to getInstance() will return
- * the same ProxyConfigurationProvider all the time. During the
- * processing of a web service request, the current
- * TransactionContext should be used to obtain the
- * ProxyConfigurationProvider local to that request.
null, if none has been created. */
- private static ProxyConfigurationProvider instance;
-
-
- //
- // configuration data
- //
- /**
- * connection parameters for connection to MOA ID Auth component
- */
- private ConnectionParameter authComponentConnectionParameter;
- /**
- * configuration parameters for online applications
- */
- private OAProxyParameter[] onlineApplicationProxyParameter;
-
- /**
- * Return the single instance of configuration data.
- *
- * @return ProxyConfigurationProvider The current configuration data.
- * @throws ConfigurationException
- */
- public static synchronized ProxyConfigurationProvider getInstance()
- throws ConfigurationException {
-
- if (instance == null) {
- reload();
- }
- return instance;
- }
-
- /**
- * Reload the configuration data and set it if successful.
- *
- * @return ProxyConfigurationProvider The loaded configuration data.
- * @throws ConfigurationException Failure to load the configuration data.
- */
- public static synchronized ProxyConfigurationProvider reload()
- throws ConfigurationException {
- String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
- if (fileName == null) {
- throw new ConfigurationException("config.01", null);
- }
- Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
-
- instance = new ProxyConfigurationProvider(fileName);
- return instance;
- }
-
- /**
- * Constructor for ProxyConfigurationProvider.
- */
- public ProxyConfigurationProvider(String fileName)
- throws ConfigurationException {
-
- load(fileName);
- }
-
- /**
- * Load the configuration data from XML file with the given name and build
- * the internal data structures representing the MOA configuration.
- *
- * @param fileName The name of the XML file to load.
- * @throws ConfigurationException The MOA configuration could not be
- * read/built.
- */
- private void load(String fileName) throws ConfigurationException {
- FileInputStream stream = null;
- Element configElem;
- ConfigurationBuilder builder;
-
- try {
- // load the main config file
- stream = new FileInputStream(fileName);
- configElem = DOMUtils.parseXmlValidating(stream);
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- }
- catch (IOException e) {
- }
- }
- try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
- // build the internal datastructures
- builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
- authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
-
- onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
- for(int i = 0; i < onlineApplicationProxyParameter.length; i++) {
- onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir));
- }
-
- genericConfiguration = builder.buildGenericConfiguration();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
-
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.02", null, t);
- }
- }
-
- /**
- * Return a bean containing all information about the ProxyComponent
- * @return The ConnectionParameter for the Proxy Component
- */
- public ConnectionParameter getAuthComponentConnectionParameter() {
- return authComponentConnectionParameter;
- }
-
- /**
- * Build an array of OnlineApplication Parameter Beans containing all
- * information about the proxy component of the online application
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the proxy component of the online
- * application
- */
- public OAProxyParameter[] getOnlineApplicationParameters() {
- return onlineApplicationProxyParameter;
- }
- /**
- * Provides configuration information regarding the online application behind
- * the given URL, relevant to the MOA-ID Proxy component.
- *
- * @param oaURL URL requested for an online application
- * @return an OAProxyParameter, or null
- * if none is applicable
- */
- public OAProxyParameter getOnlineApplicationParameter(String oaURL) {
- OAProxyParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAProxyParameter oaParam = oaParams[i];
- if (oaURL.startsWith(oaParam.getPublicURLPrefix()))
- return oaParam;
- }
- return null;
- }
-
-}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
deleted file mode 100644
index 65fe9047d..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ /dev/null
@@ -1,334 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Date;
-
-/**
- * Encapsulates authentication data contained in a <saml:Assertion>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-
-public class AuthenticationData {
- /**
- * major version number of the SAML assertion
- */
- private int majorVersion;
- /**
- * minor version number of the SAML assertion
- */
- private int minorVersion;
- /**
- * identifier for this assertion
- */
- private String assertionID;
- /**
- * URL of the MOA-ID Auth component issueing this assertion
- */
- private String issuer;
- /**
- * time instant of issue of this assertion
- */
- private String issueInstant;
- /**
- * user identification value (Stammzahl); null,
- * if the authentication module is configured not to return this data
- */
- private String identificationValue;
- /**
- * user identification type
- */
- private String identificationType;
- /**
- * application specific user identifier (bPK)
- */
- private String bPK;
- /**
- * given name of the user
- */
- private String givenName;
- /**
- * family name of the user
- */
- private String familyName;
- /**
- * date of birth of the user
- */
- private String dateOfBirth;
- /**
- * says whether the certificate is a qualified certificate or not
- */
- private boolean qualifiedCertificate;
- /**
- * says whether the certificate is a public authority or not
- */
- private boolean publicAuthority;
- /**
- * public authority code (Behördenkennzeichen - BKZ)
- */
- private String publicAuthorityCode;
- /**
- * the corresponding lt;saml:Assertion>
- */
- private String samlAssertion;
- /**
- * creation timestamp
- */
- Date timestamp;
-
- /**
- * Constructor for AuthenticationData.
- */
- public AuthenticationData() {
- timestamp = new Date();
- }
-
- /**
- * Returns the minorVersion.
- * @return int
- */
- public int getMinorVersion() {
- return minorVersion;
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return String
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the bPK.
- * @return String
- */
- public String getPBK() {
- return bPK;
- }
-
- /**
- * Sets the minorVersion.
- * @param minorVersion The minorVersion to set
- */
- public void setMinorVersion(int minorVersion) {
- this.minorVersion = minorVersion;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityCode The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityIdentification) {
- this.publicAuthorityCode = publicAuthorityIdentification;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the bPK.
- * @param bPK The bPK to set
- */
- public void setPBK(String bPK) {
- this.bPK = bPK;
- }
-
- /**
- * Returns the assertionID.
- * @return String
- */
- public String getAssertionID() {
- return assertionID;
- }
-
- /**
- * Returns the dateOfBirth.
- * @return String
- */
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Returns the identificationValue.
- * @return String
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Returns the identificationType
- * @return String
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Returns the issueInstant.
- * @return String
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Returns the issuer.
- * @return String
- */
- public String getIssuer() {
- return issuer;
- }
-
- /**
- * Returns the majorVersion.
- * @return int
- */
- public int getMajorVersion() {
- return majorVersion;
- }
-
- /**
- * Sets the assertionID.
- * @param assertionID The assertionID to set
- */
- public void setAssertionID(String assertionID) {
- this.assertionID = assertionID;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String gamilyName) {
- this.familyName = gamilyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the identificationType.
- * @param identificationType The identificationType to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Sets the issueInstant.
- * @param issueInstant The issueInstant to set
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
- /**
- * Sets the issuer.
- * @param issuer The issuer to set
- */
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
-
- /**
- * Sets the majorVersion.
- * @param majorVersion The majorVersion to set
- */
- public void setMajorVersion(int majorVersion) {
- this.majorVersion = majorVersion;
- }
-
- /**
- * Returns the samlAssertion.
- * @return String
- */
- public String getSamlAssertion() {
- return samlAssertion;
- }
-
- /**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(String samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Returns the timestamp.
- * @return Date
- */
- public Date getTimestamp() {
- return timestamp;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java b/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java
deleted file mode 100644
index 5729e54c3..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.StringTokenizer;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * The Cookie-class provides methods to save and return cookies for
- * each single session
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class Cookie {
- /** A HahsMap containing all our cookies */
- HashMap cookies = new HashMap();
- /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication
- * to send them back to the client/browser as soon as possible */
- HashMap cookies401 = new HashMap();
-
- /**
- * Adds a Cookie from a response with response-code 401 to the cookie-pool
- * for sending it back to the browser / client
- * @param String: the complete 'Set-Cookie' - String
- */
- public void add401(String cookieString)
- {
- cookies401.put(getKey(cookieString),cookieString);
- }
-
- /**
- * Get the HashMap containing all cookies to be sent to the browser / client
- * @return HashMap with all cookies
- */
- public HashMap get401()
- {
- return cookies401;
- }
-
- /**
- * Clear the 401 cookie-pool
- */
- public void clear401()
- {
- cookies401.clear();
- }
-
- /**
- * Set a cookie that comes from the Online-Application
- * and save it in our "normal" cookie-pool
- * @param String the complete "Set-Cookie" - String from the Online-Application
- */
- public void setCookie(String value) {
- cookies.put(getKey(value), getValue(value));
- }
-
- /**
- * Method saveOldCookies.
- * @param String the complete "Set-Cookie" - String from the Online-Application
- */
- public void saveOldCookies(String value) {
- StringTokenizer st = new StringTokenizer(value,";");
- while (st.hasMoreTokens())
- {
- // We have to trim because the Tokenizer returns cookies including spaces at the beginning
- StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"=");
- String cookieKey = st2.nextToken().trim();
- if (st2.hasMoreTokens())
- {
- String cookieValue = st2.nextToken().trim();
- if (!cookies.containsKey(cookieKey))
- cookies.put(cookieKey , cookieValue);
- }
- }
- Logger.debug("Found these cookies: " + getCookies());
- }
-
- /**
- * Get a String containing all cookies saved in that session seperated by '; '
- * to be sent back to the Online-Application
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookies() {
- String result = "";
- if (cookies.size()==0)
- return null;
- Iterator i = cookies.keySet().iterator();
- while (i.hasNext()) {
- String key = (String) i.next();
- result += key + "=" + (String)cookies.get(key) + "; ";
- }
- return result.substring(0, result.length() - 2);
- }
-
- /**
- * Returns the key of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns CookieA
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the key of a key-value-pair of a cookie
- */
- private String getKey(String input) {
- return input.substring(0, input.indexOf("="));
- }
-
- /**
- * Returns the value of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns 1234
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the value of a key-value-pair of a cookie
- */
- private String getValue(String input) {
- if (input.indexOf(";") == -1)
- return input.substring(input.indexOf("=") + 1, input.getBytes().length);
- return input.substring(input.indexOf("=") + 1, input.indexOf(";"));
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java b/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java
deleted file mode 100644
index 98f84c429..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-import java.util.HashMap;
-
-/**
- * The CookieManager is a singleton to manage a Cookie-Object for
- * each session
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class CookieManager {
- /** the singleton instance of the CookieManager */
- private static CookieManager instance;
- /** a HashMap to bind a Cookie-object to every single session*/
- private static HashMap cookies = new HashMap();
-
- /**
- * Create a singleton of the CookieManager
- * @return CookieManager
- */
- public static CookieManager getInstance()
- {
- if(instance==null) instance=new CookieManager();
- return instance;
- }
-
- /**
- * Save a cookie to a specified session-id
- * @param String id the session id
- * @param String cookie_string - the complete 'Set-Cookie' String from the OnlineApplication
- */
- public void saveCookie(String id,String cookie_string)
- {
- getCookieWithID(id).setCookie(cookie_string);
- }
-
- /**
- * Method saveOldCookies.
- * @param id
- * @param cookie_string
- */
- public void saveOldCookies(String id,String cookie_string)
- {
- getCookieWithID(id).saveOldCookies(cookie_string);
- }
-
- /**
- * Get a Cookie-Object for a specified session-id
- * @param String id the session id
- * @return Cookie object containing all saved cookies for this session
- */
- public Cookie getCookieWithID(String id)
- {
- Cookie c = null;
- if(cookies.containsKey(id))
- c = (Cookie)cookies.get(id);
- else
- {
- c = new Cookie();
- cookies.put(id,c);
- }
- return c;
- }
-
-
- /**
- * Get a String containing all cookies of a specified session-id
- * saved in that session seperated by '; ' to be sent back to
- * the Online-Application
- * @param id the session-id
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookie(String id)
- {
- Cookie result = (Cookie)cookies.get((String)id);
- if (result==null)
- return null;
- return result.getCookies();
-
- }
-
- /**
- * Adds a Cookie for a special session from a response with
- * response-code 401 to the cookie-pool for sending it back
- * to the browser / client
- * @param id the session-id
- * @param String: the complete 'Set-Cookie' - String
- */
- public void add401(String id,String value)
- {
- getCookieWithID(id).add401(value);
- }
-
- /**
- * Clear the 401 cookie-pool of a session
- * @param id the session-id
- */
- public void clear401(String id)
- {
- getCookieWithID(id).clear401();
- }
-
- /**
- * Get the HashMap containing all cookies of a session to be sent to the browser / client
- * @param id the session-id
- * @return HashMap with all cookies
- */
- public HashMap get401(String id)
- {
- return getCookieWithID(id).get401();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
deleted file mode 100644
index a47dd8b29..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
+++ /dev/null
@@ -1,111 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-import java.math.BigInteger;
-import java.security.Principal;
-
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
-/**
- * A class containing the issuer and serial number of a certificate, which can
- * be used to uniquely identify the certificate.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class IssuerAndSerial {
- /** store the issuer as String*/
- private String issuerDN;
- /** store the serial as BigInteger*/
- private BigInteger serial;
-
- /**
- * Create an IssuerAndSerial object.
- *
- * The name of the issuer is converted to RFC2253. If it cannot be parsed, the
- * DN contained in the issuer is set.
- *
- * @param issuer The isser of a certificate.
- * @param serial The serial number of the certificate.
- */
- public IssuerAndSerial(Principal issuer, BigInteger serial) {
- RFC2253NameParser parser = new RFC2253NameParser(issuer.getName());
-
- try {
- this.issuerDN = ((Name) parser.parse()).getRFC2253String();
- } catch (RFC2253NameParserException e) {
- this.issuerDN = issuer.getName();
- }
- this.serial = serial;
- }
-
- /**
- * Create an IssuerAndSerial object.
- *
- * @param issuerDN The issuer distinguished name. Should be an RFC2253 name.
- * @param serial The serial number of the certificate.
- */
- public IssuerAndSerial(String issuerDN, BigInteger serial) {
- this.issuerDN = issuerDN;
- this.serial = serial;
- }
-
- /**
- * Return the issuer DN in RFC2253 format.
- *
- * @return The issuer part of this object.
- */
- public String getIssuerDN() {
- return issuerDN;
- }
-
- /**
- * Return the serial number.
- *
- * @return The serial number of this object.
- */
- public BigInteger getSerial() {
- return serial;
- }
-
- /**
- * Compare this IssuerAndSerial to another object.
- *
- * @return true, if other is an
- * IssuerAndSerial object and the issuer and
- * serial fields are both equal. false otherwise.
- * @see java.lang.Object#equals(java.lang.Object)
- */
- public boolean equals(Object other) {
- if (other instanceof IssuerAndSerial) {
- IssuerAndSerial ias = (IssuerAndSerial) other;
- return getIssuerDN().equals(ias.getIssuerDN())
- && getSerial().equals(ias.getSerial());
- }
- return false;
- }
-
- /**
- * Return the hash code of this IssuerAndSerial.
- *
- * @return The hash code of this IssuerAndSerial.
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- return issuerDN.hashCode() ^ serial.hashCode();
- }
-
- /**
- * Return a String representation of this
- * IssuerAndSerial object.
- *
- * @return The String representation.
- * @see java.lang.Object#toString()
- */
- public String toString() {
- return ("(IssuerAndSerial - Issuer<" + getIssuerDN())
- + ("> Serial<" + serial.toString() + ">)");
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java
deleted file mode 100644
index ed61827b6..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.data;
-
-/**
- * Data contained in a <samlp:Status>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLStatus {
-
- /** main status code */
- private String statusCode;
- /** sub status code */
- private String subStatusCode;
- /** status message */
- private String statusMessage;
-
- /**
- * @return status code
- */
- public String getStatusCode() {
- return statusCode;
- }
-
- /**
- * @return status message
- */
- public String getStatusMessage() {
- return statusMessage;
- }
-
- /**
- * @return enclosed sub-status code
- */
- public String getSubStatusCode() {
- return subStatusCode;
- }
-
- /**
- * @param string the status code
- */
- public void setStatusCode(String string) {
- statusCode = string;
- }
-
- /**
- * @param string the status message
- */
- public void setStatusMessage(String string) {
- statusMessage = string;
- }
-
- /**
- * @param string the enclosed sub-status code
- */
- public void setSubStatusCode(String string) {
- subStatusCode = string;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
deleted file mode 100644
index c338e96fc..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ /dev/null
@@ -1,96 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import java.io.File;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-import at.gv.egovernment.moa.util.FileUtils;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.certstore.CertStoreParameters;
-import iaik.pki.store.certstore.CertStoreTypes;
-import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE TrustManager
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CertStoreConfigurationImpl extends ObservableImpl
- implements CertStoreConfiguration, DirectoryCertStoreParameters {
- /** identifies the rootDirectory */
- private String rootDirectory;
- /** ConfigurationProvider */
- private ConfigurationProvider conf;
- /** Array for storing all CertStoreParameters */
- private CertStoreParameters[] parameters;
-
- /**
- * Create a new CertStoreConfigurationImpl.
- *
- * @param conf The MOA configuration from which the configuration data is
- * @throws ConfigurationException an any config-error
- * being read.
- */
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf=conf;
- String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY;
- String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName);
- if (certStoreRootDirParam == null)
- throw new ConfigurationException(
- "config.08", new Object[] {paramName});
-
- rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
- if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
- File f = new File(rootDirectory);
- if (!f.isDirectory())
- throw new ConfigurationException(
- "config.05", new Object[] {paramName});
-
- parameters = new CertStoreParameters[] { this };
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
- */
- public CertStoreParameters[] getParameters() {
- return parameters;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
- */
- public String getRootDirectory() {
- return rootDirectory;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
- */
- public boolean createNew() {
- return false;
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#getId()
- */
- public String getId() {
- return "MOA ID Directory CertStore";
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
- */
- public boolean isReadOnly() {
- return false;
- }
-
- /**
- * @return CertStoreTypes.DIRECTORY
- * @see iaik.pki.store.certstore.CertStoreParameters#getType()
- */
- public String getType() {
- return CertStoreTypes.DIRECTORY;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
deleted file mode 100644
index 3cd02a2b5..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.logging.LogConfigurationException;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.Properties;
-
-/**
- * Implementation of interface PKIConfiguration needed to
- * initialize an IAIK JSSE TrustManager
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIConfigurationImpl implements PKIConfiguration {
- /** The configuration for the CertStore */
- private CertStoreConfiguration certStoreConfiguration;
- /** The configuration for the RevocationChecks */
- private RevocationConfiguration revocationConfiguration;
- /** The configuration for the Validation */
- private ValidationConfiguration validationConfiguration;
-
- /**
- * Constructor
- * @param conf the Configuration for the PKIConfig
- * @throws ConfigurationException for any config error
- */
- public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
-
- certStoreConfiguration = new CertStoreConfigurationImpl(conf);
- revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(conf);
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
- */
- public CertStoreConfiguration getCertStoreConfiguration() {
- return certStoreConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
- */
- public RevocationConfiguration getRevocationConfiguration() {
- return revocationConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
- */
- public ArchiveConfiguration getArchiveConfiguration() {
- return null;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
- */
- public ValidationConfiguration getValidationConfiguration() {
- return validationConfiguration;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
deleted file mode 100644
index c583babdc..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.revocation.RevocationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.*;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE TrustManager
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.util.Date)
- */
- public Set getAlternativeDistributionPoints(
- X509Certificate arg0,
- Date arg1) {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
- */
- public boolean archiveRevocationInfo(String arg0, String arg1) {
- return false;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
deleted file mode 100644
index c500e2e8e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.pathvalidation.ValidationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE TrustManager
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ValidationConfigurationImpl extends ObservableImpl
- implements ValidationConfiguration {
- /** The ConfigurationProvider for the validation*/
- private ConfigurationProvider conf;
-
- /**
- * Constructor
- * @param conf with the configuration
- */
- public ValidationConfigurationImpl(ConfigurationProvider conf) {
- this.conf = conf;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- String chainingMode = conf.getChainingMode(trustAnchor);
- return chainingMode;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
- */
- public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
- return null;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
- */
- public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
- return null;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
deleted file mode 100644
index 4d309c18c..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ /dev/null
@@ -1,166 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.pki;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Set;
-
-import iaik.pki.PKIProfile;
-import iaik.pki.pathvalidation.ValidationProfile;
-import iaik.pki.revocation.RevocationProfile;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.pki.store.truststore.TrustStoreProfile;
-import iaik.pki.store.truststore.TrustStoreTypes;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of the PKIProfile interface and subinterfaces
- * providing information needed for certificate path validation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIProfileImpl extends ObservableImpl
- implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
- /**
- * URI to the truststore
- */
- private String trustStoreURI;
-
- /**
- * revocation checking;
- */
- private boolean revocationChecking;
-
-
- /**
- * Create a new PKIProfileImpl.
- *
- * @param trustStoreURI trust store URI
- */
- public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
- this.trustStoreURI = trustStoreURI;
- this.revocationChecking = revocationChecking;
- }
-
- /**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getRevocationProfile()
- */
- public RevocationProfile getRevocationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getTrustStoreProfile()
- */
- public TrustStoreProfile getTrustStoreProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getValidationProfile()
- */
- public ValidationProfile getValidationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
- */
- public boolean useAuthorityInfoAccess() {
- return true;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
- */
- public long getMaxRevocationAge(String arg0) {
- return 0;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
- */
- public String getOCSPRequestHashAlgorithm() {
- return null;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
- */
- public String[] getPreferredServiceOrder(X509Certificate arg0) {
- return new String[] {RevocationSourceTypes.CRL};
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
- */
- public String getType() {
- return TrustStoreTypes.DIRECTORY;
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
- */
- public String getURI() {
- return trustStoreURI;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
- */
- public boolean getInitialAnyPolicyInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
- */
- public boolean getInitialExplicitPolicy() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
- */
- public boolean getInitialPolicyMappingInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
- */
- public Set getInitialPolicySet() {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
- */
- public boolean getNameConstraintsProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
- */
- public boolean getPolicyProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
- */
- public boolean getRevocationChecking() {
- return this.revocationChecking;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
deleted file mode 100644
index 9da006d35..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.pki.jsse;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-/**
- * TrustManager implementation featuring CRL checking (inherited from
- * IAIKX509TrustManager), plus server-end-SSL-certificate checking.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDTrustManager extends IAIKX509TrustManager {
-
- /** an x509Certificate array containing all accepted server certificates*/
- private X509Certificate[] acceptedServerCertificates;
-
- /**
- * Constructor
- * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
- * @throws GeneralSecurityException occurs on security errors
- * @throws IOException occurs on IO errors
- */
- public MOAIDTrustManager(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- if (acceptedServerCertificateStoreURL != null)
- buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
- else
- acceptedServerCertificates = null;
- }
-
-
- /**
- * Initializes the LoggingContextManager logging context.
- * Fixes a bug occuring in the case MOA-SP is called by API.
- * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
- * This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
- public static void initializeLoggingContext() {
- if (LoggingContextManager.getInstance().getLoggingContext() == null)
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext(Thread.currentThread().getName()));
- }
-
-
- /**
- * Builds an Array of accepted server certificates from an URL,
- * and stores it in acceptedServerCertificates.
- * @param acceptedServerCertificateStoreURL file URL pointing to the directory
- * containing accepted server X509 certificates
- * @throws GeneralSecurityException on security errors
- * @throws IOException on any IO errors
- */
- private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- List certList = new ArrayList();
- URL storeURL = new URL(acceptedServerCertificateStoreURL);
- File storeDir = new File(storeURL.getFile());
- // list certificate files in directory
- File[] certFiles = storeDir.listFiles();
- for (int i = 0; i < certFiles.length; i++) {
- // for each: create an X509Certificate and store it in list
- File certFile = certFiles[i];
- FileInputStream fis = new FileInputStream(certFile.getPath());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
- fis.close();
- certList.add(cert);
- }
- // store acceptedServerCertificates
- acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
- }
-
- /**
- * Does additional server-end-SSL-certificate checking.
- * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
- */
- public boolean isServerTrusted(X509Certificate[] certChain) {
- boolean trusted = super.isServerTrusted(certChain);
- if (! trusted || acceptedServerCertificates == null)
- return trusted;
- else {
- // check server-end-SSL-certificate with acceptedServerCertificates
- X509Certificate serverCert = certChain[0];
- for (int i = 0; i < acceptedServerCertificates.length; i++) {
- X509Certificate acceptedServerCert = acceptedServerCertificates[i];
- if (serverCert.equals(acceptedServerCert))
- return true;
- }
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
- return false;
- }
- }
- /**
- * In rare cases, this method is being called although it should not be.
- * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
- */
- public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
- {
- return true;
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
deleted file mode 100644
index 6f6949ad6..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package at.gv.egovernment.moa.id.iaik.servertools.observer;
-
-import iaik.servertools.observer.NotificationData;
-import iaik.servertools.observer.Observable;
-import iaik.servertools.observer.Observer;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-
-/**
- * Implementation of interface allowUserInteraction = falsedoInput = truedoOutput = truerequestMethod = request.getMethod()useCaches = false"https:";
- * null, the default SSL socket factory would be used
- * @param parameters parameters to be forwarded
- * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to
- * the requested URL with publicURLPrefix substituted by realURLPrefix
- * @throws IOException if an I/O exception occurs during opening the connection
- * @see java.net.URL#openConnection()
- * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest request,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Map parameters) throws IOException;
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
deleted file mode 100644
index ff7787839..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-
-/**
- * Factory delivering a {@link ConnectionBuilder} implementation for
- * an online application, initialized from configuration data.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConnectionBuilderFactory {
-
- /** default connection builder to be used for online application
- * where no special implementation of the ConnectionBuilder
- * interface is configured
- */
- private static ConnectionBuilder defaultConnectionBuilder;
- /** mapping from online application public URL prefix to an implementation
- * of the ConnectionBuilder interface to be used;
- * if no mapping is given for an online application, the
- * DefaultConnectionBuilder will be used */
- private static Map connectionBuilderMap;
-
- /**
- * Initializes the ConnectionBuilder map from the configuration data.
- * @throws ConfigurationException when the configuration cannot be read,
- * or when a class name configured cannot be instantiated
- */
- public static void initialize() throws ConfigurationException {
- defaultConnectionBuilder = new DefaultConnectionBuilder();
- connectionBuilderMap = new HashMap();
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
- String publicURLPrefix = oaParam.getPublicURLPrefix();
- String className = oaParam.getConnectionBuilderImpl();
- if (className != null) {
- try {
- ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance();
- connectionBuilderMap.put(publicURLPrefix, cb);
- }
- catch (Throwable ex) {
- throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
- }
- }
- }
- }
-
- /**
- * Gets the ConnectionBuilder implementation to be used for the given
- * online application.
- * @param publicURLPrefix public URL prefix of the online application
- * @return ConnectionBuilder implementation
- */
- public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) {
- ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix);
- if (cb == null)
- return defaultConnectionBuilder;
- else
- return cb;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
deleted file mode 100644
index 5ded393d1..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * Defaultimplementierung von ConnectionBuilder.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DefaultConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
-
- /**
- * Constructor for DefaultConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public DefaultConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest req,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Map parameters)
- throws IOException {
-
- String requestedURL = req.getRequestURL().toString();
- // check whether requested URL starts with publicURLPrefix
- if (! requestedURL.startsWith(publicURLPrefix))
- throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
- // in case of GET request, append query string to requested URL;
- // otherwise, HttpURLConnection would perform a POST request
- if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
- requestedURL = appendQueryString(requestedURL, parameters);
- }
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
- URL url = new URL(realURLString);
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
-
- HttpURLConnection conn = (HttpURLConnection)url.openConnection();
- conn.setRequestMethod(req.getMethod());
- conn.setDoInput(true);
- conn.setDoOutput(true);
- //conn.setUseCaches(false);
- conn.setAllowUserInteraction(true);
- conn.setInstanceFollowRedirects(false);
- if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
- HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
- httpsConn.setSSLSocketFactory(sslSocketFactory);
- if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
- }
- return conn;
- }
- /**
- * @param requestedURL
- * @param parameters
- * @return
- */
- private String appendQueryString(String requestedURL, Map parameters) {
- String newURL = requestedURL;
- String paramValue ="";
- String paramName ="";
- for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
- try {
- paramName = URLEncoder.encode((String) iter.next(), "UTF-8");
- paramValue = URLEncoder.encode((String) parameters.get(paramName), "UTF-8");
- } catch (UnsupportedEncodingException e) {
- //UTF-8 should be supported
- }
- String paramString = paramName + "=" + paramValue;
- if (newURL.indexOf("?") < 0)
- newURL = newURL + "?" + paramString;
- else
- newURL = newURL + "&" + paramString;
- }
- return newURL;
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
- private class HostnameNonVerifier implements HostnameVerifier {
-
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
deleted file mode 100644
index 77f6652f3..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ /dev/null
@@ -1,136 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * Implementation of interface LoginParameterResolver
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DefaultLoginParameterResolver implements LoginParameterResolver {
-
- /**
- * Constructor
- */
- public DefaultLoginParameterResolver() {
- }
-
- /**
- * Configuration mehtod (not used)
- */
- public void configure(String configuration) throws LoginParameterResolverException {
- }
-
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String)
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress) {
-
- Map result = new HashMap();
-
- if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) {
- String useridPredicate = oaConf.getBasicAuthUserIDMapping();
- String userid = resolveValue(useridPredicate, authData, clientIPAddress);
- String passwordPredicate = oaConf.getBasicAuthPasswordMapping();
- String password = resolveValue(passwordPredicate, authData, clientIPAddress);
-
- try {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes());
- result.put("Authorization", "Basic " + credentials);
- }
- catch (IOException ignore) {
- }
- }
- else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) {
- for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) {
- String key = (String) iter.next();
- String predicate = (String) oaConf.getHeaderAuthMapping().get(key);
- String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- result.put(key, resolvedValue);
- }
- }
-
- return result;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String)
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress) {
-
- Map result = new HashMap();
-
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
- for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
- String key = (String) iter.next();
- String predicate = (String) oaConf.getParamAuthMapping().get(key);
- String resolvedValue;
- try {
- resolvedValue =
- URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1");
- } catch (UnsupportedEncodingException e) {
- //ISO-8859-1 is supported
- resolvedValue = null;
- }
- result.put(key, resolvedValue);
- }
- }
-
- return result;
- }
-
- /**
- * Resolves a login header or parameter value.
- * @param predicate header or parameter predicate name from online application configuration
- * @param authData authentication data for current login
- * @param clientIPAddress client IP address
- * @return header or parameter value resolved; null if unknown name is given
- */
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
- if (predicate.equals(MOAGivenName))
- return authData.getGivenName();
- if (predicate.equals(MOAFamilyName))
- return authData.getFamilyName();
- if (predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
- if (predicate.equals(MOABPK))
- return authData.getPBK();
- if (predicate.equals(MOAPublicAuthority))
- if (authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if (predicate.equals(MOABKZ))
- return authData.getPublicAuthorityCode();
- if (predicate.equals(MOAQualifiedCertificate))
- if (authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if (predicate.equals(MOAStammzahl))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if (predicate.equals(MOAIPAddress))
- return clientIPAddress;
- else return null;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
deleted file mode 100644
index a1ccb7353..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ /dev/null
@@ -1,226 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-
-import com.ibm.webdav.HTTPHeaders;
-import com.ibm.webdav.protocol.URLStreamHandlerFactory;
-import java.util.StringTokenizer;
-import com.ibm.webdav.protocol.http.WebDAVURLConnection;
-import java.net.URL;
-import java.net.URLStreamHandler;
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * Defaultimplementierung von ConnectionBuilder.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ElakConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
-
- /** a boolean to indicat if webdav protocol handler was already set */
- private static boolean webdavPHSet = false;
-
- /**
- * The system property name used to register a protocol handler.
- */
- public final static String PROTOCOL_HANDLER_PROPERTY_NAME = "java.protocol.handler.pkgs";
-
- /**
- * The package providing the ldap protocol handler.
- */
- public final static String WEBDAV_PROTOCOL_HANDLER = "com.ibm.webdav.protocol";
-
- /**
- * The pipe character used to sepearte different protocol handlers.
- */
- public final static char PIPE_CHAR = '|';
-
-
-
-
-
- /**
- * Constructor for ElakConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public ElakConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest req,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Map parameters)
- throws IOException {
-
- String requestedURL = req.getRequestURL().toString();
- // check whether requested URL starts with publicURLPrefix
- if (! requestedURL.startsWith(publicURLPrefix))
- throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
-
-
-
- // in case of GET request, append query string to requested URL;
- // otherwise, HttpURLConnection would perform a POST request
- //FIXME right parameters
- /*
- if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
- requestedURL = appendQueryString(requestedURL, parameters);
- }
- */
- //TODO RSCH check functionality
- if (null != req.getQueryString() && 0 != req.getQueryString().length() ) {
- String query = req.getQueryString();
- requestedURL = requestedURL + "?" + query;
-
- for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
- String parameterKey = (String) iter.next();
- if(query.indexOf(parameterKey) >= 0) iter.remove();
- }
- }
-
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
-
-
- Logger.info("Registering WebDAV protocol handler");
- String protocolHandlers = System.getProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME);
- if (protocolHandlers == null) {
- protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER;
- System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
- } else {
- // check, if WEBDAV protocol handler is already configured
- boolean isConfigured = false;
- StringTokenizer tokenizer = new StringTokenizer(protocolHandlers, "| ");
- while (tokenizer.hasMoreTokens()) {
- String protocolHandler = tokenizer.nextToken();
- if (protocolHandler.equals(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER)) {
- isConfigured = true;
- break;
- }
- }
- // if it has not been configured yet, configure it
- if (!isConfigured) {
- protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ElakConnectionBuilder.PIPE_CHAR + protocolHandlers;
- System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
- }
- }
- Logger.info("Registered protocol handlers: " + protocolHandlers);
- Class webdavSH = null;
- try
- {
- webdavSH = Class.forName(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ".http.Handler");
- }
- catch (ClassNotFoundException e)
- {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- URLStreamHandler urlStreamHandler = null;
- try
- {
- urlStreamHandler = (URLStreamHandler) webdavSH.newInstance();
- }
- catch (InstantiationException e1)
- {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
- catch (IllegalAccessException e1)
- {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
- //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler);
- //WebDAVURLConnection webDavTest = (WebDAVURLConnection) testURL.openConnection();
-
-
- URL testURL = new URL(realURLString);
- Logger.debug("TEST URL ist von der Klasse: " + testURL.getClass().getName());
-
- //URL url = new URL(realURLString);
- URL testURL2 = new URL(realURLString);
-
- URL url = new URL("http", "localhost", 82, realURLString.substring("http://localhost:82".length()), urlStreamHandler);
-
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
- WebDAVURLConnection webDavConn = (WebDAVURLConnection) url.openConnection();
- HttpURLConnection conn = (HttpURLConnection)webDavConn;
- webDavConn.setRequestMethod(req.getMethod());
- webDavConn.setDoInput(true);
- webDavConn.setDoOutput(true);
- //conn.setUseCaches(false);
- webDavConn.setAllowUserInteraction(true);
- webDavConn.setInstanceFollowRedirects(false);
- if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
- HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
- httpsConn.setSSLSocketFactory(sslSocketFactory);
- if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
- }
- return conn;
- }
- /**
- * @param requestedURL
- * @param parameters
- * @return
- */
- private String appendQueryString(String requestedURL, Map parameters) {
- String newURL = requestedURL;
- for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
- String paramName = (String)iter.next();
- String paramValue = (String)parameters.get(paramName);
- String paramString = paramName + "=" + paramValue;
- if (newURL.indexOf("?") < 0)
- newURL = newURL + "?" + paramString;
- else
- newURL = newURL + "&" + paramString;
- }
- return newURL;
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
- private class HostnameNonVerifier implements HostnameVerifier {
-
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
deleted file mode 100644
index f43bbd9e4..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ /dev/null
@@ -1,76 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-
-/**
- * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
- * to the remote online application.
- * Utilizes {@link OAConfiguration} and {@link AuthenticationData}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public interface LoginParameterResolver {
-
- /** Constants used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType,
- * naming predicates used by the LoginParameterResolver. */
- public static final String MOAGivenName = "MOAGivenName";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOAFamilyName = "MOAFamilyName";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOADateOfBirth = "MOADateOfBirth";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOABPK = "MOABPK";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOAPublicAuthority = "MOAPublicAuthority";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOABKZ = "MOABKZ";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOAStammzahl = "MOAStammzahl";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOAIdentificationValueType = "MOAIdentificationValueType";
- /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */
- public static final String MOAIPAddress = "MOAIPAddress";
-
- /**
- * Returns authentication headers to be added to a URLConnection.
- *
- * @param oaConf configuration data
- * @param authData authentication data
- * @param clientIPAddress client IP address
- * @return A map, the keys being header names and values being corresponding header values.
- * "basic-auth", header fields
- * username and password.
- * "header-auth", header fields
- * derived from parameter mapping and authentication data provided.
- * "param-auth", parameters
- * derived from parameter mapping and authentication data provided.
- * LoginParameterResolver
- * interface is configured
- */
- private static LoginParameterResolver defaultLoginParameterResolver;
- /** mapping from online application public URL prefix to an implementation
- * of the LoginParameterResolver interface to be used;
- * if no mapping is given for an online application, the
- * DefaultLoginParameterResolver will be used */
- private static Map loginParameterResolverMap;
-
- /**
- * Initializes the LoginParameterResolver map from the configuration data.
- * @throws ConfigurationException when the configuration cannot be read,
- * or when a class name configured cannot be instantiated
- */
- public static void initialize() throws ConfigurationException {
- defaultLoginParameterResolver = new DefaultLoginParameterResolver();
- loginParameterResolverMap = new HashMap();
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
- String publicURLPrefix = oaParam.getPublicURLPrefix();
- String className = oaParam.getLoginParameterResolverImpl();
- String configuration = oaParam.getLoginParameterResolverConfiguration();
-
- if (className != null) {
- try {
- Class lprClass = Class.forName(className);
- LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
-
- Class[] argumentTypes = { String.class };
- Method confMethod = lprClass.getMethod( "configure", argumentTypes );
-
- Object[] arguments = { new String(configuration) };
- confMethod.invoke( lpr, arguments );
-
- loginParameterResolverMap.put(publicURLPrefix, lpr);
- }
- catch (InvocationTargetException lpex) {
- throw new ConfigurationException("config.11", new Object[] {className}, lpex);
- }
- catch (Throwable ex) {
- throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
- }
- }
- }
- }
-
- /**
- * Gets the LoginParameterResolver implementation to be used for the given
- * online application.
- * @param publicURLPrefix public URL prefix of the online application
- * @return LoginParameterResolver implementation
- */
- public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) {
- LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix);
- if (lpr == null)
- return defaultLoginParameterResolver;
- else
- return lpr;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
deleted file mode 100644
index da5d36678..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ /dev/null
@@ -1,91 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import iaik.pki.PKIException;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
-import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Web application initializer
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDProxyInitializer {
-
- /**
- * Initializes the web application components which need initialization:
- * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
- */
- public static void initialize()
- throws ConfigurationException, IOException, GeneralSecurityException, PKIException {
-
- Logger.setHierarchy("moa.id.proxy");
-
- // Restricts TLS cipher suites
- System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
-
- // load some jsse classes so that the integrity of the jars can be verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction with
- // iaik-jce (on jdk1.3)
- ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader();
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- }
- catch (ClassNotFoundException e) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
- }
-
- // Initializes the SSLSocketFactory store
- SSLUtils.initialize();
-
- // Initializes IAIKX509TrustManager logging
- String log4jConfigURL = System.getProperty("log4j.configuration");
- if (log4jConfigURL != null) {
- IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
- }
-
- // Loads the configuration
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload();
-
- // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service,
- // using configuration data
- ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
- if (connParamAuth.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- AxisSecureSocketFactory.initialize(ssf);
- }
-
- // Initializes the Axis secure socket factories for use in calling the online applications,
- // using configuration data
- OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAProxyParameter oaParam = oaParams[i];
- ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- if (oaConnParam.isHTTPSURL())
- SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
- }
-
- // Initializes the ConnectionBuilderFactory from configuration data
- ConnectionBuilderFactory.initialize();
-
- // Initializes the LoginParameterResolverFactory from configuration data
- LoginParameterResolverFactory.initialize();
-
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
deleted file mode 100644
index 849160a7b..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- * Reason for this exception: the dedicated LoginParameterResolver does
- * not allow access to the desired ressource.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class NotAllowedException extends MOAIDException {
-
- /**
- * Constructor for NotAllowedException.
- * @param messageId
- * @param parameters
- */
- public NotAllowedException(
- String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for NotAllowedException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public NotAllowedException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class b/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class
deleted file mode 100644
index 49200265a..000000000
Binary files a/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class and /dev/null differ
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
deleted file mode 100644
index 8a93148bb..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ /dev/null
@@ -1,655 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import iaik.security.provider.IAIK;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-
-import javax.crypto.Cipher;
-import javax.crypto.BadPaddingException;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.Key;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Security;
-
-
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-
-import java.io.IOException;
-import java.util.*;
-
-import javax.xml.parsers.ParserConfigurationException;
-import org.w3c.dom.*;
-import org.xml.sax.SAXException;
-
-/**
- * XMLLoginParameterResolver an implementation of implementation of interface
- * LoginParameterResolver
- * This implementation used to map identities stored in an XML file to parameters
- * which are given to OAs.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver {
-
- //file which is parsed and interpreted for paremeter resolving.
- private String identityFile;
-
- private Cipher blowfishCipher;
- private Key key;
- /**
- * inner class used to store mapped parameters
- */
- class LPRParams {
-
- /**
- * getter method for parameter Enabled.
- * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
- */
- public boolean getEnabled() {
- return enabled.booleanValue();
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or null not set.
- */
- public String getUN() {
- return UN;
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or null not set.
- */
- //TODO XMLLPR decrypt
- public String getPlainUN() {
- //Security.addProvider();
-
-
- return UN;
- }
-
-
- /**
- * getter method for parameter PW (password)
- * @return Parameter PW or null not set.
- */
- public String getPW() {
- return PW;
- }
-
- /**
- * getter method for generic parameter Param1
- * @return Parameter Param1 or null not set.
- */
- public String getParam1() {
- return Param1;
- }
-
- /**
- * getter method for generic parameter Param2
- * @return Parameter Param2 or null not set.
- */
- public String getParam2() {
- return Param2;
- }
-
- /**
- * getter method for generic parameter Param3
- * @return Parameter Param3 or null not set.
- */
- public String getParam3() {
- return Param3;
- }
-
- /**
- * Returns a string representation of LPRParams
- *
- * @return a String representation of this object.
- * @see XMLLoginParameterResolver.LPRParams
- */
- public String toString() {
- return "Enabled: "
- + enabled.toString()
- + "UN: '"
- + UN
- + "' PW: '"
- + PW
- + "' Param1: '"
- + Param1
- + "' Param2: '"
- + Param2
- + "' Param3: '"
- + Param3
- + "'\n";
- }
-
- //private member variables used to store the parameters
- private Boolean enabled = null;
- private String UN = null;
- private String PW = null;
- private String Param1 = null;
- private String Param2 = null;
- private String Param3 = null;
-
- /**
- * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
- * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
- * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
- this.enabled = new Boolean(enabled);
- this.UN = UN;
- this.PW = PW;
- this.Param1 = Param1;
- this.Param1 = Param2;
- this.Param1 = Param3;
- }
-
- /**
- * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW) {
- this(enabled, UN, PW, null, null, null);
- }
- }
-
- /**
- * Constructs a newly allocated XMLLoginParameterResolver object.
- **/
- public XMLLoginParameterResolverEncryptedData() {
- bPKMap = new HashMap();
- namedMap = new HashMap();
- }
-
- /**
- * configuration method
- * @param configuration enabled enable user mapping to parameter set for the parameter set.
- */
- public void configure(String configuration) throws LoginParameterResolverException {
- File idFile;
- Element rootElement;
-
- Security.addProvider(new IAIK());
- try {
- blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK");
-
- } catch (NoSuchPaddingException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()});
- } catch (NoSuchProviderException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()});
- } catch (NoSuchAlgorithmException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()});
- }
-
- String plaintext = "start";
- String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim");
- String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim");
- Logger.debug("plaintext: " + plaintext);
- Logger.debug("encrypted: " + encrypted);
- Logger.debug("decrypted: " + decrypted);
-
- //make file name absolut (if it is relative to main config file)
- //TODO MOAID XMLLPR check
- String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
- String rootConfigFileDir = new File(moaIDConfigFileName).getParent();
- this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir);
-
- if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
- }
- try {
- rootElement = readXMLFile(identityFile);
- } catch (IOException lex) {
- Logger.error(lex.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
-
- } catch (SAXException sex) {
- Logger.error(sex.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() });
- } catch (ParserConfigurationException e) {
- // TODO XMLPR Auto-generated catch block
- Logger.error(e.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() });
- }
- buildInfo(rootElement);
- isConfigured = true;
- }
-
- /**
- * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext
- * @param plaintext
- * @param bPK
- * @param masterSecret
- * @returns encrypted data (blowfish encrypted, base64 encoded)
- * @throws LoginParameterResolverException
- */
- public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException
- {
- try {
- String keyString = bPK + masterSecret;
- key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
- IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
-
- blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param);
- byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8"));
- return Base64Utils.encode(cipherText);
- } catch (UnsupportedEncodingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidKeyException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (BadPaddingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalBlockSizeException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalStateException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidAlgorithmParameterException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IOException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- }
- }
-
-
- /**
- * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext
- * @param ciphertext (blowfish encrypted, base64encoded)
- * @param bPK
- * @param masterSecret
- * @returns decrypted Data (plaintext)
- * @throws LoginParameterResolverException
- */
- public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException
- {
- try {
- String keyString = bPK + masterSecret;
- key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
- IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
- blowfishCipher.init(Cipher.DECRYPT_MODE, key, param);
- byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true));
- return new String(plaintext);
- } catch (UnsupportedEncodingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidKeyException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (BadPaddingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalBlockSizeException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalStateException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidAlgorithmParameterException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IOException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- }
- }
-
-
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String)
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException, NotAllowedException {
- Map result = new HashMap();
-
- if (!isConfigured) {
- //TODO XMLLPR
- throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" +
- identityFile + "' is not configured!", null);
- }
-
- //get the Identity of the user
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOABPK", authData, clientIPAddress);
- String userid = "";
- String password = "";
- LPRParams params = null;
- boolean userFound = false;
-
- //try bPK and named search
- params = bPKIdentitySearch(bPK);
-
- if (null == params)
- params = namedIdentitySearch(famName, givenName, dateOfBirth);
-
- //if both searches failed, report error.
- if(null == params)
- throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
-
- //HTTP 401 - Basic Authentication
- if (oaConf.getAuthType().equals("basic")) {
- userid = (null != params.getUN()) ? params.getUN() : "";
- password = (null != params.getPW()) ? params.getPW() : "";
-
- try {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8"));
- Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials);
- result.put("Authorization", "Basic " + credentials);
- } catch (IOException ignore) {
- throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"});
- }
- } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication
- String key;
- String resolvedValue;
- //TODO MOAID XMLLPR select value through OA-ConfigFile;
- if(null != params.getUN()) result.put("UN", params.getUN());
- if(null != params.getPW()) result.put("UN", params.getPW());
- if(null != params.getParam1()) result.put("UN", params.getParam1());
- if(null != params.getParam2()) result.put("UN", params.getParam2());
- if(null != params.getParam3()) result.put("UN", params.getParam3());
-
- } else {
- throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"});
- }
-
- return result;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String)
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException, NotAllowedException {
-
- Map result = new HashMap();
-
- if (!isConfigured) {
- Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured");
- return result;
- }
-
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOABPK", authData, clientIPAddress);
- String userid = "";
- String password = "";
- LPRParams params = null;
-
- //try bPK and named search
- params = bPKIdentitySearch(bPK);
-
- if (null == params)
- params = namedIdentitySearch(famName, givenName, dateOfBirth);
-
- //if both searches failed, report error.
- if(null == params)
- throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
-
- //TODO MOAID XMLLPR URLEncoder.encode
- if (oaConf.getAuthType().equals("param")) {
- try {
- if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1"));
- if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1"));
- if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1"));
- if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1"));
- if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1"));
- } catch (UnsupportedEncodingException e) {
- // ISO-8859-1 is supported
- throw new LoginParameterResolverException("URLEncoder error", null);
- }
- } else {
- throw new LoginParameterResolverException("AuthType not supported", null);
- }
- return result;
- }
-
- /**
- * Resolves a login header or parameter value.
- * @param predicate header or parameter predicate name from online application configuration
- * @param authData authentication data for current login
- * @param clientIPAddress client IP address
- * @return header or parameter value resolved; null if unknown name is given
- */
- private static String resolveValue(
- String predicate,
- AuthenticationData authData,
- String clientIPAddress) {
- if (predicate.equals("MOAGivenName"))
- return authData.getGivenName();
- if (predicate.equals("MOAFamilyName"))
- return authData.getFamilyName();
- if (predicate.equals("MOADateOfBirth"))
- return authData.getDateOfBirth();
- if (predicate.equals("MOABPK"))
- return authData.getPBK();
- if (predicate.equals("MOAPublicAuthority"))
- if (authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if (predicate.equals("MOABKZ"))
- return authData.getPublicAuthorityCode();
- if (predicate.equals("MOAQualifiedCertificate"))
- if (authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if (predicate.equals("MOAStammzahl"))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if (predicate.equals("MOAIPAddress"))
- return clientIPAddress;
- else
- return null;
- }
-
- /**
- * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element.
- * @param fileName of the configuration file.
- */
- private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException {
- Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName);
-
- InputStream stream = null;
- Element configElem;
-
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return configElem;
- }
-
- /**
- * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file.
- * @param root document root element.
- */
- private void buildInfo(Element root) {
- NodeList idList = root.getElementsByTagName(XSD_IDELEM);
- NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM);
- for (int i = 0; i < idList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName());
-
- for (int i = 0; i < paramList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName());
-
- for (int i = 0; i < idList.getLength(); i++) {
- Element tmpElem = (Element) idList.item(i);
- NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM);
- for (int j = 0; j < tmpList.getLength(); j++)
- Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName());
-
- //Search for NamedIdentity Elements
- if (1 == tmpList.getLength()) {
- tmpElem = (Element) tmpList.item(0);
- String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," +
- tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," +
- tmpElem.getAttribute(XSD_BIRTHDATEATTR);
- boolean tmpBool = false;
- if (tmpElem.getFirstChild() != null
- && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- //TODO XMLLPR remove
- Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element) paramList.item(i);
- Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
- " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
- " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
- " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
- " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
- tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
- tmpElem.getAttribute(XSD_PARAM3ATTR)) );
- } else { //bPKIdentity Elements
-
- tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM);
- if (1 == tmpList.getLength()) {
- tmpElem = (Element) tmpList.item(0);
- String tmpStr = tmpElem.getAttribute(XSD_BPKATTR);
- boolean tmpBool = false;
- if (tmpElem.getFirstChild() != null
- && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element) paramList.item(i);
- Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
- " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
- " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
- " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
- " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
- tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
- tmpElem.getAttribute(XSD_PARAM3ATTR)) );
- } else {
- Logger.warn(
- "XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found");
- }
- }
- }
-
- Logger.debug("namedMap:" + namedMap.toString());
- Logger.debug("bPKMap:" + bPKMap.toString());
- }
-
- /**
- * searches for a given bPK and returns the appropriate LPRParams structure
- * @param bPK search argument
- * @returns LPRParams if bPK could be found in internal mappings or null otherwise.
- */
- LPRParams bPKIdentitySearch(String bPK) {
- //search for mapping with bPK of the user
- Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK);
- LPRParams params = (LPRParams) bPKMap.get(bPK);
- if (null == params) {
- Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!");
- return null;
- } else if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
- }
- Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled");
- return null;
- }
-
- /**
- * searches for a given namedIdentity and returns the appropriate LPRParams structure
- * @param surName surname search argument
- * @param givenName givenname search argument
- * @param dateOfBirth dateofbirth search argument
- * @returns LPRParams if bPK could be found in internal mappings or null otherwise.
- */
- LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) {
- Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName +
- " GivenName: " + givenName +
- " DateOfBirth" + dateOfBirth);
-
- //try first a search with surname, givenname and birthdate
- LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth);
- if (null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " +
- givenName + "BirthDate: " + dateOfBirth + " not found!");
-
- //try a search with surname, givenname only
- params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR);
- if(null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " +
- givenName + " not found!");
- return null;
- }
- }
-
- if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: Surname:" + surName
- + " GivenName: "
- + givenName
- + " found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
- }
- Logger.info(
- "XMLLoginParameterResolver: SurName:"
- + surName
- + " GivenName: "
- + givenName
- + "found in list; user is NOT enabled");
- return null;
- }
-
- //public static final String XSD_MAPPING = "Mapping";
-
- //public static final String XSD_DOCELEM = "MOAIdentities";
- public static final String XSD_IDELEM = "Identity";
- public static final String XSD_NAMEDIDELEM = "NamedIdentity";
- public static final String XSD_BPKIDELEM = "bPKIdentity";
- public static final String XSD_PARAMELEM = "Parameters";
- public static final String XSD_SURNAMEATTR = "SurName";
- public static final String XSD_GIVENNAMEATTR = "GivenName";
- public static final String XSD_BIRTHDATEATTR = "BirthDate";
- public static final String XSD_BIRTHDATEBLANKATTR = "any";
- public static final String XSD_BPKATTR = "bPK";
- public static final String XSD_UNATTR = "UN";
- public static final String XSD_PWATTR = "PW";
- public static final String XSD_PARAM1ATTR = "Param1";
- public static final String XSD_PARAM2ATTR = "Param2";
- public static final String XSD_PARAM3ATTR = "Param3";
- private Map bPKMap;
- private Map namedMap;
- private boolean isConfigured = false;
-}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
deleted file mode 100644
index 1f59aa809..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ /dev/null
@@ -1,387 +0,0 @@
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import java.io.IOException;
-import java.util.*;
-import org.apache.xerces.parsers.DOMParser;
-import org.w3c.dom.*;
-
-// Referenced classes of package at.gv.egovernment.moa.id.proxy:
-//
-// TODO MOA-ID test full functionality
-
-public class XMLLoginParameterResolverPlainData
- implements LoginParameterResolver
-{
- private String configuration;
-
- /**
- * inner class used to store mapped parameters
- */
- class LPRParams {
-
- /**
- * getter method for parameter Enabled.
- * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
- */
- public boolean getEnabled() {
- return enabled.booleanValue();
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or null not set.
- */
- public String getUN() {
- return UN;
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or null not set.
- */
- public String getPlainUN() {
- return UN;
- }
-
-
- /**
- * getter method for parameter PW (password)
- * @return Parameter PW or null not set.
- */
- public String getPW() {
- return PW;
- }
-
- /**
- * getter method for generic parameter Param1
- * @return Parameter Param1 or null not set.
- */
- public String getParam1() {
- return Param1;
- }
-
- /**
- * getter method for generic parameter Param2
- * @return Parameter Param2 or null not set.
- */
- public String getParam2() {
- return Param2;
- }
-
- /**
- * getter method for generic parameter Param3
- * @return Parameter Param3 or null not set.
- */
- public String getParam3() {
- return Param3;
- }
-
- /**
- * Returns a string representation of LPRParams
- *
- * @return a String representation of this object.
- * @see XMLLoginParameterResolver.LPRParams
- */
- public String toString() {
- return "Enabled: "
- + enabled.toString()
- + "UN: '"
- + UN
- + "' PW: '"
- + PW
- + "' Param1: '"
- + Param1
- + "' Param2: '"
- + Param2
- + "' Param3: '"
- + Param3
- + "'\n";
- }
-
- //private member variables used to store the parameters
- private Boolean enabled = null;
- private String UN = null;
- private String PW = null;
- private String Param1 = null;
- private String Param2 = null;
- private String Param3 = null;
-
- /**
- * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
- * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
- * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
- this.enabled = new Boolean(enabled);
- this.UN = UN;
- this.PW = PW;
- this.Param1 = Param1;
- this.Param1 = Param2;
- this.Param1 = Param3;
- }
-
- /**
- * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW) {
- this(enabled, UN, PW, null, null, null);
- }
- }
-
- //TODO document
- public XMLLoginParameterResolverPlainData()
- {
- bPKMap = new HashMap();
- namedMap = new HashMap();
-
- }
-
- //TODO document
- public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress) throws NotAllowedException
- {
- Map result = new HashMap();
- if(oaConf.getAuthType().equals("basic"))
- {
- String famName = resolveValue(MOAFamilyName, authData, clientIPAddress);
- String givenName = resolveValue(MOAGivenName, authData, clientIPAddress);
- String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress);
- String bPK = resolveValue(MOABPK, authData, clientIPAddress);
- String userid = "";
- String password = "";
- String param1 = "";
- String param2 = "";
- String param3 = "";
-
- LPRParams params = null;
- boolean userFound = false;
-
- //first step: search for bPK entry in user list
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for bPK:" + bPK);
- params = (LPRParams)bPKMap.get(bPK);
- if(params == null)
- Logger.debug("XMLLoginParameterResolverPlainData: params for bPK: " + bPK + " not found in file!");
- else
- if(params.getEnabled())
- { //if user is enabled: get related parameters
- Logger.debug("XMLLoginParameterResolverPlainData: bPK: " + bPK + " found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- } else
- {
- Logger.info("XMLLoginParameterResolverPlainData: bPK: " + bPK + " found in list; user is NOT enabled");
- }
- if(!userFound) //secound step: search for name entry in user list
- {
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth);
- params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth);
- if(params == null) {
- Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!");
- //try also with wildcard ("*") birthdate
- params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*");
- if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!");
- }
-
- if(null != params && params.getEnabled())
- {
- Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- }
- }
- if(!userFound) //if user is not found then throw NotAllowedException exception
- {
- //TODO MOA-ID proov this with testcases!
- Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login");
- throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { });
- }
- try //if user was found: generate Authorization header entry with associated credemtials
- {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes());
- Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials);
- result.put("Authorization", "Basic " + credentials);
- }
- catch(IOException ignore) { }
- } else
- if(oaConf.getAuthType().equals("header"))
- {
- String key;
- String resolvedValue;
- for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
- {
- key = (String)iter.next();
- String predicate = (String)oaConf.getHeaderAuthMapping().get(key);
- resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- }
-
- }
- return result;
- }
-
- public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress)
- {
- Map result = new HashMap();
- if(oaConf.getAuthType().equals("param"))
- {
- String key;
- String resolvedValue;
- for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
- {
- key = (String)iter.next();
- String predicate = (String)oaConf.getParamAuthMapping().get(key);
- resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- }
-
- }
- return result;
- }
-
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress)
- {
- if(predicate.equals(MOAGivenName))
- return authData.getGivenName();
- if(predicate.equals(MOAFamilyName))
- return authData.getFamilyName();
- if(predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
- if(predicate.equals(MOABPK))
- return authData.getPBK();
- if(predicate.equals(MOAPublicAuthority))
- if(authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if(predicate.equals(MOABKZ))
- return authData.getPublicAuthorityCode();
- if(predicate.equals(MOAQualifiedCertificate))
- if(authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if(predicate.equals(MOAStammzahl))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if(predicate.equals(MOAIPAddress))
- return clientIPAddress;
- else
- return null;
- }
-
- private Document readXMLFile(String fileName) throws LoginParameterResolverException
- {
- Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName);
- DOMParser parser = new DOMParser();
- try
- {
- parser.setFeature("http://xml.org/sax/features/validation", true);
- parser.setFeature("http://apache.org/xml/features/validation/schema", true);
- parser.parse(fileName);
- return parser.getDocument();
- }
- catch(Exception e)
- {
- String msg = e.toString();
- throw new LoginParameterResolverException("proxy.13", new Object[] {"<samlp:Request> used for querying
- * the authentication data <saml:Assertion>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLRequestBuilder implements Constants {
- /** samlp-Request template */
- private static final String REQUEST =
- "<samlp:Request>.
- * @param requestID request ID
- * @param samlArtifactBase64 SAML artifact, encoded BASE64
- * @return the DOM element
- */
- public Element build(String requestID, String samlArtifactBase64) throws BuildException {
- try {
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
- String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
- Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return requestElem;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"samlp:Request", ex.toString()},
- ex);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
deleted file mode 100644
index 4e9a72111..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ /dev/null
@@ -1,143 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.invoke;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
-
-import org.apache.axis.message.SOAPBodyElement;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.SAMLStatus;
-import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
-import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
-import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
-import at.gv.egovernment.moa.id.util.Random;
-
-/**
- * Invoker of
- * <saml:Assertion> returned by the
- * GetAuthenticationData web service.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationDataAssertionParser implements Constants {
-
- /** Prefix for SAML-Xpath-expressions */
- private static String SAML = SAML_PREFIX + ":";
- /** Prefix for PersonData-Xpath-expressions */
- private static String PR = PD_PREFIX + ":";
- /** Prefix for Attribute MajorVersion in an Xpath-expression */
- private static String MAJOR_VERSION_XPATH =
- "@MajorVersion";
- /** Prefix for Attribute MinorVersion in an Xpath-expression */
- private static String MINOR_VERSION_XPATH =
- "@MinorVersion";
- /** Prefix for Attribute AssertionID in an Xpath-expression */
- private static String ASSERTION_ID_XPATH =
- "@AssertionID";
- /** Prefix for Attribute Issuer in an Xpath-expression */
- private static String ISSUER_XPATH =
- "@Issuer";
- /** Prefix for Attribute IssueInstant in an Xpath-expression */
- private static String ISSUE_INSTANT_XPATH =
- "@IssueInstant";
- /** Prefix for Element AttributeStatement in an Xpath-expression */
- private static String ATTRIBUTESTATEMENT_XPATH =
- SAML + "AttributeStatement/";
- /** Prefix for Element NameIdentifier in an Xpath-expression */
- private static String BPK_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Subject/" +
- SAML + "NameIdentifier";
- /** Prefix for Element Person in an Xpath-expression */
- private static String PERSONDATA_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"PersonData\"]/" +
- SAML + "AttributeValue/" +
- PR + "Person/";
- /** Prefix for Element Value in an Xpath-expression */
- private static String IDENTIFICATION_VALUE_XPATH =
- PERSONDATA_XPATH +
- PR + "Identification/" +
- PR + "Value";
- private static String IDENTIFICATION_TYPE_XPATH =
- PERSONDATA_XPATH +
- PR + "Identification/" +
- PR + "Type";
-
- /** Prefix for Element GivenName in an Xpath-expression */
- private static String GIVEN_NAME_XPATH =
- PERSONDATA_XPATH +
- PR + "Name/" +
- PR + "GivenName";
- /** Prefix for Element FamilyName in an Xpath-expression */
- private static String FAMILY_NAME_XPATH =
- PERSONDATA_XPATH +
- PR + "Name/" +
- PR + "FamilyName";
- /** Prefix for Element DateOfBirth in an Xpath-expression */
- private static String DATE_OF_BIRTH_XPATH =
- PERSONDATA_XPATH +
- PR + "DateOfBirth";
- /** Prefix for Element AttributeValue in an Xpath-expression */
- private static String IS_QUALIFIED_CERT_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" +
- SAML + "AttributeValue";
- /** Prefix for Element AttributeValue in an Xpath-expression */
- private static String PUBLIC_AUTHORITY_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" +
- SAML + "AttributeValue";
- /** Element samlAssertion represents the SAML:Assertion */
- private Element samlAssertion;
-
- /**
- * Constructor
- * @param samlAssertion samlpResponse the <samlp:Response> as a DOM element
- */
- public AuthenticationDataAssertionParser(Element samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Parses the <saml:Assertion>.
- * @return AuthenticationData object
- * @throws ParseException on any error
- */
- public AuthenticationData parseAuthenticationData()
- throws ParseException {
-
- try {
- AuthenticationData authData = new AuthenticationData();
- //ÄNDERN: NUR der Identification-Teil
- authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
- authData.setMajorVersion(new Integer(
- XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue());
- authData.setMinorVersion(new Integer(
- XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue());
- authData.setAssertionID(
- XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, ""));
- authData.setIssuer(
- XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
- authData.setIssueInstant(
- XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
- authData.setPBK(
- XPathUtils.getElementValue(samlAssertion, BPK_XPATH, ""));
- authData.setIdentificationValue(
- XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
- authData.setIdentificationType(
- XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
- authData.setGivenName(
- XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
- authData.setFamilyName(
- XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, ""));
- authData.setDateOfBirth(
- XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, ""));
- authData.setQualifiedCertificate(BoolUtils.valueOf(
- XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, "")));
- String publicAuthority =
- XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null);
- if (publicAuthority == null) {
- authData.setPublicAuthority(false);
- authData.setPublicAuthorityCode("");
- }
- else {
- authData.setPublicAuthority(true);
- if (! publicAuthority.equalsIgnoreCase("true"))
- authData.setPublicAuthorityCode(publicAuthority);
- }
- return authData;
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
deleted file mode 100644
index 9f77578fd..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.parser;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.SAMLStatus;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parser for the <samlp:Response> returned by the
- * GetAuthenticationData web service.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLResponseParser implements Constants {
- /** Element containing the samlResponse */
- private Element samlResponse;
- /** Xpath prefix for reaching SAMLP Namespaces */
- private static String SAMLP = SAMLP_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static String SAML = SAML_PREFIX + ":";
- /** Xpath prefix for reaching PersonData Namespaces */
- private static String PR = PD_PREFIX + ":";
- /** Xpath expression for reaching the SAMLP:Response element */
- private static final String ROOT =
- "/" + SAMLP + "Response/";
- /** Xpath expression for reaching the SAMLP:Status element */
- private static final String STATUS_XPATH =
- ROOT +
- SAMLP + "Status/";
- /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */
- private static final String STATUSCODE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusCode/@Value";
- /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */
- private static final String SUBSTATUSCODE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusCode/" +
- SAMLP + "StatusCode/@Value";
- /** Xpath expression for reaching the SAMLP:StatusMessage element */
- private static final String STATUSMESSAGE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusMessage";
- /** Xpath expression for reaching the SAML:Assertion element */
- private static String ASSERTION_XPATH =
- ROOT +
- SAML + "Assertion";
-
- /**
- * Constructor
- * @param samlResponse the <samlp:Response> as a DOM element
- */
- public SAMLResponseParser(Element samlResponse) {
- this.samlResponse = samlResponse;
- }
-
- /**
- * Parses the <samlp:StatusCode> from the <samlp:Response>.
- * @return AuthenticationData object
- * @throws ParseException on any parsing error
- */
- public SAMLStatus parseStatusCode()
- throws ParseException {
-
- SAMLStatus status = new SAMLStatus();
- try {
- status.setStatusCode(
- XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, ""));
- status.setSubStatusCode(
- XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, ""));
- status.setStatusMessage(
- XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, ""));
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- return status;
- }
-
- /**
- * Parses the <saml:Assertion> from the <samlp:Response>.
- * @return AuthenticationData object
- * @throws ParseException on any parsing error
- */
- public AuthenticationData parseAuthenticationData()
- throws ParseException {
-
- Element samlAssertion;
- try {
- samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData();
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
deleted file mode 100644
index 4ab2e2cf7..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
- /**
- * Handle a HTTP GET request, used to indicated that the MOA
- * configuration needs to be updated (reloaded).
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
- MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
- try {
- MOAIDProxyInitializer.initialize();
-
- String message = msg.getMessage("config.00", new Object[]
- { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
- Logger.info(message);
-
- HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response);
- } catch (Throwable t) {
- String errorMessage = msg.getMessage("config.04", null);
- Logger.error(errorMessage, t);
- HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response);
- }
- }
-
- /**
- * Do the same as doGet.
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
-
-/**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
-public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
-}
-
-}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
deleted file mode 100644
index 0080c010e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ProxyException extends MOAIDException {
-
- /**
- * Constructor for ProxyException.
- * @param messageId
- * @param parameters
- */
- public ProxyException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ProxyException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ProxyException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
deleted file mode 100644
index f82ad93ed..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ /dev/null
@@ -1,590 +0,0 @@
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.net.HttpURLConnection;
-import java.net.URLEncoder;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.CookieManager;
-import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
-import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
-import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
-import at.gv.egovernment.moa.id.proxy.NotAllowedException;
-import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-
-/**
- * Servlet requested for logging in at an online application,
- * and then for proxying requests to the online application.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ProxyServlet extends HttpServlet {
- /** Name of the Parameter for the Target */
- private static final String PARAM_TARGET = "Target";
- /** Name of the Parameter for the SAMLArtifact */
- private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
-
- /** Name of the Attribute for the PublicURLPrefix */
- private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix";
- /** Name of the Attribute for the RealURLPrefix */
- private static final String ATT_REAL_URLPREFIX = "RealURLPrefix";
- /** Name of the Attribute for the SSLSocketFactory */
- private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory";
- /** Name of the Attribute for the LoginHeaders */
- private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
- /** Name of the Attribute for the LoginParameters */
- private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
- /** Name of the Attribute for the SAMLARTIFACT */
- private static final String ATT_SAML_ARTIFACT = "SamlArtifact";
-
- /**
- * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
- */
- protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-
- Logger.debug("getRequestURL:" + req.getRequestURL().toString());
- try {
- if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) {
-
- // check if SAML Artifact was already used in this session (in case of page reload)
- HttpSession session = req.getSession();
- if(null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
- tunnelRequest(req, resp);
- } else
- // it is the first time that the SAML Artifact was used
- login(req, resp);
- }
- else
- tunnelRequest(req, resp);
- }
- catch (MOAIDException ex) {
- handleError(ex.getMessage(), ex, req, resp);
- }
- catch (Throwable ex) {
- handleError(ex.getMessage(), ex, req, resp);
- }
- }
-
- /**
- * Login to online application at first call of servlet for a user session.null
- * @param loginParameters parameter name/values to be inserted for purposes of authentication;
- * may be null
- * @param publicURLPrefix prefix of request URL to be substituted for the realURLPrefix
- * @param realURLPrefix prefix of online application URL to substitute the publicURLPrefix
- * @param ssf SSLSocketFactory to use
- * @throws IOException if an I/O error occurs
- */
-private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf)
- throws IOException {
-
- // collect headers from request
- Map headers = new HashMap();
- for (Enumeration enum = req.getHeaderNames(); enum.hasMoreElements();) {
- String headerKey = (String) enum.nextElement();
- //We ignore any Basic-Auth-Headers from the client
- if (headerKey.equalsIgnoreCase("Authorization"))
- { Logger.debug("Ignoring authorization-header from browser: " +req.getHeader(headerKey) );
- }
- else
- headers.put(headerKey, req.getHeader(headerKey));
- }
- // collect login headers, possibly overwriting headers from request
- if (loginHeaders != null) {
- for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- headers.put(headerKey, loginHeaders.get(headerKey));
- }
- }
- // collect parameters from request
- Map parameters = new HashMap();
- for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements();) {
- String paramName = (String) enum.nextElement();
- parameters.put(paramName, req.getParameter(paramName));
- }
- // collect login parameters, possibly overwriting parameters from request
- if (loginParameters != null) {
- for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) {
- String paramName = (String) iter.next();
- parameters.put(paramName, loginParameters.get(paramName));
- }
- }
-
- headers.remove("content-length");
- parameters.remove(PARAM_SAMLARTIFACT);
- parameters.remove(PARAM_TARGET);
-
- ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix);
- HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters);
-
- //Set Cookies...
-
- String cookieString = CookieManager.getInstance().getCookie(req.getSession().getId());
- if (cookieString!=null)
- {
- //If we get Cookies from Client, we put them throgh if they dont exist/conflict with the stored Cookies
- for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerValue = (String) headers.get(headerKey);
- if (headerKey.equalsIgnoreCase("Cookie"))
- CookieManager.getInstance().saveOldCookies(req.getSession().getId(), headerValue);
- }
- cookieString = CookieManager.getInstance().getCookie(req.getSession().getId());
- headers.put("cookie", cookieString);
- }
-
- // set headers as request properties of URLConnection
- for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerValue = (String) headers.get(headerKey);
- conn.setRequestProperty(headerKey, headerValue);
- Logger.debug("Req header " + headerKey + ": " + headers.get(headerKey));
- if (Logger.isDebugEnabled() && isBasicAuthenticationHeader(headerKey, headerValue)) {
- String credentials = headerValue.substring(6);
- String userIDPassword = new String(Base64Utils.decode(credentials, false));
- Logger.debug(":UserID:Password: :" + userIDPassword + ":");
- }
- }
- // Write out parameters into output stream of URLConnection.
- // On GET request, do not send parameters in any case,
- // otherwise HttpURLConnection would send a POST.
- if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) {
- boolean firstParam = true;
- StringWriter sb = new StringWriter();
- for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
- String paramname = (String) iter.next();
- String value = URLEncoder.encode((String) parameters.get(paramname));
- if (firstParam)
- firstParam = false;
- else
- sb.write("&");
- sb.write(paramname);
- sb.write("=");
- sb.write(value);
- Logger.debug("Req param " + paramname + ": " + value);
- }
- PrintWriter reqOut = new PrintWriter(conn.getOutputStream());
- reqOut.write(sb.toString());
- reqOut.flush();
- reqOut.close();
- }
- // connect
- conn.connect();
-
- // Read response status and content type.
- // If the connection returns a 401 disconnect and return
- // otherwise the attempt to read data from that connection
- // will result in an error
-
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED)
- {
- Logger.debug("Found 401... searching cookies");
- String headerKey;
-
- int i = 1;
- CookieManager cm = CookieManager.getInstance();
- while ((headerKey = conn.getHeaderFieldKey(i)) != null) {
- String headerValue = conn.getHeaderField(i);
- if (headerKey.equalsIgnoreCase("set-cookie"))
- { cm.saveCookie(req.getSession().getId(), headerValue);
- cm.add401(req.getSession().getId(),headerValue);
- Logger.debug("Cookie " + headerValue);
- Logger.debug("CookieSession " + req.getSession().getId());
- }
- i++;
- }
-
- conn.disconnect();
- return conn.getResponseCode();
- }
- resp.setStatus(conn.getResponseCode());
- resp.setContentType(conn.getContentType());
-
- // Read response headers
- // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set.
- // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests.
- // See JavaDoc of javax.servlet.http.HttpServlet:
- // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
- Map respHeaders = new HashMap();
- boolean chunked = false;
- String contentLengthKey = null;
- String transferEncodingKey = null;
- int i = 1;
- String headerKey;
- while ((headerKey = conn.getHeaderFieldKey(i)) != null) {
- String headerValue = conn.getHeaderField(i);
- respHeaders.put(headerKey, headerValue);
- if (isTransferEncodingChunkedHeader(headerKey, headerValue)) {
- chunked = true;
- transferEncodingKey = headerKey;
- }
- CookieManager cm = CookieManager.getInstance();
- if (headerKey.equalsIgnoreCase("set-cookie"))
- { cm.saveCookie(req.getSession().getId(), headerValue);
- Logger.debug("Cookie " + headerValue);
- Logger.debug("CookieSession " + req.getSession().getId());
- }
- if ("content-length".equalsIgnoreCase(headerKey))
- contentLengthKey = headerKey;
- Logger.debug("Resp header " + headerKey + ": " + headerValue);
- i++;
- }
- if (chunked && contentLengthKey != null) {
- respHeaders.remove(transferEncodingKey);
- Logger.debug("Resp header " + transferEncodingKey + " REMOVED");
- }
-
- //Get a Hash-Map of all 401-set-cookies
- HashMap cookies401 = CookieManager.getInstance().get401(req.getSession().getId());
-
- for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) {
- headerKey = (String) iter.next();
-
- if (headerKey.equalsIgnoreCase("Set-Cookie"))
- {
- String headerValue = (String) respHeaders.get(headerKey);
- Logger.debug("Found 'Set-Cookie' in ResponseHeaders: " + headerValue);
- if(!cookies401.containsKey(headerValue.substring(0, headerValue.indexOf("="))))
- {
- // If we dont already have a Set-Cookie-Value for THAT Cookie we create one...
- CookieManager.getInstance().add401(req.getSession().getId(), headerValue);
- }
- }
- }
-
- //write out all Responseheaders != "set-cookie"
- for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) {
- headerKey = (String) iter.next();
- if (!headerKey.equalsIgnoreCase("Set-Cookie"))
- resp.addHeader(headerKey, (String) respHeaders.get(headerKey));
- }
-
- //write out all Responseheaders = "set-cookie"
- cookies401 = CookieManager.getInstance().get401(req.getSession().getId());
- Iterator cookie_i = cookies401.values().iterator();
- while (cookie_i.hasNext()) {
- String element = (String) cookie_i.next();
- resp.addHeader("Set-Cookie", element);
- }
- //Delete all "Set-Cookie" - Values
- CookieManager.getInstance().clear401(req.getSession().getId());
-
- // read response stream
- Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode());
- // Load content unless the server lets us know that the content is NOT MODIFIED...
- if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED)
- {
- BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream());
- Logger.debug("Got Inputstream");
- BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream());
- Logger.debug("Got Outputstream");
- int ch;
- while ((ch = respIn.read()) >= 0)
- respOut.write(ch);
- respOut.close();
- respIn.close();
- }
- else
- Logger.debug("Found 304 NOT MODIFIED...");
- conn.disconnect();
- Logger.debug("Request done");
-
-
- return conn.getResponseCode();
-}
-/**
- * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..."
- *
- * @param headerKey header name
- * @param headerValue header value
- * @return true for a basic authentication header
- */
-private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) {
- if (!"authorization".equalsIgnoreCase(headerKey))
- return false;
- if (headerValue.length() < "basic".length())
- return false;
- String authenticationSchema = headerValue.substring(0, "basic".length());
- return "basic".equalsIgnoreCase(authenticationSchema);
-}
-/**
- * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked"
- *
- * @param headerKey header name
- * @param headerValue header value
- * @return true for a "Transfer-encoding: chunked" header
- */
-private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) {
- if (!"transfer-encoding".equalsIgnoreCase(headerKey))
- return false;
- return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0;
-}
-
-/**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
-public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- try {
- MOAIDProxyInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex);
- throw new ServletException(ex);
- }
-}
-
-/**
- * Handles an error. "/errorpage-proxy.jsp") // ConnectionParameter connParam = ... get from ConfigurationProvider
- * AxisSecureSocketFactory.initialize(connParam);
- * JSSESocketFactory, the
- * method initialize() has been added.
- *
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AxisSecureSocketFactory
- extends DefaultSocketFactory implements SecureSocketFactory {
-
- /** Field sslFactory */
- private static SSLSocketFactory sslFactory;
-
- /**
- * Constructor for AxisSecureSocketFactory.
- * @param attributes ???
- */
- public AxisSecureSocketFactory(Hashtable attributes) {
- super(attributes);
- }
- /**
- * Initializes the factory by setting the connection parameters to be used for
- * setting the secure socket factory, and by setting the system property
- * axis.socketSecureFactory.
- * @param connParam ConnectionParameter to derive the
- * secure socket factory from
- */
- public static void initialize(SSLSocketFactory ssf)
- throws IOException, GeneralSecurityException {
-
- Logger.debug("Initialize AxisSecureSocketFactory");
- sslFactory = ssf;
- }
-
- /**
- * creates a secure socket
- *
- * @param host
- * @param port
- * @param otherHeaders
- * @param useFullURL
- *
- * @return Socket
- * @throws Exception
- */
- public Socket create(
- String host,
- int port,
- StringBuffer otherHeaders,
- BooleanHolder useFullURL)
- throws Exception {
- if (port == -1) {
- port = 443;
- }
-
- TransportClientProperties tcp =
- TransportClientPropertiesFactory.create("https");
-
- boolean hostInNonProxyList =
- isHostInNonProxyList(host, tcp.getNonProxyHosts());
-
- Socket sslSocket = null;
- if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
- // direct SSL connection
- sslSocket = sslFactory.createSocket(host, port);
- }
- else {
-
- // Default proxy port is 80, even for https
- int tunnelPort =
- (tcp.getProxyPort().length() != 0)
- ? Integer.parseInt(tcp.getProxyPort())
- : 80;
- if (tunnelPort < 0)
- tunnelPort = 80;
-
- // Create the regular socket connection to the proxy
- Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
-
- // The tunnel handshake method (condensed and made reflexive)
- OutputStream tunnelOutputStream = tunnel.getOutputStream();
- PrintWriter out =
- new PrintWriter(
- new BufferedWriter(new OutputStreamWriter(tunnelOutputStream)));
-
- // More secure version... engage later?
- // PasswordAuthentication pa =
- // Authenticator.requestPasswordAuthentication(
- // InetAddress.getByName(tunnelHost),
- // tunnelPort, "SOCK", "Proxy","HTTP");
- // if(pa == null){
- // printDebug("No Authenticator set.");
- // }else{
- // printDebug("Using Authenticator.");
- // tunnelUser = pa.getUserName();
- // tunnelPassword = new String(pa.getPassword());
- // }
- out.print(
- "CONNECT "
- + host
- + ":"
- + port
- + " HTTP/1.0\r\n"
- + "User-Agent: AxisClient");
- if (tcp.getProxyUser().length() != 0
- && tcp.getProxyPassword().length() != 0) {
-
- // add basic authentication header for the proxy
- String encodedPassword =
- XMLUtils.base64encode(
- (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes());
-
- out.print("\nProxy-Authorization: Basic " + encodedPassword);
- }
- out.print("\nContent-Length: 0");
- out.print("\nPragma: no-cache");
- out.print("\r\n\r\n");
- out.flush();
- InputStream tunnelInputStream = tunnel.getInputStream();
-
- if (log.isDebugEnabled()) {
- log.debug(
- Messages.getMessage(
- "isNull00",
- "tunnelInputStream",
- "" + (tunnelInputStream == null)));
- }
- String replyStr = "";
-
- // Make sure to read all the response from the proxy to prevent SSL negotiation failure
- // Response message terminated by two sequential newlines
- int newlinesSeen = 0;
- boolean headerDone = false; /* Done on first newline */
-
- while (newlinesSeen < 2) {
- int i = tunnelInputStream.read();
-
- if (i < 0) {
- throw new IOException("Unexpected EOF from proxy");
- }
- if (i == '\n') {
- headerDone = true;
- ++newlinesSeen;
- }
- else if (i != '\r') {
- newlinesSeen = 0;
- if (!headerDone) {
- replyStr += String.valueOf((char) i);
- }
- }
- }
- if (!replyStr.startsWith("HTTP/1.0 200")
- && !replyStr.startsWith("HTTP/1.1 200")) {
- throw new IOException(
- Messages.getMessage(
- "cantTunnel00",
- new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr }));
- }
-
- // End of condensed reflective tunnel handshake method
- sslSocket = sslFactory.createSocket(tunnel, host, port, true);
- if (log.isDebugEnabled()) {
- log.debug(
- Messages.getMessage(
- "setupTunnel00",
- tcp.getProxyHost(),
- "" + tunnelPort));
- }
- }
-
- ((SSLSocket) sslSocket).startHandshake();
- if (log.isDebugEnabled()) {
- log.debug(Messages.getMessage("createdSSL00"));
- }
- return sslSocket;
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id.server/src/at/gv/egovernment/moa/id/util/ECDSAConstants.java
deleted file mode 100644
index c5dad8bc4..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAConstants.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Created on 20.01.2005
- *
- * @author rschamberger
- * $ID$
- */
-package at.gv.egovernment.moa.id.util;
-
-
-/**
- * Class used to define Constants used in Class ECDSAKeyValueConverter
- *
- * * @author rschamberger
- */
-public class ECDSAConstants {
-
- /* ECDSA Namespace
- */
- static String NAMESPACE_ECDSAKEYVALUE_ = "http://www.w3.org/2001/04/xmldsig-more#";
-
- /* Schema instance NS
- */
- static String NAMESPACE_XSI_ = "http://www.w3.org/2001/XMLSchema-instance";
-
- /* ecdsa prefix value
- */
- static String NS_PREFIX_ECDSAKEYVALUE_ = "ecdsa";
-
- /* namespace namespace
- */
- static String NAMESPACE_NAMESPACES_ = "http://www.w3.org/XML/1998/namespace";
-
- /* si prefix value
- */
- static String NS_PREFIX_XSI_ = "si";
-};
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id.server/src/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
deleted file mode 100644
index 2567cd739..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ /dev/null
@@ -1,574 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import iaik.security.ecc.ecdsa.ECDSAParameter;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.security.ecc.math.ecgroup.AffineCoordinate;
-import iaik.security.ecc.math.ecgroup.Coordinate;
-import iaik.security.ecc.math.ecgroup.CoordinateTypes;
-import iaik.security.ecc.math.ecgroup.ECGroupFactory;
-import iaik.security.ecc.math.ecgroup.ECPoint;
-import iaik.security.ecc.math.ecgroup.EllipticCurve;
-import iaik.security.ecc.math.field.Field;
-import iaik.security.ecc.math.field.FieldElement;
-import iaik.security.ecc.math.field.PrimeField;
-import iaik.security.ecc.parameter.ECCParameterFactory;
-import iaik.security.ecc.spec.ECCParameterSpec;
-
-import java.math.BigInteger;
-import java.security.PublicKey;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Vector;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-public class ECDSAKeyValueConverter
-{
-
-
- //TODO enhance javadoc
-
- /**
- * converter class which can be used to convert ECDSA keys encoded in XML
- * to a PublicKey data structure
- * @param keyValueElem ECDSAKeyValue Element
- * @return ECPublicKey encoded in PublicKey data structure
- * @throws Exception
- *
- * @author gregor karlinger
- */
- public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception
- {
- String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_;
-
- // Domain parameters
- Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1);
- if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
-
- Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
- ECCParameterSpec eccParameterSpec;
-
- if (namedCurve != null)
- {
- // URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
- String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
- ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
- // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
- eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
- }
- else
- {
- Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1);
- Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1);
- Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1);
- Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1);
-
- // Field parameters
- String fieldParamsTypeStr = fieldParams.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type");
- String ecdsaNSPrefix = getECDSANSPrefix(fieldParams);
- BigInteger p = null;
- int fieldParamsType = 0;
- final int FIELD_TYPE_PRIME = 1;
- final int FIELD_TYPE_TNB = 2;
- final int FIELD_TYPE_PNB = 3;
- int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1;
- if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType"))
- {
- fieldParamsType = FIELD_TYPE_PRIME;
- String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1);
- p = new BigInteger(pStr, 10);
- }
- else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType"))
- {
- fieldParamsType = FIELD_TYPE_TNB;
- String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
- m = Integer.parseInt(mStr);
- String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1);
- k = Integer.parseInt(kStr);
- }
- else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType"))
- {
- fieldParamsType = FIELD_TYPE_PNB;
- String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
- m = Integer.parseInt(mStr);
- String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1);
- k1 = Integer.parseInt(k1Str);
- String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1);
- k2 = Integer.parseInt(k2Str);
- String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1);
- k3 = Integer.parseInt(k3Str);
- }
- else throw new Exception("Unknown field parameters.");
-
- // Curve parameters
- Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1);
- String aStr = aElem.getAttributeNS(null, "Value");
- Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1);
- String bStr = bElem.getAttributeNS(null, "Value");
- String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1);
- BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null;
-
- // Base point parameters
- Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1);
- Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1);
- String basePointXStr = basePointXElem.getAttributeNS(null, "Value");
- Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1);
- String basePointYStr = basePointYElem.getAttributeNS(null, "Value");
- String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1);
- BigInteger order = new BigInteger(orderStr, 10);
- String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
- BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
-
- if (fieldParamsType == FIELD_TYPE_PRIME)
- {
- BigInteger a = new BigInteger(aStr, 10);
- BigInteger b = new BigInteger(bStr, 10);
- BigInteger basePointX = new BigInteger(basePointXStr, 10);
- BigInteger basePointY = new BigInteger(basePointYStr, 10);
- eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
- basePointY, null);
- }
- else
- {
- int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)];
- if (fieldParamsType == FIELD_TYPE_TNB)
- {
- irreducible[m/32] = 1 << m % 32;
- irreducible[k/32] += 1 << k % 32;
- irreducible[0] += 1;
- }
- else
- {
- irreducible[m/32] = 1 << m % 32;
- irreducible[k3/32] += 1 << k3 % 32;
- irreducible[k2/32] += 1 << k2 % 32;
- irreducible[k1/32] += 1 << k1 % 32;
- irreducible[0] += 1;
- }
- eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
- octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
- octetString2IntArray(basePointYStr), null);
- }
- }
-
- // Public key
- Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1);
- Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1);
- String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value");
- Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
- String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
-
- ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
- ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
- EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
- eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
- Field field = eCurve.getField();
-
- // Detect type of public key field elements
- String elementType = publicKeyXElem.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type");
- String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1);
- int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2;
- int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName))
- ? FIELD_TYPE_PRIME
- : FIELD_TYPE_CHAR_TWO;
-
- FieldElement publicKeyPointX, publicKeyPointY;
- if (fieldElemType == FIELD_TYPE_PRIME)
- {
-
-// Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10));
-// publicKeyPointX = field.newElement(xValue);
- PrimeField pf = (PrimeField) field;
- publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10));
-// Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10));
-// publicKeyPointY = field.newElement(yValue);
- publicKeyPointY = pf.newElement(new BigInteger(publicKeyYStr, 10));
- }
- else
- {
- publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr));
- publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr));
- }
-// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
-// publicKeyPointY, field.getONEelement());
- Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
- publicKeyPointY).toProjective();
- ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
- ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
-
- return publicKey;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- /*
- public static Element publicKey2ECDSAKeyValueElement(boolean implParams, String curveOID,
- ECDSAPublicKey publicKey, Document factoryDoc)
- {
- String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_;
- String ecdsaNSP = ECDSAConstants.NS_PREFIX_ECDSAKEYVALUE_;
- String nsNS = ECDSAConstants.NAMESPACE_NAMESPACES_;
- String xsiNS = ECDSAConstants.NAMESPACE_XSI_;
- String xsiNSP = ECDSAConstants.NS_PREFIX_XSI_;
-
- ECDSAParameter params = (ECDSAParameter)publicKey.getParameter();
- EllipticCurve curve = params.getG().getCurve();
- Field field = curve.getField();
- int fieldId = curve.getField().getFieldId();
-
- Element eCDSAKeyValue = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ECDSAKeyValue");
- eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + ecdsaNSP, ecdsaNS);
- eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + xsiNSP, xsiNS);
-
- // Detect field type
- int coeffPositions[] = new int[3];
- int fieldType = 0;
- String fieldElemTypeString = null;
- final int FT_PRIME = 1, FT_TNB = 2, FT_PNB = 3;
- if (fieldId == Field.PRIME_FIELD)
- {
- fieldType = FT_PRIME;
- fieldElemTypeString = ecdsaNSP + ":PrimeFieldElemType";
- }
- else
- {
- // Get irreducible polynomal
- BinaryField binaryField = (BinaryField)field;
- BinaryFieldValue irreducible = binaryField.getIrreducible();
-
- // Get coefficients of irreducible polynomal
- int order = irreducible.getOrder();
- int coeffCount = 2;
- for (int i = 1; i < order - 1; i++)
- {
- if (irreducible.testBit(i))
- {
- coeffPositions[coeffCount - 2] = i;
- coeffCount++;
- if (coeffCount == 5) break;
- }
- }
-
- // Set polynomal type (TNB or
- fieldType = (coeffCount == 3) ? FT_TNB : FT_PNB;
- fieldElemTypeString = ecdsaNSP + ":CharTwoFieldElemType";
- }
-
- if (!implParams)
- {
- Element domainParameters = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":DomainParameters");
- eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
- eCDSAKeyValue.appendChild(domainParameters);
-
- if (curveOID != null)
- {
- // Named curve
- Element namedCurve = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":NamedCurve");
- namedCurve.setAttributeNS(null, "URN", "urn:oid:" + curveOID);
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- domainParameters.appendChild(namedCurve);
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- }
- else
- {
- // Explicit parameters
- Element explicitParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ExplicitParams");
-
- // Field parameters
- Element fieldParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":FieldParams");
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(fieldParams);
-
- if (fieldType == FT_PRIME)
- {
- fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PrimeFieldParamsType");
- Element p = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":P");
- p.appendChild(factoryDoc.createTextNode(curve.getField().getSize().toString(10)));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(p);
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- }
- else if (fieldType == FT_TNB)
- {
- fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":TnBFieldParamsType");
- Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M");
- m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder())));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(m);
-
- Element k = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K");
- k.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0], 10)));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k);
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- }
- else
- {
- fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PnBFieldParamsType");
- Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M");
- m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder())));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(m);
-
- Element k1 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K1");
- k1.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0])));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k1);
-
- Element k2 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K2");
- k2.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[1])));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k2);
-
- Element k3 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K3");
- k3.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[2])));
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- fieldParams.appendChild(k3);
- fieldParams.appendChild(factoryDoc.createTextNode("\n "));
- }
-
- // Curve parameters
- Element curveParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":CurveParams");
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(curveParams);
-
- Element a = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":A");
- a.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- a.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? curve.getA().getValue().toBigInt().toString(10)
- : evenStringLength(curve.getA().getValue().toBigInt().toString(16)));
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
- curveParams.appendChild(a);
-
- Element b = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":B");
- b.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- b.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? curve.getB().getValue().toBigInt().toString(10)
- : evenStringLength(curve.getB().getValue().toBigInt().toString(16)));
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
- curveParams.appendChild(b);
-
- if (params.getS() != null)
- {
- Element seed = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Seed");
- seed.appendChild(factoryDoc.createTextNode(evenStringLength(params.getS().toString(16))));
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
- curveParams.appendChild(seed);
- }
-
- curveParams.appendChild(factoryDoc.createTextNode("\n "));
-
- // Base point params
- Element basePointParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePointParams");
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(basePointParams);
-
- Element basePoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePoint");
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- basePointParams.appendChild(basePoint);
-
- Element x = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X");
- x.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- x.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? params.getG().getCoordinates().getX().getValue().toBigInt().toString(10)
- : evenStringLength(params.getG().getCoordinates().getX().getValue().toBigInt().toString(16)));
- basePoint.appendChild(factoryDoc.createTextNode("\n "));
- basePoint.appendChild(x);
-
- Element y = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y");
- y.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- y.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? params.getG().getCoordinates().getY().getValue().toBigInt().toString(10)
- : evenStringLength(params.getG().getCoordinates().getY().getValue().toBigInt().toString(16)));
- basePoint.appendChild(factoryDoc.createTextNode("\n "));
- basePoint.appendChild(y);
- basePoint.appendChild(factoryDoc.createTextNode("\n "));
-
- Element order = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Order");
- order.appendChild(factoryDoc.createTextNode(params.getR().toString(10)));
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- basePointParams.appendChild(order);
-
- if (params.getK() != null)
- {
- Element cofactor = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Cofactor");
- cofactor.appendChild(factoryDoc.createTextNode(params.getK().toString(10)));
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- basePointParams.appendChild(cofactor);
- }
-
- basePointParams.appendChild(factoryDoc.createTextNode("\n "));
- explicitParams.appendChild(factoryDoc.createTextNode("\n "));
-
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- domainParameters.appendChild(explicitParams);
- domainParameters.appendChild(factoryDoc.createTextNode("\n "));
- }
- }
-
- // Public key point
- Element publicKeyPoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":PublicKey");
-
- Element publicKeyX = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X");
- publicKeyX.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- publicKeyX.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(10)
- : evenStringLength(publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(16)));
- publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
- publicKeyPoint.appendChild(publicKeyX);
-
- Element publicKeyY = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y");
- publicKeyY.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
- publicKeyY.setAttributeNS(null, "Value",
- (fieldId == Field.PRIME_FIELD)
- ? publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(10)
- : evenStringLength(publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(16)));
- publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
- publicKeyPoint.appendChild(publicKeyY);
- publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
-
- eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
- eCDSAKeyValue.appendChild(publicKeyPoint);
- eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
-
- return eCDSAKeyValue;
- }
- */
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static String getECDSANSPrefix(Element element)
- {
- // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than
- // one NS prefix can be bound to the ECDSA namespace
-
- HashMap inScopeNSAttrs = getInScopeNSAttrs(element);
- Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator();
- while (inScopeNSAttrsIt.hasNext())
- {
- Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next());
- if (ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_.equals(currentAttr.getValue()))
- {
- return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6);
- }
- }
- return null;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- // Converts an octet string representation into an int array as needed for the IAIK ECC library
- // String: rightmost byte is least significant byte
- // IntArray: rightmost byte is LEAST significant byte
- private static int[] octetString2IntArray(String octetString)
- {
- int byteCount = octetString.length()/2;
- int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)];
- for (int i = 0; i < byteCount; i++)
- {
- int oSStartPos = octetString.length() - (i + 1) * 2;
- int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16);
- intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8);
- }
- return intArray;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- // Converts an octet string representation into a byte array as needed for the IAIK ECC library
- // String: rightmost byte is least significant byte
- // ByteArray: rightmost byte is MOST significant byte
- private static byte[] octetString2ByteArray(String octetString)
- {
- int byteCount = octetString.length()/2;
- byte[] byteArray = new byte[byteCount];
- for (int i = 0; i < byteCount; i++)
- {
- int oSStartPos = octetString.length() - (i + 1) * 2;
- byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring(
- oSStartPos, oSStartPos + 2), 16);
- }
- return byteArray;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static String evenStringLength(String hexString)
- {
- return (hexString.length() % 2 != 0) ? "0" + hexString : hexString;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static Element getChildElement(Element parent, String namespace, String localName,
- int instance)
- {
- NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName);
- if (namedElements.getLength() < instance) return null;
- return (Element)namedElements.item(instance - 1);
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- private static String getChildElementText(Element parent, String namespace, String localName,
- int instance)
- {
- Element child = getChildElement(parent, namespace, localName, instance);
- if (child == null) return null;
- NodeList childNodes = child.getChildNodes();
- int nodeCount = 0;
- while (nodeCount < childNodes.getLength())
- {
- Node currentNode = childNodes.item(nodeCount);
- if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue();
- nodeCount++;
- }
- return null;
- }
-
- /* ---------------------------------------------------------------------------------------------------- */
-
- public static HashMap getInScopeNSAttrs(Element element)
- {
- // Get all ancestors of element
- Vector ancestors = new Vector();
- ancestors.add(element);
- Node currentAncestor = element;
- while ((currentAncestor = currentAncestor.getParentNode()) != null &&
- currentAncestor.getNodeType() == Node.ELEMENT_NODE)
- {
- ancestors.add(currentAncestor);
- }
-
- // Scan all ancestors for NS attributes
- HashMap inScopeNSAttrs = new HashMap();
- for (int i = ancestors.size() - 1; i >= 0; i--)
- {
- Element currentAncestorElem = (Element)ancestors.get(i);
- NamedNodeMap attrs = currentAncestorElem.getAttributes();
- for (int j = 0; j < attrs.getLength(); j++)
- {
- Attr currentAttr = (Attr)attrs.item(j);
- String currentAttrName = currentAttr.getNodeName();
- if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:"))
- {
- inScopeNSAttrs.put(currentAttrName, currentAttr);
- }
- }
- }
-
- // Check if default NS attribute is in list; if value is empty remove it from list
- Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns");
- if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns");
-
- return inScopeNSAttrs;
- }
-}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
deleted file mode 100644
index 7c4731555..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Created on 17.02.2004
- *
- * To change the template for this generated file go to
- * Window>Preferences>Java>Code Generation>Code and Comments
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author rschamberger
- *
- * To change the template for this generated type comment go to
- * Window>Preferences>Java>Code Generation>Code and Comments
- */
-public class HTTPRequestJSPForwarder {
-
- /**
- * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response. HttpServletRequest which should be parsed
- */
- protected final void parseParameters(final HttpServletRequest req)
- {
- queryParamOrder = new Vector();
- queryParameters = new Hashtable();
- bodyParamOrder = new Vector();
- bodyParameters = new Hashtable();
-
- //Insert code for Query string parsing
- String rawQuery = req.getQueryString();
- queryParameters = tokenize(queryParameters, queryParamOrder, rawQuery, DEFAULT_CHARACTER_ENCODING);
-
- //analyze HTTP Post body parameters
- if (req.getMethod().equalsIgnoreCase("POST"))
- {
- //get body encoding
- String enc = req.getCharacterEncoding();
- if (enc == null) enc = DEFAULT_CHARACTER_ENCODING;
-
- if (req.getContentType().equals("application/x-www-form-urlencoded"))
- {
- try
- {
- bodyParameters = parsePostData(bodyParameters, req.getContentLength(), req.getInputStream(), enc);
- }
- catch (IOException e)
- {
- context.log("could not open input stream of reqest \n" + e.toString());
- }
- }
- else
- {
- //TODO add multipart code
- context.log(
- "ERROR other Content-Types than 'application/x-www-form-urlencoded' not supported!");
- }
-
- }// end POST
- }
-
- /**
- * parses the HTTP POST parameters
- *
- * @param ht parameter Hashtable to put parameters in.
- * @param length of content
- * @param instream the ServletInputStream of the request
- * @param encoding encoding of the instream
- *
- * @return the Hashtable with the parsed data
- */
- private Hashtable parsePostData(Hashtable ht, final int length, final ServletInputStream instream,
- final String encoding)
- {
- int inputLen, offset;
- byte[] postedBytes = null;
- boolean dataRemaining = true;
- String postedBody;
-
- StringBuffer sb = new StringBuffer();
-
- if (length <= 0)
- {
- return null;
- }
-
- postedBytes = new byte[length];
- try
- {
- offset = 0;
- while (dataRemaining)
- {
- inputLen = instream.read(postedBytes, offset, length - offset);
- if (inputLen <= 0)
- {
- throw new IOException("read error during reading the HTTP POST body");
- }
- offset += inputLen;
- if ((length - offset) == 0)
- {
- dataRemaining = false;
- }
- }
- }
- catch (IOException e)
- {
- System.out.println("Exception =" + e);
- return null;
- }
-
- postedBody = new String(postedBytes);
- Hashtable ht2 = tokenize(ht, bodyParamOrder, postedBody, encoding);
- return ht2;
- }
-
-
- /**
- * tokenizes parameter strings
- *
- * @param ht parameter Hashtable to put parameters in.
- * @param order Vector in which the order of the tokenized parameters will be stored.
- * @param parameterString String to tokenize.
- * @param encoding which will be used to decode the parameterString.
- *
- * @return the Hashtable with the parsed data
- */
- private Hashtable tokenize(Hashtable ht, Vector order, final String parameterString, final String encoding)
- {
- String[] valArray = null;
-
- if (null == parameterString) return ht;
-
- StringTokenizer st = new StringTokenizer(parameterString, "&");
-
- String key = null;
- String val = null;
-
- while (st.hasMoreTokens())
- {
- String pair = (String) st.nextToken();
- int pos = pair.indexOf('=');
- if (pos == -1)
- {
- throw new IllegalArgumentException();
- }
- try
- {
- key = URLDecoder.decode(pair.substring(0, pos), encoding);
- val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding);
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException();
- }
- if (ht.containsKey(key))
- {
- String oldVals[] = (String[]) ht.get(key);
- valArray = new String[oldVals.length + 1];
- for (int i = 0; i < oldVals.length; i++)
- {
- valArray[i] = oldVals[i];
- }
- valArray[oldVals.length] = val;
- }
- else
- {
- valArray = new String[1];
- valArray[0] = val;
- }
- ht.put(key, valArray);
- order.addElement(key);
- }
- return ht;
-
- }
-
- /**
- * Returns the value of a request parameter as a String, or null if the
- * parameter does not exist. Request parameters are extra information sent with the request. For HTTP
- * servlets, parameters are contained in the query string or posted form data.
- *
- * - * You should only use this method when you are sure the parameter has only one value. If the parameter - * might have more than one value, use {@link #getParameterValues}. - * - *
- * If you use this method with a multivalued parameter, the value returned is equal to the first value in
- * the array returned by getParameterValues.
- *
- *
- * If the parameter data was sent in the request body, such as occurs with an HTTP POST request, then
- * reading the body directly via {@link#getInputStream} or {@link #getReader}can interfere with the
- * execution of this method.
- *
- * @param name a String containing the name of the parameter whose value is requested
- *
- * @return a String representing the single value of the parameter
- *
- * @see #getParameterValues
- *
- */
- public final String getParameter(final String name) {
- String val = getParameter(name, QUERY_PARAM);
- return (null != val) ? val : getParameter(name, BODY_PARAM);
- }
-
- /**
- * Returns the value of a request parameter as a String, or null if the
- * parameter does not exist.
- *
- * @param name a String containing the name of the parameter whose value is requested
- * @param parameterType type of parameter
- * @see at.gv.egovernment.moa.id.util.ParametersInOrderServlet#QUERY_PARAM
- * and @see at.gv.egovernment.moa.id.util.ParametersInOrderServlet#BODY_PARAM
- * @see getParameterValues(String name);
- * @return value of the (single) parameter or null if not availlable
- **/
- public final String getParameter(final String name, final int parameterType)
- {
-
- Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters;
- String[] vals = (String[]) parameters.get(name);
- if (vals == null)
- {
- return null;
- }
- return vals[0];
- }
-
-
- /**
- * Returns an array of String objects containing all of the values the given request
- * parameter has, or null if the parameter does not exist.
- *
- *
- * If the parameter has a single value, the array has a length of 1.
- *
- * @param name a String containing the name of the parameter whose value is requested
- * @param parameterType type of parameter
- * @see at.gv.egovernment.moa.id.util.ParametersInOrderServlet#QUERY_PARAM
- * and @see at.gv.egovernment.moa.id.util.ParametersInOrderServlet#BODY_PARAM
- * @return an array of String objects containing the parameter's values or null
- *
- * @see #getParameter
- */
- public final String getParameterValues(final String name, final int parameterType)
- {
- Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters;
- String[] vals = (String[]) parameters.get(name);
- if (vals == null)
- {
- return null;
- }
- String vallist = vals[0];
- for (int i = 1; i < vals.length; i++)
- {
- vallist = vallist + "," + vals[i];
- }
- return vallist;
- }
-
- /**
- *
- * Returns an Enumeration of String objects containing the names of the
- * parameters contained in this request. If the request has no parameters, the method returns an empty
- * Enumeration.
- * @param parameterType type of parameter
- * @see at.gv.egovernment.moa.id.util.ParametersInOrderServlet#QUERY_PARAM
- * and @see at.gv.egovernment.moa.id.util.ParametersInOrderServlet#BODY_PARAM
- *
- * @return an Enumeration of String objects, each String
- * containing the name of a request parameter; or an empty Enumeration if the
- * request has no parameters
- *
- */
- public final Enumeration getParameterNames(final int parameterType)
- {
- if (QUERY_PARAM == parameterType)
- return queryParamOrder.elements();
- else
- return bodyParamOrder.elements();
- }
-} //End InOrderServletRequestWrapper
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
deleted file mode 100644
index d31aa6ec1..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Locale;
-
-import at.gv.egovernment.moa.util.Messages;
-
-/**
- * A singleton wrapper around a Message object, providing the messages used in MOA-ID.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDMessageProvider {
-
- /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
- private static final String[] DEFAULT_MESSAGE_RESOURCES =
- { "resources/properties/id_messages" };
- /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */
- private static final Locale[] DEFAULT_MESSAGE_LOCALES =
- new Locale[] { new Locale("de", "AT") };
- /** The instance for our singleton */
- private static MOAIDMessageProvider instance;
- /** The Messages */
- private Messages messages;
-
- /**
- * Returns the single instance of MOAIDMessageProvider.
- *
- * @return the single instance of MOAIDMessageProvider
- */
- public static MOAIDMessageProvider getInstance() {
- if (instance == null)
- instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
- return instance;
- }
-
- /**
- * Create a MOAIDMessageProvider.
- *
- * @param resourceNames The names of the resources containing the messages.
- * @param locales The corresponding locales.
- */
- protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
- this.messages = new Messages(resourceNames, locales);
- }
-
- /**
- * Get the message corresponding to a given message ID.
- *
- * @param messageId The ID of the message.
- * @param parameters The parameters to fill in into the message arguments.
- * @return The formatted message.
- */
- public String getMessage(String messageId, Object[] parameters) {
- return messages.getMessage(messageId, parameters);
- }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id.server/src/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
deleted file mode 100644
index 3f5fddba2..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
+++ /dev/null
@@ -1,62 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * @author rschamberger
- *
- */
-/**
- * A Filter class wich uses the InOrderServletRequestWrapper to provide servlets a more precise
- * implementation of the getParameter* family. This implementation cares about the order of the parameters
- * from Query String and HTTP POST Body. Use this as Filter class for Servlets which such needs.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class ParameterInOrderFilter implements Filter
-{
-
- /**
- * filterConfig
- */
- private FilterConfig filterConfig;
-
- /**
- * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
- */
- public final void init(final FilterConfig config)
- {
- this.filterConfig = config;
- }
-
- /**
- * @see javax.servlet.Filter#destroy()
- */
- public final void destroy()
- {
- };
-
- /**
- * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
- * javax.servlet.FilterChain)
- */
- public final void doFilter(final ServletRequest request, final ServletResponse response,
- final FilterChain chain) throws IOException, ServletException
- {
- InOrderServletRequestWrapper sRequ = new InOrderServletRequestWrapper((HttpServletRequest) request,
- filterConfig.getServletContext());
- //parse the Query (and Body) parameters
- sRequ.parseParameters((HttpServletRequest) request);
- //process the rest of filter chain
- chain.doFilter(sRequ, response);
- }
-}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/Random.java b/id.server/src/at/gv/egovernment/moa/id/util/Random.java
deleted file mode 100644
index da75b4213..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/Random.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Date;
-
-/**
- * Random number generator used to generate ID's
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class Random {
-
- /** random number generator used */
- private static java.util.Random random = new java.util.Random(new Date().getTime());
- /**
- * Creates a new random number, to be used as an ID.
- *
- * @return random long as a String
- */
- public static String nextRandom() {
- return "" + random.nextLong();
- }
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
deleted file mode 100644
index 9bdf8a20e..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ /dev/null
@@ -1,180 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.regexp.RE;
-import org.apache.regexp.RESyntaxException;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
-import com.sun.net.ssl.HttpsURLConnection;
-import com.sun.net.ssl.KeyManager;
-import com.sun.net.ssl.SSLContext;
-import com.sun.net.ssl.TrustManager;
-
-/**
- * Utility for a obtaining a secure socket factory using IAIKX509TrustManager.
- * This TrustManager implementation features CRL checking.
- * SSLUtils caches secure socket factories for given ConnectionParameters.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtils {
-
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map sslSocketFactories = new HashMap();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
- public static void initialize() {
- sslSocketFactories = new HashMap();
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
- }
-
- /**
- * Creates an SSLSocketFactory which utilizes an
- * IAIKX509TrustManager for the given trust store,
- * and the given key store.
- *
- * @param conf configuration provider providing a generic properties pointing
- * to trusted CA store and certificate store root
- * @param connParam connection parameter containing the client key store settings
- * to be used in case of client authentication;
- * if connParam.getClientKeyStore() == null, client authentication
- * is assumed to be disabled
- * @return SSLSocketFactory to be used by an HttpsURLConnection
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException while initializing the IAIKX509TrustManager
- */
- public static SSLSocketFactory getSSLSocketFactory(
- ConfigurationProvider conf,
- ConnectionParameter connParam)
- throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
-
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
- }
-
- /**
- * Initializes an IAIKX509TrustManager for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return TrustManager array containing the IAIKX509TrustManager
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the IAIKX509TrustManager
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
- //not using BoolUtils because default value hast to be true!
- boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
- /**
- * Reads a file, given by URL, into a byte array,
- * securing the connection by IAIKX509TrustManager.
- * @param connParam containing URL and accepted server certificates
- * @param conf ConfigurationProvider for reading
- * @return String representation of content
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws GeneralSecurityException on security issues
- */
- public static String readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- URL url = new URL(connParam.getUrl());
- HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
- conn.setRequestMethod("GET");
- conn.setDoInput(true);
- SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam);
- conn.setSSLSocketFactory(sslSocketFactory);
- conn.connect();
- String contentType = conn.getContentType();
- RE regExp = null;
- try {
- regExp = new RE("(;.*charset=)(\"*)(.*[^\"])");
- } catch (RESyntaxException e) {
- //RESyntaxException is not possible = expr. is costant
- }
- boolean charsetSupplied = regExp.match(contentType);
- String encoding = "ISO-8859-1"; //default HTTP encoding
- if (charsetSupplied) {
- encoding = regExp.getParen(3);
- }
- InputStream instream = new BufferedInputStream(conn.getInputStream());
- InputStreamReader isr = new InputStreamReader(instream, encoding);
- Reader in = new BufferedReader(isr);
- int ch;
- StringBuffer buffer = new StringBuffer();
- while ((ch = in.read()) > -1) {
- buffer.append((char)ch);
- }
- in.close();
- conn.disconnect();
- return buffer.toString();
- }
-}
diff --git a/id.server/src/test/MOAIDTestCase.java b/id.server/src/test/MOAIDTestCase.java
deleted file mode 100644
index 725fa1386..000000000
--- a/id.server/src/test/MOAIDTestCase.java
+++ /dev/null
@@ -1,203 +0,0 @@
-package test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.StreamUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-import iaik.ixsil.algorithms.Transform;
-import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
-import iaik.ixsil.exceptions.AlgorithmException;
-import iaik.ixsil.exceptions.InitException;
-import iaik.ixsil.exceptions.URIException;
-import iaik.ixsil.init.IXSILInit;
-import iaik.ixsil.util.URI;
-import test.at.gv.egovernment.moa.MOATestCase;
-
-/*
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDTestCase extends MOATestCase implements Constants {
-
- public static final String XML_DECL =
- "";
- protected static final String nl = "\n";
-
- public MOAIDTestCase(String name) {
- super(name);
- }
-
- protected void initIxsil() throws InitException, URIException {
- IXSILInit.init(new URI("init/properties/init.properties"));
- // Switch on debug information
- IXSILInit.setPrintDebugLog(true);
- }
- //STRING <==> STRING
- protected void assertXmlEquals(String xml1, String xml2)
- throws AlgorithmException, IOException, InitException, URIException{
- initIxsil();
- String canXml1 = canonicalTransform(xml1);
- String canXml2 = canonicalTransform(xml2);
- assertEquals(canXml1, canXml2); }
- // ELEMENT <==> ELEMENT
- protected void assertXmlEquals(Element xml1, Element xml2)
- throws AlgorithmException, IOException, InitException , URIException, TransformerException{
- initIxsil();
- assertEquals(canonicalTransform(DOMUtils.serializeNode(xml1)),canonicalTransform(DOMUtils.serializeNode(xml2)));
- }
- // INPUTSTREAM <==> INPUTSTREAM
- protected void assertXmlEquals(InputStream xml1, InputStream xml2)
- throws AlgorithmException, IOException, InitException , URIException{
- initIxsil();
- assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
- }
- // ELEMENT <==> STRING
- protected void assertXmlEquals(Element xml1, String xml2)
- throws AlgorithmException, IOException, InitException , URIException, TransformerException {
- initIxsil();
- assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
- }
- // ELEMENT <==> INPUTSTREAM
- protected void assertXmlEquals(Element xml1, InputStream xml2)
- throws AlgorithmException, IOException, InitException , URIException, TransformerException{
- initIxsil();
- assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
- }
- // STRING <==> INPUTSTREAM
- protected void assertXmlEquals(String xml1, InputStream xml2)
- throws AlgorithmException, IOException, InitException , URIException{
- initIxsil();
- assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
- }
-
- /**
- * Method canonicalTransform.
- * @param input as STRING
- * @return String
- */
- protected String canonicalTransform(String input)
- throws AlgorithmException, IOException {
-
- Transform tr = new TransformImplExclusiveCanonicalXML();
- InputStream s = new ByteArrayInputStream(input.getBytes("UTF-8"));
- tr.setInput(s, null);
- ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
- return killWhiteSpace(readString(transResult));
- }
- /**
- * Method canonicalTransform.
- * @param input as Element
- * @return String
- */
- protected String canonicalTransform(Element input)
- throws AlgorithmException, IOException {
-
- Transform tr = new TransformImplExclusiveCanonicalXML();
- tr.setInput(XPathUtils.selectNodeList(input, XPathUtils.ALL_NODES_XPATH), null);
- ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
-
- return killWhiteSpace(readString(transResult));
- }
-
- /**
- * Method canonicalTransform.
- * @param input as InputStream
- * @return String
- */
- protected String canonicalTransform(InputStream input)
- throws AlgorithmException, IOException {
-
- Transform tr = new TransformImplExclusiveCanonicalXML(); tr.setInput(input, null);
- ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
-
- return killWhiteSpace(readString(transResult));
- }
-
- public static String killWhiteSpace(String input)
- {
- int start=0;
- int ende;
- String result;
- String middle;
- result = input;
- do {
- start = result.indexOf(">", start);
- ende = result.indexOf("<", start);
- middle = result.substring(start+1,ende).trim();
- result = result.substring(0,start+1) +middle + result.substring(ende,result.length());
- start++;
- } while (result.indexOf("<", ende + 1)>0);
-
- return result;
- }
-
- /**
- * Method killExclusive.: The values startsWith and endsWith will be included into the answer.
- * @param input
- * @param startsWith
- * @param endsWith
- * @param newValue
- * @return String
- */
- public static String killExclusive(String input, String startsWith, String endsWith, String newValue)
- {
- int start=0;
- int ende;
- String result;
- result = input;
- do {
- start = result.indexOf(startsWith, start) + startsWith.length();
- ende = result.indexOf(endsWith, start);
- result = result.substring(0,start) + newValue + result.substring(ende,result.length());
- start++;
- } while (result.indexOf(startsWith, ende + 1)>0);
-
- return result;
- }
-
- /**
- * Method killInclusive. : The values startsWith and endsWith will NOT be included into the answer.
- * @param input
- * @param startsWith
- * @param endsWith
- * @param newValue
- * @return String
- */
- public static String killInclusive(String input, String startsWith, String endsWith, String newValue)
- {
- int start=0;
- int ende;
- String result;
- result = input;
- do {
- start = result.indexOf(startsWith, start) + startsWith.length();
- ende = result.indexOf(endsWith, start);
- result = result.substring(0,start - startsWith.length() ) + newValue + result.substring(ende + endsWith.length(),result.length());
- start++;
- } while (result.indexOf(startsWith, ende + 1)>0);
-
- return result;
- }
-
- protected String readFile(String filename) throws IOException {
- return readFile(filename, "UTF-8");
- }
- protected String readFile(String filename, String encoding) throws IOException {
- return FileUtils.readFile(filename, encoding);
- }
- protected String readString(InputStream input) throws IOException
- {
- return StreamUtils.readStream(input, "UTF-8");
- }
-
-}
diff --git a/id.server/src/test/abnahme/A/Test100StartAuthentication.java b/id.server/src/test/abnahme/A/Test100StartAuthentication.java
deleted file mode 100644
index 0d72691aa..000000000
--- a/id.server/src/test/abnahme/A/Test100StartAuthentication.java
+++ /dev/null
@@ -1,171 +0,0 @@
-package test.abnahme.A;
-
-import test.abnahme.AbnahmeTestCase;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-
-/**
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class Test100StartAuthentication extends AbnahmeTestCase {
-
- public Test100StartAuthentication(String name) {
- super(name);
- }
-
- public void testA101() throws Exception {
- try {
- String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
- "gb", //target
- "http://localhost:9080/", //oaURL
- "file:" + findXmldata("AuthTemplate.html"),
- "http://localhost:3495/http-security-layer-request",
- null);
- htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
- //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
- assertEquals(readXmldata("htmlForm.html"),htmlForm);
- System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA102() throws Exception {
- try {
- String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
- "gb", //target
- "http://localhost:9080/", //oaURL
- null,
- "http://localhost:3495/http-security-layer-request", null);
- htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
- //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
- assertEquals(readXmldata("htmlForm.html"),htmlForm);
-
- System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA103() throws Exception {
- try {
- String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
- "gb", //target
- "http://localhost:9080/", //oaURL
- "file:" + findXmldata("AuthTemplate.html"),
- null,
- null);
- htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
- //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
- assertEquals(readXmldata("htmlForm.html"),htmlForm);
- System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA151() throws Exception {
- try {
- try {
- server.startAuthentication(null, //authURL
- "gb", //target
- "http://localhost:9080/", //oaURL
- null, null, null);
- //assertEquals("",htmlForm);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (WrongParametersException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
-
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA152() throws Exception {
- try {
- try {
- server.startAuthentication("http://localhost:8080/auth", //authURL
- "gb", "http://localhost:9080/", //oaURL
- null, null, null);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA153() throws Exception {
- try {
- try {
- server.startAuthentication("https://localhost:8443/auth", //authURL
- "gb", "http://host_not_in_config/", //oaURL
- null, null, null);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
-
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA154() throws Exception {
- try {
- try {
- server.startAuthentication("https://localhost:8443/auth", //authURL
- "gb", null, //oaURL
- null, null, null);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (WrongParametersException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA155() throws Exception {
- try {
- try {
- server.startAuthentication("https://localhost:8443/auth", //authURL
- null, "http://localhost:9080/", //oaURL
- null, null, null);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (WrongParametersException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- //assertEquals("",htmlForm);
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
-}
diff --git a/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java b/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java
deleted file mode 100644
index ed4410521..000000000
--- a/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java
+++ /dev/null
@@ -1,336 +0,0 @@
-package test.abnahme.A;
-
-import org.w3c.dom.Element;
-import test.abnahme.AbnahmeTestCase;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
-import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-
-/**
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class Test200VerifyIdentityLink extends AbnahmeTestCase {
-
- public Test200VerifyIdentityLink(String name) {
- super(name);
- }
-
- public void testA201() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
-
- String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse);
-
- InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
- IdentityLink idl = irrp.parseIdentityLink();
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
-
- VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
- VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
-
- /*
- * HINWEIS: clearSamlAssertion löscht aus einer beliebiegen String-Repräsentation einer XML-Struktur
- * AUSSLIESSLICH die Attribute IssueInstand und die AssertionID heraus, von dem her ist diese
- * Method hier verwendbar
- */
-
- assertXmlEquals(clearSamlAssertion(readXmldata("CreateXMLSignatureRequest.xml")), clearSamlAssertion(createXMLSignatureRequest));
- System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
-
- }
- public void testA251() throws Exception {
- try {
- startAuthentication();
- String sessionID = "0";
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA252() throws Exception {
- try {
- String sessionID = startAuthentication();
-
- server.setSecondsSessionTimeOut(-100);
- server.cleanup();
- server.setSecondsSessionTimeOut(1000);
-
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
-
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA253() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA254() throws Exception {
- try {
- String sessionID = startAuthentication();
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA255() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- }
- catch (ParseException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA256() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
-
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA257() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
-
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA258() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA259() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA260() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA261() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
-
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
-
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA262() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- new InfoboxReadResponseParser(infoboxReadResponse).parseIdentityLink();
- // System.out.println(infoboxReadResponse);
-
- try {
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA263() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
- IdentityLink idl = irrp.parseIdentityLink();
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
-
- VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
-
- // String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse);
- // System.out.println(createXMLSignatureRequest);
- // String createXMLSignatureResponse = readFile(TESTDATA_ROOT + "xmldata/standard/"+"CreateXMLSignatureResponse.xml");
- // String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
- try {
- VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), new String[] { "CN=TEST,OU=TEST,O=TEST,C=AT" }, VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
- System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
- fail(this.getName() + " hat KEINE FEHLER geworfen");
- }
- catch (ValidateException e) {
- System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-}
diff --git a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
deleted file mode 100644
index de4fe8fbf..000000000
--- a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
+++ /dev/null
@@ -1,597 +0,0 @@
-package test.abnahme.A;
-
-import java.util.Calendar;
-
-import org.w3c.dom.Element;
-import test.abnahme.AbnahmeTestCase;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
-import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-
-/**
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-
-public class Test300VerifyAuthBlock extends AbnahmeTestCase {
-
- public Test300VerifyAuthBlock(String name) {
- super(name);
- }
-
- public void testA301() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- //authDataWriter(authData,this.getName()+"new.xml");
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA302() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- //authDataWriter(authData,this.getName()+"new.xml");
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA303() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA304() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA305() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA306() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA307() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA308() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServer(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
-
- }
-
- public void testA309() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA310() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA311() throws Exception {
- try {
- String sessionID = startAuthentication();
- AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
- assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA351() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
- IdentityLink idl = irrp.parseIdentityLink();
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
- //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
- // System.out.println(createXMLSignatureRequest);
- String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
-
- // nicht existierende Session....
- try {
- server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
- fail();
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
-
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA352() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- server.setSecondsSessionTimeOut(-100);
- server.cleanup();
- InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
- IdentityLink idl = irrp.parseIdentityLink();
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
- //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
- // System.out.println(createXMLSignatureRequest);
- String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
-
- // abgelaufene Session....
- server.setSecondsSessionTimeOut(1000);
- try {
- server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
- fail();
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
-
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA353() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
-
- String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
-
- // Session for VerifyIdentityLink-Aufruf
- try {
-
- server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
- fail();
- }
- //NOCH SEHR UNSCHÖN..... (fliegt raus im AuthenticationServer, Methode buildAuthenticationData
- // ( IdentityLink identityLink = session.getIdentityLink(); ==> liefert dann NULL...
- catch (NullPointerException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA354() throws Exception {
- try {
- String sessionID = startAuthentication();
- System.out.println(sessionID);
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
- IdentityLink idl = irrp.parseIdentityLink();
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
- //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
- // System.out.println(createXMLSignatureRequest);
- String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
-
- // nicht existierende Session....
-
- server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
- try {
- server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
- fail();
- }
- catch (AuthenticationException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA355() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ParseException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA356() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ParseException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA357() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA358() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA359() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA360() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA361() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
- public void testA362() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA363() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testA364() throws Exception {
- try {
- String sessionID = startAuthentication();
- try {
-
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {
- System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
- }
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- /* public void testA365() throws Exception {
- String sessionID = startAuthentication();
- try {
- // wegen sinnlosigkeit gestrichen
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
- }*/
-
- public void testA366() throws Exception {
-
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
- }
- public void testA367() throws Exception {
- String sessionID = startAuthentication();
- try {
- initServer(sessionID);
- fail();
- }
- catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
- }
-
-
- private AuthenticationData initServer(String sessionID) throws Exception {
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
- IdentityLink idl = irrp.parseIdentityLink();
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
- //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
- // System.out.println(createXMLSignatureRequest);
- String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
- // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
- String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
- AuthenticationData authData = server.getAuthenticationData(samlArtifact);
- return authData;
- }
-
- private AuthenticationData initServerWithoutValidateAuthBlock(String sessionID) throws Exception {
- String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
- server.verifyIdentityLink(sessionID, infoboxReadResponse);
- InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
- IdentityLink idl = irrp.parseIdentityLink();
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
- //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
- // System.out.println(createXMLSignatureRequest);
- String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
- // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- // parses