From 49acb697426d3c313ad047449ea62ac1bf3f4fd0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Jul 2013 12:01:21 +0200 Subject: MOA-ID 2.x Configuration implemented -SSO deaktivated -Login with mandate and normal tested --- .../moa/id/auth/AuthenticationServer.java | 1110 ++++++++------------ .../moa/id/auth/MOAIDAuthInitializer.java | 47 +- .../builder/CreateXMLSignatureRequestBuilder.java | 12 +- .../moa/id/auth/builder/DataURLBuilder.java | 38 +- .../builder/InfoboxValidatorParamsBuilder.java | 6 +- .../moa/id/auth/builder/LoginFormBuilder.java | 10 +- .../moa/id/auth/builder/RedirectFormBuilder.java | 43 + .../moa/id/auth/builder/SAMLArtifactBuilder.java | 2 +- .../builder/VerifyXMLSignatureRequestBuilder.java | 30 +- .../moa/id/auth/data/AuthenticationSession.java | 28 +- .../StartAuthentificationParameterParser.java | 40 +- .../moa/id/auth/servlet/AuthServlet.java | 13 +- .../servlet/GenerateIFrameTemplateServlet.java | 87 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 100 +- .../auth/servlet/ProcessValidatorInputServlet.java | 232 ++-- .../moa/id/auth/servlet/RedirectServlet.java | 37 + .../moa/id/auth/servlet/SelectBKUServlet.java | 178 ++-- .../CreateXMLSignatureResponseValidator.java | 2 +- .../VerifyXMLSignatureResponseValidator.java | 2 +- .../validator/parep/ParepInputProcessorImpl.java | 486 ++++----- .../id/auth/validator/parep/ParepValidator.java | 1104 +++++++++---------- .../validator/parep/config/ParepConfiguration.java | 762 +++++++------- 22 files changed, 2178 insertions(+), 2191 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f7c0ff812..214a1df7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -160,12 +160,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * time out in milliseconds used by {@link cleanup} for session store */ - private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes /** * Returns the single instance of AuthenticationServer. @@ -185,140 +186,144 @@ public class AuthenticationServer implements MOAIDAuthConstants { super(); } - /** - * Processes request to select a BKU.
- * Processing depends on value of - * {@link AuthConfigurationProvider#getBKUSelectionType}.
- * For bkuSelectionType==HTMLComplete, a returnURI - * for the "BKU Auswahl" service is returned.
- * For bkuSelectionType==HTMLSelect, an HTML form for BKU - * selection is returned. - * - * @param authURL - * base URL of MOA-ID Auth component - * @param target - * "Geschäftsbereich" - * @param oaURL - * online application URL requested - * @param bkuSelectionTemplateURL - * template for BKU selection form to be used in case of - * HTMLSelect; may be null - * @param templateURL - * URL providing an HTML template for the HTML form to be used - * for call startAuthentication - * @return for bkuSelectionType==HTMLComplete, the - * returnURI for the "BKU Auswahl" service; for - * bkuSelectionType==HTMLSelect, an HTML form for BKU - * selection - * @throws WrongParametersException - * upon missing parameters - * @throws AuthenticationException - * when the configured BKU selection service cannot be reached, - * and when the given bkuSelectionTemplateURL cannot be reached - * @throws ConfigurationException - * on missing configuration data - * @throws BuildException - * while building the HTML form - */ - public String selectBKU(String authURL, String target, String oaURL, - String bkuSelectionTemplateURL, String templateURL) - throws WrongParametersException, AuthenticationException, - ConfigurationException, BuildException { - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL - + "*" }); - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.05"); - - ConnectionParameter bkuConnParam = AuthConfigurationProvider - .getInstance().getBKUConnectionParameter(); - if (bkuConnParam == null) - throw new ConfigurationException("config.08", - new Object[] { "BKUSelection/ConnectionParameter" }); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (!isEmpty(target)) { - Logger - .info("Ignoring target parameter thus application type is \"businessService\""); - } - target = null; - } - - AuthenticationSession session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - - String returnURL = new DataURLBuilder().buildDataURL(authURL, - REQ_START_AUTHENTICATION, session.getSessionID()); - String bkuSelectionType = AuthConfigurationProvider.getInstance() - .getBKUSelectionType(); - if (bkuSelectionType - .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = bkuConnParam.getUrl() + "?" - + AuthServlet.PARAM_RETURN + "=" + returnURL; - return redirectURL; - } else { - // bkuSelectionType==HTMLSelect - String bkuSelectTag; - try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider - .getInstance(), bkuConnParam); - } catch (Throwable ex) { - throw new AuthenticationException("auth.11", new Object[] { - bkuConnParam.getUrl(), ex.toString() }, ex); - } - String bkuSelectionTemplate = null; - // override template url by url from configuration file - if (oaParam.getBkuSelectionTemplateURL() != null) { - bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); - } - if (bkuSelectionTemplateURL != null) { - try { - bkuSelectionTemplate = new String(FileUtils - .readURL(bkuSelectionTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - bkuSelectionTemplateURL, ex.toString() }, ex); - } - } - String htmlForm = new SelectBKUFormBuilder().build( - bkuSelectionTemplate, returnURL, bkuSelectTag); - return htmlForm; - } - } +// /** +// * Processes request to select a BKU.
+// * Processing depends on value of +// * {@link AuthConfigurationProvider#getBKUSelectionType}.
+// * For bkuSelectionType==HTMLComplete, a returnURI +// * for the "BKU Auswahl" service is returned.
+// * For bkuSelectionType==HTMLSelect, an HTML form for BKU +// * selection is returned. +// * +// * @param authURL +// * base URL of MOA-ID Auth component +// * @param target +// * "Geschäftsbereich" +// * @param oaURL +// * online application URL requested +// * @param bkuSelectionTemplateURL +// * template for BKU selection form to be used in case of +// * HTMLSelect; may be null +// * @param templateURL +// * URL providing an HTML template for the HTML form to be used +// * for call startAuthentication +// * @return for bkuSelectionType==HTMLComplete, the +// * returnURI for the "BKU Auswahl" service; for +// * bkuSelectionType==HTMLSelect, an HTML form for BKU +// * selection +// * @throws WrongParametersException +// * upon missing parameters +// * @throws AuthenticationException +// * when the configured BKU selection service cannot be reached, +// * and when the given bkuSelectionTemplateURL cannot be reached +// * @throws ConfigurationException +// * on missing configuration data +// * @throws BuildException +// * while building the HTML form +// */ +// public String selectBKU(String authURL, String target, String oaURL, +// String bkuSelectionTemplateURL, String templateURL) +// throws WrongParametersException, AuthenticationException, +// ConfigurationException, BuildException { +// +// // check if HTTP Connection may be allowed (through +// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +// if ((!authURL.startsWith("https:")) +// && (false == BoolUtils.valueOf(boolStr))) +// throw new AuthenticationException("auth.07", new Object[] { authURL +// + "*" }); +// if (isEmpty(authURL)) +// throw new WrongParametersException("StartAuthentication", +// "AuthURL", "auth.05"); +// if (isEmpty(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.05"); +// +// ConnectionParameter bkuConnParam = AuthConfigurationProvider +// .getInstance().getBKUConnectionParameter(); +// if (bkuConnParam == null) +// throw new ConfigurationException("config.08", +// new Object[] { "BKUSelection/ConnectionParameter" }); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// if (!oaParam.getBusinessService()) { +// if (isEmpty(target)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_TARGET, "auth.05"); +// } else { +// if (!isEmpty(target)) { +// Logger +// .info("Ignoring target parameter thus application type is \"businessService\""); +// } +// target = null; +// } +// +// AuthenticationSession session = newSession(); +// Logger.info("MOASession " + session.getSessionID() + " angelegt"); +// session.setTarget(target); +// session.setOAURLRequested(oaURL); +// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); +// session.setAuthURL(authURL); +// session.setTemplateURL(templateURL); +// session.setBusinessService(oaParam.getBusinessService()); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +// +// String returnURL = new DataURLBuilder().buildDataURL(authURL, +// REQ_START_AUTHENTICATION, session.getSessionID()); +// String bkuSelectionType = AuthConfigurationProvider.getInstance() +// .getBKUSelectionType(); +// if (bkuSelectionType +// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = bkuConnParam.getUrl() + "?" +// + AuthServlet.PARAM_RETURN + "=" + returnURL; +// return redirectURL; +// } else { +// // bkuSelectionType==HTMLSelect +// String bkuSelectTag; +// try { +// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider +// .getInstance(), bkuConnParam); +// } catch (Throwable ex) { +// throw new AuthenticationException("auth.11", new Object[] { +// bkuConnParam.getUrl(), ex.toString() }, ex); +// } +// String bkuSelectionTemplate = null; +// +// //removed in MOAID 2.0 +// // override template url by url from configuration file +//// if (oaParam.getBkuSelectionTemplateURL() != null) { +//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); +//// } +// +//// if (bkuSelectionTemplateURL != null) { +//// try { +//// bkuSelectionTemplate = new String(FileUtils +//// .readURL(bkuSelectionTemplateURL)); +//// } catch (IOException ex) { +//// throw new AuthenticationException("auth.03", new Object[] { +//// bkuSelectionTemplateURL, ex.toString() }, ex); +//// } +//// } +// +// String htmlForm = new SelectBKUFormBuilder().build( +// bkuSelectionTemplate, returnURL, bkuSelectTag); +// return htmlForm; +// } +// } /** * Method readBKUSelectTag. @@ -416,24 +421,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { //build ReadInfobox request String infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam + oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); + //removed in MOAID 2.0 String pushInfobox = ""; - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); - if (verifyInfoboxParameters != null) { - pushInfobox = verifyInfoboxParameters.getPushInfobox(); - session.setPushInfobox(pushInfobox); - } +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// if (verifyInfoboxParameters != null) { +// pushInfobox = verifyInfoboxParameters.getPushInfobox(); +// session.setPushInfobox(pushInfobox); +// } //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(oaParam.getSlVersion12()); + .build(oaParam.isSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); @@ -575,8 +581,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam - .getProvideStammzahl()); + + //TODO: check correctness +// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam +// .getProvideStammzahl()); + verifyInfoboxes(session, infoboxReadResponseParameters, false); //TODO: make it better!! @@ -665,13 +674,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); - String sMandate = new String(mandate.getMandate()); - if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { - Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -680,6 +682,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -693,30 +699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } - - if (oaParam.getProvideFullMandatorData()) { - try { - // set extended SAML attributes if provideMandatorData is true - setExtendedSAMLAttributeForMandates(session, mandate, oaParam - .getBusinessService(), oaParam.getProvideStammzahl()); - - //AuthenticationSessionStoreage.storeSession(session); - - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - } - + } /** @@ -766,14 +749,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); return createXMLSignatureRequest; } @@ -831,14 +814,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); System.out.println("XML: " + createXMLSignatureRequest); @@ -1156,18 +1139,26 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getInstance(); // get the default VerifyInfobox parameters Map defaultInfoboxParameters = null; - VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider - .getDefaultVerifyInfoboxParameters(); - if (defaultVerifyInfoboxParameters != null) { - defaultInfoboxParameters = defaultVerifyInfoboxParameters - .getInfoboxParameters(); - } + + //removed in MOA-ID 2.0 +// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider +// .getDefaultVerifyInfoboxParameters(); +// if (defaultVerifyInfoboxParameters != null) { +// defaultInfoboxParameters = defaultVerifyInfoboxParameters +// .getInfoboxParameters(); +// } + // get the OA specific VerifyInfobox parameters Map infoboxParameters = null; OAAuthParameter oaParam = authConfigurationProvider .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); + + //TODO: check correctness!!!! + //removed in MOAID 2.0 +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// VerifyInfoboxParameters verifyInfoboxParameters = null; + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML // Attributes session.setExtendedSAMLAttributesOA(new Vector()); @@ -1175,191 +1166,191 @@ public class AuthenticationServer implements MOAIDAuthConstants { // System.out.println("SAML set: " + // session.getExtendedSAMLAttributesAUTH().size()); - if (verifyInfoboxParameters != null) { - - infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); - // get the list of infobox identifiers - List identifiers = verifyInfoboxParameters.getIdentifiers(); - if (identifiers != null) { - // step through the identifiers and verify the infoboxes - Iterator it = identifiers.iterator(); - while (it.hasNext()) { - String identifier = (String) it.next(); - // get the infobox read response from the map of parameters - String infoboxReadResponse = (String) infoboxReadResponseParams - .get(identifier); - // get the configuration parameters - VerifyInfoboxParameter verifyInfoboxParameter = null; - Object object = infoboxParameters.get(identifier); - // if not present, use default - if ((object == null) && (defaultInfoboxParameters != null)) { - object = defaultInfoboxParameters.get(identifier); - } - if (object != null) { - verifyInfoboxParameter = (VerifyInfoboxParameter) object; - } - if (infoboxReadResponse != null) { - if (verifyInfoboxParameter == null) { - // should not happen because of the pushinfobox - // mechanism; check it anyway - Logger.error("No validator for verifying \"" - + identifier + "\"-infobox configured."); - throw new ValidateException("validator.41", - new Object[] { identifier }); - } else { - String friendlyName = verifyInfoboxParameter - .getFriendlyName(); - boolean isParepRequest = false; - - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = ExtendedInfoboxReadResponseParser - .parseInfoboxReadResponse( - infoboxReadResponse, - friendlyName); - } catch (ParseException e) { - Logger - .error("InfoboxReadResponse for \"" - + identifier - + "\"-infobox could not be parsed successfully: " - + e.getMessage()); - throw new ValidateException("validator.43", - new Object[] { friendlyName }); - } - // set compatibility mode for mandates infobox and - // all infoboxes (it is possible to be a parep - // infobox) - // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); - // check for party representation in mandates - // infobox - if (Constants.INFOBOXIDENTIFIER_MANDATES - .equalsIgnoreCase(identifier) - && !((infoboxTokenList == null || infoboxTokenList - .size() == 0))) { - // We need app specific parameters - if (null == verifyInfoboxParameter - .getApplicationSpecificParams()) { - throw new ValidateException("validator.66", - new Object[] { friendlyName }); - } - Element mandate = ParepValidator - .extractPrimaryToken(infoboxTokenList); - // ParepUtils.serializeElement(mandate, - // System.out); - String mandateID = ParepUtils - .extractRepresentativeID(mandate); - if (!isEmpty(mandateID) - && ("*".equals(mandateID) || mandateID - .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { - isParepRequest = true; - } - if (!isParepRequest) { - // if mandates validator is disabled we must - // throw an error in this case - if (!ParepUtils - .isValidatorEnabled(verifyInfoboxParameter - .getApplicationSpecificParams())) { - throw new ValidateException( - "validator.60", - new Object[] { friendlyName }); - } - } - } - - // get the class for validating the infobox - InfoboxValidator infoboxValidator = null; - try { - Class validatorClass = null; - if (isParepRequest) { - // Mandates infobox in party representation - // mode - validatorClass = Class - .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); - } else { - validatorClass = Class - .forName(verifyInfoboxParameter - .getValidatorClassName()); - } - infoboxValidator = (InfoboxValidator) validatorClass - .newInstance(); - } catch (Exception e) { - Logger - .error("Could not load validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox: " - + e.getMessage()); - throw new ValidateException("validator.42", - new Object[] { friendlyName }); - } - Logger - .debug("Successfully loaded validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox."); - // build the parameters for validating the infobox - InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder - .buildInfoboxValidatorParams(session, - verifyInfoboxParameter, - infoboxTokenList, oaParam); - - // now validate the infobox - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxValidator - .validate(infoboxValidatorParams); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - - Logger.info(identifier - + " infobox successfully validated."); - // store the validator for post processing - session.addInfoboxValidator(identifier, - friendlyName, infoboxValidator); - - // get the SAML attributes to be appended to the - // AUTHBlock or to the final - // SAML Assertion - AddAdditionalSAMLAttributes(session, - infoboxValidationResult - .getExtendedSamlAttributes(), - identifier, friendlyName); - } - } else { - if ((verifyInfoboxParameter != null) - && (verifyInfoboxParameter.isRequired())) { - Logger - .info("Infobox \"" - + identifier - + "\" is required, but not returned from the BKU"); - throw new ValidateException("validator.48", - new Object[] { verifyInfoboxParameter - .getFriendlyName() }); - } - Logger.debug("Infobox \"" + identifier - + "\" not returned from BKU."); - } - } - } - } +// if (verifyInfoboxParameters != null) { +// +// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); +// // get the list of infobox identifiers +// List identifiers = verifyInfoboxParameters.getIdentifiers(); +// if (identifiers != null) { +// // step through the identifiers and verify the infoboxes +// Iterator it = identifiers.iterator(); +// while (it.hasNext()) { +// String identifier = (String) it.next(); +// // get the infobox read response from the map of parameters +// String infoboxReadResponse = (String) infoboxReadResponseParams +// .get(identifier); +// // get the configuration parameters +// VerifyInfoboxParameter verifyInfoboxParameter = null; +// Object object = infoboxParameters.get(identifier); +// // if not present, use default +// if ((object == null) && (defaultInfoboxParameters != null)) { +// object = defaultInfoboxParameters.get(identifier); +// } +// if (object != null) { +// verifyInfoboxParameter = (VerifyInfoboxParameter) object; +// } +// if (infoboxReadResponse != null) { +// if (verifyInfoboxParameter == null) { +// // should not happen because of the pushinfobox +// // mechanism; check it anyway +// Logger.error("No validator for verifying \"" +// + identifier + "\"-infobox configured."); +// throw new ValidateException("validator.41", +// new Object[] { identifier }); +// } else { +// String friendlyName = verifyInfoboxParameter +// .getFriendlyName(); +// boolean isParepRequest = false; +// +// // parse the infobox read reponse +// List infoboxTokenList = null; +// try { +// infoboxTokenList = ExtendedInfoboxReadResponseParser +// .parseInfoboxReadResponse( +// infoboxReadResponse, +// friendlyName); +// } catch (ParseException e) { +// Logger +// .error("InfoboxReadResponse for \"" +// + identifier +// + "\"-infobox could not be parsed successfully: " +// + e.getMessage()); +// throw new ValidateException("validator.43", +// new Object[] { friendlyName }); +// } +// // set compatibility mode for mandates infobox and +// // all infoboxes (it is possible to be a parep +// // infobox) +// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); +// // check for party representation in mandates +// // infobox +// if (Constants.INFOBOXIDENTIFIER_MANDATES +// .equalsIgnoreCase(identifier) +// && !((infoboxTokenList == null || infoboxTokenList +// .size() == 0))) { +// // We need app specific parameters +// if (null == verifyInfoboxParameter +// .getApplicationSpecificParams()) { +// throw new ValidateException("validator.66", +// new Object[] { friendlyName }); +// } +// Element mandate = ParepValidator +// .extractPrimaryToken(infoboxTokenList); +// // ParepUtils.serializeElement(mandate, +// // System.out); +// String mandateID = ParepUtils +// .extractRepresentativeID(mandate); +// if (!isEmpty(mandateID) +// && ("*".equals(mandateID) || mandateID +// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { +// isParepRequest = true; +// } +// if (!isParepRequest) { +// // if mandates validator is disabled we must +// // throw an error in this case +// if (!ParepUtils +// .isValidatorEnabled(verifyInfoboxParameter +// .getApplicationSpecificParams())) { +// throw new ValidateException( +// "validator.60", +// new Object[] { friendlyName }); +// } +// } +// } +// +// // get the class for validating the infobox +// InfoboxValidator infoboxValidator = null; +// try { +// Class validatorClass = null; +// if (isParepRequest) { +// // Mandates infobox in party representation +// // mode +// validatorClass = Class +// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); +// } else { +// validatorClass = Class +// .forName(verifyInfoboxParameter +// .getValidatorClassName()); +// } +// infoboxValidator = (InfoboxValidator) validatorClass +// .newInstance(); +// } catch (Exception e) { +// Logger +// .error("Could not load validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox: " +// + e.getMessage()); +// throw new ValidateException("validator.42", +// new Object[] { friendlyName }); +// } +// Logger +// .debug("Successfully loaded validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox."); +// // build the parameters for validating the infobox +// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder +// .buildInfoboxValidatorParams(session, +// verifyInfoboxParameter, +// infoboxTokenList, oaParam); +// +// // now validate the infobox +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxValidator +// .validate(infoboxValidatorParams); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// +// Logger.info(identifier +// + " infobox successfully validated."); +// // store the validator for post processing +// session.addInfoboxValidator(identifier, +// friendlyName, infoboxValidator); +// +// // get the SAML attributes to be appended to the +// // AUTHBlock or to the final +// // SAML Assertion +// AddAdditionalSAMLAttributes(session, +// infoboxValidationResult +// .getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } else { +// if ((verifyInfoboxParameter != null) +// && (verifyInfoboxParameter.isRequired())) { +// Logger +// .info("Infobox \"" +// + identifier +// + "\" is required, but not returned from the BKU"); +// throw new ValidateException("validator.48", +// new Object[] { verifyInfoboxParameter +// .getFriendlyName() }); +// } +// Logger.debug("Infobox \"" + identifier +// + "\" not returned from BKU."); +// } +// } +// } +// } } /** @@ -1378,18 +1369,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws IOException * @throws SAXException */ - private void setExtendedSAMLAttributeForMandates( + private void validateExtendedSAMLAttributeForMandates( AuthenticationSession session, MISMandate mandate, - boolean business, boolean provideStammzahl) + boolean business) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes( - mandate, business, provideStammzahl); + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } } /** @@ -1421,56 +1417,56 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - /** - * Intermediate processing of the infoboxes. The first pending infobox - * validator may validate the provided input - * - * @param session - * The current authentication session - * @param parameters - * The parameters got returned by the user input fields - */ - public static void processInput(AuthenticationSession session, - Map parameters) throws ValidateException { - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector - .get(1); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator - .validate(parameters); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } - } - } - } +// /** +// * Intermediate processing of the infoboxes. The first pending infobox +// * validator may validate the provided input +// * +// * @param session +// * The current authentication session +// * @param parameters +// * The parameters got returned by the user input fields +// */ +// public static void processInput(AuthenticationSession session, +// Map parameters) throws ValidateException { +// +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// if (iter != null) { +// while (iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector +// .get(1); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator +// .validate(parameters); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } +// } +// } /** * Adds given SAML Attributes to the current session. They will be appended @@ -1581,7 +1577,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws TransformerException */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( MISMandate mandate, boolean business, boolean provideStammzahl) throws SAXException, IOException, ParserConfigurationException, TransformerException { @@ -1733,7 +1729,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return doc.getDocumentElement(); } - private static void replaceExtendedSAMLAttribute(List attributes, + protected static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { if (null == attributes) { attributes = new Vector(); @@ -1813,7 +1809,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // validates new CreateXMLSignatureResponseValidator().validate(csresp, session); // builds a for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); @@ -1997,223 +1993,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(AuthenticationSession session, - Element mandate) throws AuthenticationException, BuildException, - ParseException, ConfigurationException, ServiceException, - ValidateException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - //AuthenticationSession session = getSession(sessionID); - // AuthConfigurationProvider authConf = - // AuthConfigurationProvider.getInstance(); - - IdentityLink tempIdentityLink = null; - - if (session.getUseMandate()) { - tempIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils - .extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, - "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical - && session.getBusinessService() - && identificationType != null - && Constants.URN_PREFIX_BASEID - .equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the - // BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" - + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK( - identificationValue, session.getDomainIdentifier()); - ParepUtils - .HideStammZahlen(prPerson, true, null, null, true); - } - - tempIdentityLink.setDateOfBirth(dateOfBirth); - tempIdentityLink.setFamilyName(familyName); - tempIdentityLink.setGivenName(givenName); - tempIdentityLink.setIdentificationType(identificationType); - tempIdentityLink.setIdentificationValue(identificationValue); - tempIdentityLink.setPrPerson(prPerson); - try { - tempIdentityLink.setSamlAssertion(session.getIdentityLink() - .getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - - } - - } - - // builds authentication data and stores it together with a SAML - // artifact - - // TODO: Check, if this element is in use!!!! - //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, - // vsresp, - // replacementIdentityLink); - - - Element mandatePerson = tempIdentityLink.getPrPerson(); -// try { -// System.out.println("MANDATE: " + -// DOMUtils.serializeNode(mandatePerson)); -// } -// catch(Exception e) { -// e.printStackTrace(); -// } - String mandateData = null; - boolean useCondition = false; - int conditionLength = -1; - try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - useCondition = oaParam.getUseCondition(); - conditionLength = oaParam.getConditionLength(); - - String oatargetType; - - if(session.getBusinessService()) { - oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); - - } else { - oatargetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); - } - - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - - if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { - - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); - - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); - } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); - } - } - - } else { - -// Element identificationBpK = mandatePerson.getOwnerDocument() -// .createElementNS(Constants.PD_NS_URI, "Identification"); -// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Value"); -// -// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// tempIdentityLink.getIdentificationValue())); -// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Type"); -// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// "urn:publicid:gv.at:cdid+bpk")); -// identificationBpK.appendChild(valueBpK); -// identificationBpK.appendChild(typeBpK); -// -// mandatePerson.insertBefore(identificationBpK, prIdentification); - } - - - mandateData = DOMUtils.serializeNode(mandatePerson); - - } catch (TransformerException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } catch (IOException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - - //TODO: Check, if this element is in use!!! - //session.setAuthData(authData); - - session.setMandateData(mandateData); - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - String oldsessionID = session.getSessionID(); - - //Session is implicite stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - return newMOASessionID; - - /* - String samlAssertion = new AuthenticationDataAssertionBuilder() - .buildMandate(authData, session.getAssertionPrPerson(), - mandateData, session.getAssertionAuthBlock(), session - .getAssertionIlAssertion(), - session.getBkuURL(), session - .getAssertionSignerCertificateBase64(), session - .getAssertionBusinessService(), session - .getSourceID(), session - .getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } - - String samlArtifact = new SAMLArtifactBuilder().build(session - .getAuthURL(), session.getSessionID(), session.getSourceID()); - storeAuthenticationData(samlArtifact, authData); - - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact;*/ - - } - - private Element createIdentificationBPK(Element mandatePerson, + protected Element createIdentificationBPK(Element mandatePerson, String baseid, String target) throws BuildException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); @@ -2234,7 +2015,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - private String getBaseId(Element mandatePerson) + protected String getBaseId(Element mandatePerson) throws TransformerException, IOException { NodeList list = mandatePerson.getElementsByTagNameNS( Constants.PD_NS_URI, "Identification"); @@ -2437,11 +2218,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - if (provideStammzahl) { - authData.setIdentificationValue(identityLink - .getIdentificationValue()); - } + //TODO: check correctness +// boolean provideStammzahl = oaParam.getProvideStammzahl(); +// if (provideStammzahl) { +// authData.setIdentificationValue(identityLink +// .getIdentificationValue()); +// } // String prPerson = new PersonDataBuilder().build(identityLink, // provideStammzahl); @@ -2599,7 +2381,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //clean AuthenticationSessionStore //TODO: acutally the StartAuthentificaten timestamp is used!!!!! //TODO: maybe change this to lastupdate timestamp. - AuthenticationSessionStoreage.clean(now, sessionTimeOut); + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); @@ -2612,8 +2394,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param seconds * Time out of the session in seconds */ - public void setSecondsSessionTimeOut(long seconds) { - sessionTimeOut = 1000 * seconds; + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; } /** @@ -2623,7 +2409,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Time out for signing AuthData in seconds */ public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = 1000 * seconds; + authDataTimeOut = seconds * 1000; } /** @@ -2650,7 +2436,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * the friendly name of the infobox for messages * @return the SAML attribute value (Element or String) */ - private static Object verifySAMLAttribute( + protected static Object verifySAMLAttribute( ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) throws ValidateException { String name = samlAttribute.getName(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index e23b26417..725773b75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,7 +28,7 @@ import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; -import java.io.PrintWriter; +import java.math.BigInteger; import java.security.GeneralSecurityException; import java.util.Properties; @@ -37,9 +37,6 @@ import javax.activation.MailcapCommandMap; import javax.mail.Session; import javax.net.ssl.SSLSocketFactory; -import org.apache.commons.logging.impl.SLF4JLog; -import org.apache.log4j.config.PropertyPrinter; - import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -177,40 +174,26 @@ public class MOAIDAuthInitializer { } - //TODO: Set TimeOuts!!! // sets the authentication session and authentication data time outs - String param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + BigInteger param = authConf.getTimeOuts().getMOASessionCreated(); if (param != null) { - long sessionTimeOut = 0; - try { - sessionTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); if (sessionTimeOut > 0) AuthenticationServer.getInstance() - .setSecondsSessionTimeOut(sessionTimeOut); + .setSecondsSessionTimeOutCreated(sessionTimeOut); } - param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + + param = authConf.getTimeOuts().getMOASessionUpdated(); if (param != null) { - long authDataTimeOut = 0; - try { - authDataTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOutUpdated(sessionTimeOut); + } + + param = authConf.getTimeOuts().getAssertion(); + if (param != null) { + long authDataTimeOut = param.longValue(); if (authDataTimeOut > 0) AuthenticationServer.getInstance() .setSecondsAuthDataTimeOut(authDataTimeOut); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 245ab206d..23596abda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import java.util.Calendar; +import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; @@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <CreateXMLSignatureRequest> */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + public String build(String authBlock, String keyBoxIdentifier, List dsigTransformInfos, boolean slVersion12) { String sl10Prefix; String sl11Prefix; String slNsDeclaration; String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) { - dsigTransformInfosString += dsigTransformInfos[i]; + + for (String element : dsigTransformInfos) { + dsigTransformInfosString += element; } +// for (int i = 0; i < dsigTransformInfos.length; i++) { +// dsigTransformInfosString += dsigTransformInfos[i]; +// } + if (slVersion12) { // replace the SecurityLayer namespace prefixes and URIs within the transforms diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 4dd6ac78b..9b7cc41ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -60,27 +60,23 @@ public class DataURLBuilder { String individualDataURLPrefix = null; String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } + + //is removed from config in MOA-ID 2.0 + //check if an individual prefix is configured +// individualDataURLPrefix = AuthConfigurationProvider.getInstance(). +// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); +// +// if (null != individualDataURLPrefix) { +// +// //check individualDataURLPrefix +// if(!individualDataURLPrefix.startsWith("http")) +// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); +// +// //when ok then use it +// dataURL = individualDataURLPrefix + authServletName; +// } else + + dataURL = authBaseURL + authServletName; dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); return dataURL; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index fa1de87de..913b12d49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -99,7 +99,11 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); + + //TODO: check if this is Protocol specific + //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); + infoboxValidatorParams.setHideStammzahl(true); + return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index a81baafac..ed55d660c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -6,17 +6,22 @@ import java.io.StringWriter; import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { - private static String SERVLET = "GenerateIframeTemplate"; + private static String SERVLET = "./GenerateIframeTemplate"; private static String AUTH_URL = "#AUTH_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; private static String OANAME = "#OAName#"; + private static String BKU_ONLINE = "#ONLINE#"; + private static String BKU_HANDY = "#HANDY#"; + private static String BKU_LOCAL = "#LOCAL#"; private static String template; @@ -32,6 +37,9 @@ public class LoginFormBuilder { IOUtils.copy(input, writer); template = writer.toString(); template = template.replace(AUTH_URL, SERVLET); + template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); + template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); + template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); } catch (Exception e) { Logger.error("Failed to read template", e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java new file mode 100644 index 000000000..6d10f5519 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.InputStream; +import java.io.StringWriter; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectFormBuilder { + + private static String URL = "#URL#"; + private static String template; + + private static String getTemplate() { + + if (template == null) { + try { + String classpathLocation = "resources/templates/redirectForm.html"; + InputStream input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(classpathLocation); + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + } + + return template; + } + + public static String buildLoginForm(String url) { + String value = getTemplate(); + value = value.replace(URL, url); + + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index a0fe0de1b..304a5b70c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -72,7 +72,7 @@ public class SAMLArtifactBuilder { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; // alternative sourceId - String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID(); // if sourceID is given in GET/POST param - use this as source id if (!ParepUtils.isEmpty(sourceIdParam)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 5e6d47bdf..b65b3db0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder { */ public Element build( CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, + List verifyTransformsInfoProfileID, String trustProfileID) throws BuildException { //samlAssertionObject @@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder { // add the transform profile IDs Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); - } + +// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { +// +// Element verifyTransformsInfoProfileIDElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); +// verifyTransformsInfoProfileIDElem.appendChild( +// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); +// } + + for (String element : verifyTransformsInfoProfileID) { + + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(element)); + } + Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); requestElem_.appendChild(returnHashInputDataElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4001fdd1a..ffe938d89 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; +import java.io.IOException; import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -34,13 +35,19 @@ import java.util.Iterator; import java.util.List; import java.util.Vector; +import javax.xml.parsers.ParserConfigurationException; + import org.w3c.dom.Element; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; /** @@ -125,7 +132,7 @@ public class AuthenticationSession implements Serializable { * * Mandate element */ - private Element mandate; + private MISMandate mandate; /** * Reference value for mandate @@ -1081,11 +1088,26 @@ public class AuthenticationSession implements Serializable { XMLVerifySignatureResponse = xMLVerifySignatureResponse; } - public Element getMandate() { + public MISMandate getMISMandate() { return mandate; } - public void setMandate(Element mandate) { + public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } + + public Element getMandate() { + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + }catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 63ad62662..b0a4f2f8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -25,7 +25,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ public static void parse(AuthenticationSession moasession, String target, - String sourceID, String oaURL, String bkuURL, String templateURL, @@ -40,7 +39,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // escape parameter strings //TODO: use URLEncoder.encode!! target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); @@ -49,15 +47,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check parameter if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); @@ -115,6 +107,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } + //Validate BKU URI + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", @@ -155,20 +151,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + //INFO: removed from MOA-ID 2.0 Config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) +// && (false == BoolUtils.valueOf(boolStr)) + ) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); moasession.setAuthURL(authURL); - //check and set SourceID - if (sourceID != null) - moasession.setSourceID(sourceID); +// //check and set SourceID +// if (sourceID != null) +// moasession.setSourceID(sourceID); // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -179,7 +178,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } } moasession.setBkuURL(bkuURL); + + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + // override template url by url from configuration file if (oaParam.getTemplateURL() != null) { templateURL = oaParam.getTemplateURL(); @@ -213,7 +216,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ //get Parameters from request String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -223,7 +225,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 187cf4fdb..4b15d80b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -415,12 +415,15 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { throws AuthenticationException, ConfigurationException { // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + + //Removed from MOA-ID 2.0 config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) + //&& (false == BoolUtils.valueOf(boolStr)) + ) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index e6eecd11b..2ea34ee12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -86,15 +86,16 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { //load Parameters from config String target = oaParam.getTarget(); - String sourceID = ""; //TODO: load from Config - String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); - String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; - +// String sourceID = ""; //TODO: load from Config +// String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); +// String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam); + + String bkuURL = oaParam.getBKUURL(bkuid); + String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); //parse all OA parameters i StartAuthentificationParameterParser.parse(moasession, target, - sourceID, moasession.getOAURLRequested(), bkuURL, templateURL, @@ -136,43 +137,43 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { } - private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { - //TODO: CHANGE to real OA config - - List bkuURIs = Arrays.asList( - "http://localhost:8080/moa-id-auth/template_onlineBKU.html", - "http://localhost:8080/moa-id-auth/template_handyBKU.html", - "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); - +// private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +// //TODO: CHANGE to real OA config +// // List bkuURIs = Arrays.asList( -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); - - if (bkuID < bkuURIs.size()) - return bkuURIs.get(bkuID); - else - throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, - "auth.12"); - } - - private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { - //TODO: CHANGE to real OA config - - List bkuURIs = Arrays.asList( - "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", - "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", - "https://127.0.0.1:3496/https-security-layer-request"); - -// List bkuURIs = Arrays.asList( -// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", -// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", -// "https://127.0.0.1:3496/https-security-layer-request"); - - if (bkuID < bkuURIs.size()) - return bkuURIs.get(bkuID); - else - throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, - "auth.12"); - } +// "http://localhost:8080/moa-id-auth/template_onlineBKU.html", +// "http://localhost:8080/moa-id-auth/template_handyBKU.html", +// "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); +// +//// List bkuURIs = Arrays.asList( +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); +// +// if (bkuID < bkuURIs.size()) +// return bkuURIs.get(bkuID); +// else +// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, +// "auth.12"); +// } +// +// private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +// //TODO: CHANGE to real OA config +// +// List bkuURIs = Arrays.asList( +// "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", +// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +// "https://127.0.0.1:3496/https-security-layer-request"); +// +//// List bkuURIs = Arrays.asList( +//// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +//// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +//// "https://127.0.0.1:3496/https-security-layer-request"); +// +// if (bkuID < bkuURIs.size()) +// return bkuURIs.get(bkuID); +// else +// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, +// "auth.12"); +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index d41d20def..7d825da17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -40,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -174,47 +176,75 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); - // verify mandate signature - AuthenticationServer.getInstance().verifyMandate(session, mandate); - - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, - null, null).getDocumentElement(); - + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + // TODO OW bPK (Offen: was bei saml:NameIdentifier // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und ", session.getAuthURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); - resp.setContentType("text/html;charset=UTF-8"); - } else { - htmlForm = createXMLSignatureRequestOrRedirect; - resp.setStatus(307); - resp.addHeader("Location", dataURL); - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - } - - OutputStream out = resp.getOutputStream(); - out.write(htmlForm.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST ProcessInput"); - } else { - String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } +// Logger.debug("POST ProcessInput"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// Map parameters; +// try { +// parameters = getParameters(req); +// } catch (FileUploadException e) { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// } +// +// String sessionID = req.getParameter(PARAM_SESSIONID); +// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); +// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); +// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); +// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +// +// try { +// +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); +// +// AuthenticationSession session = AuthenticationServer.getSession(sessionID); +// AuthenticationServer.processInput(session, parameters); +// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); +// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { +// // Now sign the AUTH Block +// String dataURL = new DataURLBuilder().buildDataURL( +// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); +// +// String htmlForm = null; +// +// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed +// +// String inputProcessorSignForm = req.getParameter("Sign_Form"); +// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); +// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); +// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); +// // escape parameter strings +// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm); +// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); +// if (doInputProcessorSign) { +// // Test if we have a user input form sign template +// +// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); +// +// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) +// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); +// +// String inputProcessorSignTemplate = null; +// OAAuthParameter oaParam = +// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); +// // override template url by url from configuration file +// if (oaParam.getInputProcessorSignTemplateURL() != null) { +// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); +// } +// if (inputProcessorSignTemplateURL != null) { +// try { +// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); +// } catch (IOException ex) { +// throw new AuthenticationException( +// "auth.03", +// new Object[] { inputProcessorSignTemplateURL, ex.toString()}, +// ex); +// } +// } +// +// htmlForm = new GetVerifyAuthBlockFormBuilder().build( +// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); +// resp.setContentType("text/html;charset=UTF-8"); +// } else { +// htmlForm = createXMLSignatureRequestOrRedirect; +// resp.setStatus(307); +// resp.addHeader("Location", dataURL); +// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) +// resp.setContentType("text/xml;charset=UTF-8"); +// } +// +// OutputStream out = resp.getOutputStream(); +// out.write(htmlForm.getBytes("UTF-8")); +// out.flush(); +// out.close(); +// Logger.debug("Finished POST ProcessInput"); +// } else { +// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); +// resp.setContentType("text/html"); +// resp.setStatus(302); +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// } +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +// +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// catch (MOAIDException ex) { +// handleError(null, ex, req, resp); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java new file mode 100644 index 000000000..310f3509c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.logging.Logger; + + + +public class RedirectServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + public static final String REDIRCT_GETPARAM = "redirecturl"; + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + RedirectServlet.class + " Request"); + + String url = req.getParameter(REDIRCT_GETPARAM); + + Logger.info("Redirect to " + url); + + String redirect_form = RedirectFormBuilder.buildLoginForm(url); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index d544e2f85..2deece26f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet { Logger.debug("GET SelectBKU"); - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); - String templateURL = req.getParameter(PARAM_TEMPLATE); - - // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); - - - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - - String returnValue = null; - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); - } - else { - // use target from config - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); - } - - - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; - resp.setContentType("text/html"); - resp.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - } else { - // bkuSelectionType==HTMLSelect - String htmlForm = returnValue; - resp.setContentType("text/html;charset=UTF-8"); - Logger.debug("HTML-Form: " + htmlForm); - Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); - out.write(htmlForm); - out.flush(); - Logger.debug("Finished GET SelectBKU"); - } - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (Throwable ex) { - handleError(null, ex, req, resp); - } +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// String authURL = req.getScheme() + "://" + req.getServerName(); +// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { +// authURL = authURL.concat(":" + req.getServerPort()); +// } +// authURL = authURL.concat(req.getContextPath() + "/"); +// +// String target = req.getParameter(PARAM_TARGET); +// String oaURL = req.getParameter(PARAM_OA); +// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); +// String templateURL = req.getParameter(PARAM_TEMPLATE); +// +// // escape parameter strings +// target = StringEscapeUtils.escapeHtml(target); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// templateURL = StringEscapeUtils.escapeHtml(templateURL); +// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); +// +// +// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); +// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); +// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); +// +// OAAuthParameter oaParam = +// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// // get target and target friendly name from config +// String targetConfig = oaParam.getTarget(); +// +// String returnValue = null; +// if (StringUtils.isEmpty(targetConfig)) { +// // no target attribut is given in OA config +// // target is used from request +// // check parameter +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); +// +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// else { +// // use target from config +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// +// +// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); +// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = returnValue; +// resp.setContentType("text/html"); +// resp.sendRedirect(redirectURL); +// Logger.info("REDIRECT TO: " + redirectURL); +// } else { +// // bkuSelectionType==HTMLSelect +// String htmlForm = returnValue; +// resp.setContentType("text/html;charset=UTF-8"); +// Logger.debug("HTML-Form: " + htmlForm); +// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); +// out.write(htmlForm); +// out.flush(); +// Logger.debug("Finished GET SelectBKU"); +// } +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// catch (Throwable ex) { +// handleError(null, ex, req, resp); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 115c52688..ba7893412 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -55,7 +55,7 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; - private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; + //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; /** Singleton instance. null, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 892607c16..ed826c615 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -81,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator { * @throws ValidateException on any validation error */ public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, - List identityLinkSignersSubjectDNNames, + List identityLinkSignersSubjectDNNames, String whatToCheck, boolean ignoreManifestValidationResult) throws ValidateException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 88c4a8feb..a154c9ece 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ this.rpGivenName = rpGivenName; this.rpDateOfBirth = rpDateOfBirth; this.request = request; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String) - */ - public String start( - boolean physical, String familyName, String givenName, String dateOfBirth, - String streetName, String buildingNumber, String unit, String postalCode, String municipality, - String cbFullName, String cbIdentificationType, String cbIdentificationValue) - { - // Load the form - String form = loadForm( - physical, familyName, givenName, dateOfBirth, - streetName, buildingNumber, unit, postalCode, municipality, - cbFullName, cbIdentificationType, cbIdentificationValue, ""); - try { - request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, - cbIdentificationType, cbIdentificationValue); - } catch (SZRGWClientException e) { - //e.printStackTrace(); - Logger.info(e); - return null; - } - return form; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String) - */ - public String validate(Map parameters, String extErrortext) - { - - // Process the gotten parameters - String form = null; - boolean formNecessary = false; - if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; - String locErrortext = "Folgende Parameter fehlen: "; - - String familyName = (String) parameters.get("familyname_"); - if (null == familyName) familyName =""; - String givenName = (String) parameters.get("givenname_"); - if (null == givenName) givenName =""; - boolean physical = "true".equals(parameters.get("physical_")); - String dobday = (String) parameters.get("dobday_"); - if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; - String dobmonth = (String) parameters.get("dobmonth_"); - if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; - String dobyear = (String) parameters.get("dobyear_"); - if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; - String dateOfBirth = ""; - dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); - dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); - dobday = (" ".substring(0, 2-dobday.length()) + dobday); - dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; - String cbFullName = (String) parameters.get("fullname_"); - if (null == cbFullName) cbFullName =""; - String cbIdentificationType = (String) parameters.get("cbidentificationtype_"); - if (null == cbIdentificationType) cbIdentificationType =""; - String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_"); - if (null == cbIdentificationValue) cbIdentificationValue =""; - String postalCode = (String) parameters.get("postalcode_"); - if (null == postalCode) postalCode =""; - String municipality = (String) parameters.get("municipality_"); - if (null == municipality) municipality =""; - String streetName = (String) parameters.get("streetname_"); - if (null == streetName) streetName =""; - String buildingNumber = (String) parameters.get("buildingnumber_"); - if (null == buildingNumber) buildingNumber =""; - String unit = (String) parameters.get("unit_"); - if (null == unit) unit =""; - - if (physical) { - if (ParepUtils.isEmpty(familyName)) { - formNecessary = true; - locErrortext = locErrortext + "Familienname"; - } - if (ParepUtils.isEmpty(givenName)) { - formNecessary = true; - if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "Vorname"; - } - // Auf existierendes Datum prüfen - SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); - format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen - try { - format.parse(dateOfBirth); - } - catch(ParseException pe) - { - formNecessary = true; - if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "korrektes Geburtsdatum"; - } - } else { - if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { - formNecessary = true; - if (ParepUtils.isEmpty(cbFullName)) { - locErrortext = locErrortext + "Name der Organisation"; - } - if (ParepUtils.isEmpty(cbIdentificationType)) { - if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "Auswahl des Registers"; - } - if (ParepUtils.isEmpty(cbIdentificationValue)) { - if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; - } - } - } - try { - request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, - cbIdentificationType, cbIdentificationValue); - if (formNecessary) { - // Daten noch nicht vollständig oder anderer Fehler - if (locErrortext.endsWith("fehlen: ")) locErrortext =""; - String error = ""; - if (!ParepUtils.isEmpty(extErrortext)) { - error = extErrortext; - if (!ParepUtils.isEmpty(locErrortext)) error = error + "; "; - } - if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; - if (!ParepUtils.isEmpty(error)) { - error = "
\"Rufezeichen\"  " + error + "
"; - } - form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); - if (form == null) { - return null; - } - } else { - return ""; // everything is ok - } - } catch (Exception e) { - //e.printStackTrace(); - Logger.info(e); - return null; - } - return form; - } - - /** - * Loads the empty user input form and replaces tag occurences with given variables - * - * @param physical - * @param familyName - * @param givenName - * @param dateOfBirth - * @param streetName - * @param buildingNumber - * @param unit - * @param postalCode - * @param municipality - * @param cbFullName - * @param cbIdentificationType - * @param cbIdentificationValue - * @param errorText - * @return - */ - private String loadForm( - boolean physical, String familyName, String givenName, String dateOfBirth, - String streetName, String buildingNumber, String unit, String postalCode, String municipality, - String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) - { - String form = ""; - try { - String fileName = parepConfiguration.getInputProcessorTemplate(representationID); - InputStream instream = null; - File file = new File(fileName); - if (file.exists()) { - //if this resolves to a file, load it - instream = new FileInputStream(fileName); - } else { - fileName = parepConfiguration.getFullDirectoryName(fileName); - if (fileName.startsWith("file:\\")) fileName = fileName.substring(6); - file = new File(fileName); - if (file.exists()) { - //if this resolves to a file, load it - instream = new FileInputStream(fileName); - } else { - //else load a named resource in our classloader. - instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID)); - if (instream == null) { - Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt"); - return null; - } - } - } - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ParepUtils.dumpInputOutputStream(instream, bos); - form = bos.toString("UTF-8"); - } catch(Exception e) { - Logger.error("Fehler beim Einlesen des Input-Templates.", e); - } - - if (!ParepUtils.isEmpty(form)) { - boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID); - boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID); - boolean reducedSelection = (!physEnabled || !cbEnabled); - if (reducedSelection) { - physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar - } - if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT"; - form = ParepUtils.replaceAll(form, "", rpGivenName); - form = ParepUtils.replaceAll(form, "", rpFamilyName); - form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); - form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); - form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); - //darf zw. phys. und jur. Person gewählt werden: - //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); - form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); - form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); - form = ParepUtils.replaceAll(form, "", givenName); - form = ParepUtils.replaceAll(form, "", familyName); - form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(0,4).trim()); - form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(5,7).trim()); - form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(8,10).trim()); - form = ParepUtils.replaceAll(form, "", streetName); - form = ParepUtils.replaceAll(form, "", buildingNumber); - form = ParepUtils.replaceAll(form, "", unit); - form = ParepUtils.replaceAll(form, "", postalCode); - form = ParepUtils.replaceAll(form, "", municipality); - form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\""); - form = ParepUtils.replaceAll(form, "", cbFullName); - form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\""); - form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\""); - form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : ""); - form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : ""); - form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : ""); - form = ParepUtils.replaceAll(form, "", cbIdentificationValue); - form = ParepUtils.replaceAll(form, "", errorText); - } - return form; - } + } + +public String start(boolean physical, String familyName, String givenName, + String dateOfBirth, String streetName, String buildingNumber, + String unit, String postalCode, String municipality, String cbFullName, + String cbIdentificationType, String cbIdentificationValue) { + // TODO Auto-generated method stub + return null; +} + +public String validate(Map parameters, String extErrortext) { + // TODO Auto-generated method stub + return null; +} + + //TODO: check correctness +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String) +// */ +// public String start( +// boolean physical, String familyName, String givenName, String dateOfBirth, +// String streetName, String buildingNumber, String unit, String postalCode, String municipality, +// String cbFullName, String cbIdentificationType, String cbIdentificationValue) +// { +// // Load the form +// String form = loadForm( +// physical, familyName, givenName, dateOfBirth, +// streetName, buildingNumber, unit, postalCode, municipality, +// cbFullName, cbIdentificationType, cbIdentificationValue, ""); +// try { +// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, +// cbIdentificationType, cbIdentificationValue); +// } catch (SZRGWClientException e) { +// //e.printStackTrace(); +// Logger.info(e); +// return null; +// } +// return form; +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String) +// */ +// public String validate(Map parameters, String extErrortext) +// { +// +// // Process the gotten parameters +// String form = null; +// boolean formNecessary = false; +// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; +// String locErrortext = "Folgende Parameter fehlen: "; +// +// String familyName = (String) parameters.get("familyname_"); +// if (null == familyName) familyName =""; +// String givenName = (String) parameters.get("givenname_"); +// if (null == givenName) givenName =""; +// boolean physical = "true".equals(parameters.get("physical_")); +// String dobday = (String) parameters.get("dobday_"); +// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; +// String dobmonth = (String) parameters.get("dobmonth_"); +// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; +// String dobyear = (String) parameters.get("dobyear_"); +// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; +// String dateOfBirth = ""; +// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); +// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); +// dobday = (" ".substring(0, 2-dobday.length()) + dobday); +// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; +// String cbFullName = (String) parameters.get("fullname_"); +// if (null == cbFullName) cbFullName =""; +// String cbIdentificationType = (String) parameters.get("cbidentificationtype_"); +// if (null == cbIdentificationType) cbIdentificationType =""; +// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_"); +// if (null == cbIdentificationValue) cbIdentificationValue =""; +// String postalCode = (String) parameters.get("postalcode_"); +// if (null == postalCode) postalCode =""; +// String municipality = (String) parameters.get("municipality_"); +// if (null == municipality) municipality =""; +// String streetName = (String) parameters.get("streetname_"); +// if (null == streetName) streetName =""; +// String buildingNumber = (String) parameters.get("buildingnumber_"); +// if (null == buildingNumber) buildingNumber =""; +// String unit = (String) parameters.get("unit_"); +// if (null == unit) unit =""; +// +// if (physical) { +// if (ParepUtils.isEmpty(familyName)) { +// formNecessary = true; +// locErrortext = locErrortext + "Familienname"; +// } +// if (ParepUtils.isEmpty(givenName)) { +// formNecessary = true; +// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "Vorname"; +// } +// // Auf existierendes Datum prüfen +// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); +// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen +// try { +// format.parse(dateOfBirth); +// } +// catch(ParseException pe) +// { +// formNecessary = true; +// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "korrektes Geburtsdatum"; +// } +// } else { +// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { +// formNecessary = true; +// if (ParepUtils.isEmpty(cbFullName)) { +// locErrortext = locErrortext + "Name der Organisation"; +// } +// if (ParepUtils.isEmpty(cbIdentificationType)) { +// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "Auswahl des Registers"; +// } +// if (ParepUtils.isEmpty(cbIdentificationValue)) { +// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; +// } +// } +// } +// try { +// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, +// cbIdentificationType, cbIdentificationValue); +// if (formNecessary) { +// // Daten noch nicht vollständig oder anderer Fehler +// if (locErrortext.endsWith("fehlen: ")) locErrortext =""; +// String error = ""; +// if (!ParepUtils.isEmpty(extErrortext)) { +// error = extErrortext; +// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; "; +// } +// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; +// if (!ParepUtils.isEmpty(error)) { +// error = "
\"Rufezeichen\"  " + error + "
"; +// } +// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); +// if (form == null) { +// return null; +// } +// } else { +// return ""; // everything is ok +// } +// } catch (Exception e) { +// //e.printStackTrace(); +// Logger.info(e); +// return null; +// } +// return form; +// } +// +// /** +// * Loads the empty user input form and replaces tag occurences with given variables +// * +// * @param physical +// * @param familyName +// * @param givenName +// * @param dateOfBirth +// * @param streetName +// * @param buildingNumber +// * @param unit +// * @param postalCode +// * @param municipality +// * @param cbFullName +// * @param cbIdentificationType +// * @param cbIdentificationValue +// * @param errorText +// * @return +// */ +// private String loadForm( +// boolean physical, String familyName, String givenName, String dateOfBirth, +// String streetName, String buildingNumber, String unit, String postalCode, String municipality, +// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) +// { +// String form = ""; +// try { +// String fileName = parepConfiguration.getInputProcessorTemplate(representationID); +// InputStream instream = null; +// File file = new File(fileName); +// if (file.exists()) { +// //if this resolves to a file, load it +// instream = new FileInputStream(fileName); +// } else { +// fileName = parepConfiguration.getFullDirectoryName(fileName); +// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6); +// file = new File(fileName); +// if (file.exists()) { +// //if this resolves to a file, load it +// instream = new FileInputStream(fileName); +// } else { +// //else load a named resource in our classloader. +// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID)); +// if (instream == null) { +// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt"); +// return null; +// } +// } +// } +// ByteArrayOutputStream bos = new ByteArrayOutputStream(); +// ParepUtils.dumpInputOutputStream(instream, bos); +// form = bos.toString("UTF-8"); +// } catch(Exception e) { +// Logger.error("Fehler beim Einlesen des Input-Templates.", e); +// } +// +// if (!ParepUtils.isEmpty(form)) { +// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID); +// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID); +// boolean reducedSelection = (!physEnabled || !cbEnabled); +// if (reducedSelection) { +// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar +// } +// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT"; +// form = ParepUtils.replaceAll(form, "", rpGivenName); +// form = ParepUtils.replaceAll(form, "", rpFamilyName); +// form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); +// form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); +// form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); +// //darf zw. phys. und jur. Person gewählt werden: +// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); +// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); +// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); +// form = ParepUtils.replaceAll(form, "", givenName); +// form = ParepUtils.replaceAll(form, "", familyName); +// form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(0,4).trim()); +// form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(5,7).trim()); +// form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(8,10).trim()); +// form = ParepUtils.replaceAll(form, "", streetName); +// form = ParepUtils.replaceAll(form, "", buildingNumber); +// form = ParepUtils.replaceAll(form, "", unit); +// form = ParepUtils.replaceAll(form, "", postalCode); +// form = ParepUtils.replaceAll(form, "", municipality); +// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\""); +// form = ParepUtils.replaceAll(form, "", cbFullName); +// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\""); +// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\""); +// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : ""); +// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : ""); +// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : ""); +// form = ParepUtils.replaceAll(form, "", cbIdentificationValue); +// form = ParepUtils.replaceAll(form, "", errorText); +// } +// return form; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 735117094..f2f897432 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants; * * @author Peter Danner */ -public class ParepValidator implements InfoboxValidator { - - /** activates debug settings */ - private boolean PAREP_DEBUG = false; - - /** contains the parameters the validator initially was called with */ - private InfoboxValidatorParams params = null; - - /** contains the configuration of the validator */ - private ParepConfiguration parepConfiguration = null; - - /** the requested representation ID (currently * or OID) */ - private String representationID = null; - - /** holds the information of the SZR-request */ - private CreateMandateRequest request = null; - - /** List of extended SAML attributes. */ - private Vector extendedSamlAttributes = new Vector(); - - /** the class which processes the user input */ - private ParepInputProcessor inputProcessor = null; - - /** The form if user input is necessary */ - private String form = null; - - /** unspecified error of parep-validator (must not know more about)*/ - private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten"; - - /** Default class to gather remaining mandator data. */ - public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; - - /** Default template to gather remaining mandator data. */ - public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; - - /** kind of representation text in AUTH block*/ - public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)"; - - /** Names of the produced SAML-attributes. */ - public final static String EXT_SAML_MANDATE_RAW = "Mandate"; - public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; - public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; - public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +public class ParepValidator implements InfoboxValidator { + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; public final static String EXT_SAML_MANDATE_OID = "OID"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - /** */ - public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; - - /** register and register number for non physical persons - the domain identifier for business applications*/ - public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - - /** - * Parses the XML configuration element and creates the validators configuration - * Use this function if you want to preconfigure the validator. - * - * @param configElem - * the XML configuration element to parse. - * @throws ConfigurationException - * if an error occurs during the configuration process - */ - public void Configure(Element configElem) throws ConfigurationException { - if (this.parepConfiguration == null) { - Logger.debug("Lade Konfiguration."); - parepConfiguration = new ParepConfiguration(configElem); - Logger.debug("Konfiguration erfolgreich geladen."); - } - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) - */ - public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { - - InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - - try { - Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); - this.params = params; - - Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); - // ParepUtils.serializeElement(mandate, System.out); - this.representationID = ParepUtils.extractRepresentativeID(mandate); - if (ParepUtils.isEmpty(representationID)) { - validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); - return validationResult; - } - - // überprüfen der Identifikation (Type/Value). - String identificationType = this.params.getIdentificationType(); - String identificationValue = this.params.getIdentificationValue(); - if (this.params.getBusinessApplication()) { - if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { - validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); - return validationResult; - - } else { - Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); - } - } else { - if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { - //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt - if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { - Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein."); - validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); - return validationResult; - } else { - Logger.debug("Organwalter wird mit Stammzahl identifiziert"); - } - } else { - if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { - // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist - identificationType = Constants.URN_PREFIX_CDID; - String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); - identificationValue = bpkBase64; - Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); - } else { - Logger.debug("Parteienvertreter wird mit bPK identifiziert"); - } - } - } - - Configure(this.params.getApplicationSpecificParams()); - // check if we have a configured party representative for that - if (!parepConfiguration.isPartyRepresentative(representationID)) { - Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); - validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); - return validationResult; - } - - // Vertreter - this.request = new CreateMandateRequest(); - request.setRepresentative(this.params, identificationType, identificationValue); - // ParepUtils.serializeElement(request.getRepresentative(), System.out); - //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); - - Logger.debug("Prüfe vorausgefüllte Daten..."); - boolean physical = true; - String familyName = ""; - String givenName = ""; - String dateOfBirth = ""; - String cbFullName = ""; - String cbIdentificationType = ""; - String cbIdentificationValue = ""; - String postalCode = ""; - String municipality = ""; - String streetName = ""; - String buildingNumber = ""; - String unit = ""; - - boolean formNecessary = false; - // Vertretener (erstes Vorkommen) - Element mandator = ParepUtils.extractMandator(mandate); - if (mandator != null) { - // ParepUtils.serializeElement(mandator, System.out); - // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); - if (ParepUtils.isPhysicalPerson(mandator)) { - familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); - } else { - physical = false; - cbFullName = ParepUtils.extractMandatorFullName(mandator); - cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); - cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); - } - postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); - municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); - streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); - buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); - unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); - - } - if (physical) { - if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { - validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); - return validationResult; - } - if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { - formNecessary = true; - } - } else { - if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { - validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); - return validationResult; - } - if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { - formNecessary = true; - } - } - - //Zeigen wir, dass die Daten �bernommen wurden: - if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; - - // Input processor - this.form = ""; - if (formNecessary) { - ParepInputProcessor inputProcessor= getInputProcessor(); - this.form = inputProcessor.start( - physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, - cbFullName, cbIdentificationType, cbIdentificationValue); - if (this.form == null) { - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - } else { - // Request vorbereiten mit vorgegebenen Daten - request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, - cbIdentificationType, cbIdentificationValue); - } - - - // ParepUtils.serializeElement(request.getMandator(), System.out); - // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); - - addAuthBlockExtendedSamlAttributes(); - validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); - Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet"); - validationResult.setValid(true); - return validationResult; - } catch (Exception e) { - e.printStackTrace(); - Logger.info(e); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) - */ - public InfoboxValidationResult validate(Map parameters) throws ValidateException { - - InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); - Logger.debug("Prüfe im Formular ausgefüllte Daten..."); - if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); - - // Input processor - ParepInputProcessor inputProcessor= getInputProcessor(); - this.form = inputProcessor.validate(parameters, null); - if (this.form == null) { - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - - addAuthBlockExtendedSamlAttributes(); - validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); - validationResult.setValid(true); - Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); - return validationResult; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) - */ - public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { - - InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung"); - this.form = ""; - try { - - - request.setSignature(samlAssertion); - -//DPO debug -// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); -// String id = representationID; + + public InfoboxValidationResult validate(InfoboxValidatorParams params) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Map parameters) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Element samlAssertion) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public String getForm() { + // TODO Auto-generated method stub + return null; + } + + + //TODO: check correctness!!!! +// /** activates debug settings */ +// private boolean PAREP_DEBUG = false; +// +// /** contains the parameters the validator initially was called with */ +// private InfoboxValidatorParams params = null; +// +// /** contains the configuration of the validator */ +// private ParepConfiguration parepConfiguration = null; +// +// /** the requested representation ID (currently * or OID) */ +// private String representationID = null; +// +// /** holds the information of the SZR-request */ +// private CreateMandateRequest request = null; +// +// /** List of extended SAML attributes. */ +// private Vector extendedSamlAttributes = new Vector(); +// +// /** the class which processes the user input */ +// private ParepInputProcessor inputProcessor = null; +// +// /** The form if user input is necessary */ +// private String form = null; +// +// /** unspecified error of parep-validator (must not know more about)*/ +// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten"; +// +// /** Default class to gather remaining mandator data. */ +// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; +// +// /** Default template to gather remaining mandator data. */ +// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; +// +// /** kind of representation text in AUTH block*/ +// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)"; +// +// /** Names of the produced SAML-attributes. */ +// public final static String EXT_SAML_MANDATE_RAW = "Mandate"; +// public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; +// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; +// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; +// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; +// public final static String EXT_SAML_MANDATE_OID = "OID"; +// +// /** */ +// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; +// +// /** register and register number for non physical persons - the domain identifier for business applications*/ +// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; +// +// /** +// * Parses the XML configuration element and creates the validators configuration +// * Use this function if you want to preconfigure the validator. +// * +// * @param configElem +// * the XML configuration element to parse. +// * @throws ConfigurationException +// * if an error occurs during the configuration process +// */ +// public void Configure(Element configElem) throws ConfigurationException { +// if (this.parepConfiguration == null) { +// Logger.debug("Lade Konfiguration."); +// parepConfiguration = new ParepConfiguration(configElem); +// Logger.debug("Konfiguration erfolgreich geladen."); +// } +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) +// */ +// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { +// +// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); +// +// try { +// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); +// this.params = params; +// +// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); +// // ParepUtils.serializeElement(mandate, System.out); +// this.representationID = ParepUtils.extractRepresentativeID(mandate); +// if (ParepUtils.isEmpty(representationID)) { +// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); +// return validationResult; +// } +// +// // überprüfen der Identifikation (Type/Value). +// String identificationType = this.params.getIdentificationType(); +// String identificationValue = this.params.getIdentificationValue(); +// if (this.params.getBusinessApplication()) { +// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { +// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); +// return validationResult; +// +// } else { +// Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); +// } +// } else { +// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { +// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt +// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { +// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein."); +// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); +// return validationResult; +// } else { +// Logger.debug("Organwalter wird mit Stammzahl identifiziert"); +// } +// } else { +// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { +// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist +// identificationType = Constants.URN_PREFIX_CDID; +// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); +// identificationValue = bpkBase64; +// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); +// } else { +// Logger.debug("Parteienvertreter wird mit bPK identifiziert"); +// } +// } +// } +// +// Configure(this.params.getApplicationSpecificParams()); +// // check if we have a configured party representative for that +// if (!parepConfiguration.isPartyRepresentative(representationID)) { +// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); +// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); +// return validationResult; +// } +// +// // Vertreter +// this.request = new CreateMandateRequest(); +// request.setRepresentative(this.params, identificationType, identificationValue); +// // ParepUtils.serializeElement(request.getRepresentative(), System.out); +// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); +// +// Logger.debug("Prüfe vorausgefüllte Daten..."); +// boolean physical = true; +// String familyName = ""; +// String givenName = ""; +// String dateOfBirth = ""; +// String cbFullName = ""; +// String cbIdentificationType = ""; +// String cbIdentificationValue = ""; +// String postalCode = ""; +// String municipality = ""; +// String streetName = ""; +// String buildingNumber = ""; +// String unit = ""; +// +// boolean formNecessary = false; +// // Vertretener (erstes Vorkommen) +// Element mandator = ParepUtils.extractMandator(mandate); +// if (mandator != null) { +// // ParepUtils.serializeElement(mandator, System.out); +// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); +// if (ParepUtils.isPhysicalPerson(mandator)) { +// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); +// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); +// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); +// } else { +// physical = false; +// cbFullName = ParepUtils.extractMandatorFullName(mandator); +// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); +// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); +// } +// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); +// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); +// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); +// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); +// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); +// +// } +// if (physical) { +// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { +// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); +// return validationResult; +// } +// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { +// formNecessary = true; +// } +// } else { +// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { +// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); +// return validationResult; +// } +// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { +// formNecessary = true; +// } +// } +// +// //Zeigen wir, dass die Daten �bernommen wurden: +// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; +// +// // Input processor +// this.form = ""; +// if (formNecessary) { +// ParepInputProcessor inputProcessor= getInputProcessor(); +// this.form = inputProcessor.start( +// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, +// cbFullName, cbIdentificationType, cbIdentificationValue); +// if (this.form == null) { +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// } else { +// // Request vorbereiten mit vorgegebenen Daten +// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, +// cbIdentificationType, cbIdentificationValue); +// } +// +// +// // ParepUtils.serializeElement(request.getMandator(), System.out); +// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); +// +// addAuthBlockExtendedSamlAttributes(); +// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); +// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet"); +// validationResult.setValid(true); +// return validationResult; +// } catch (Exception e) { +// e.printStackTrace(); +// Logger.info(e); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) +// */ +// public InfoboxValidationResult validate(Map parameters) throws ValidateException { +// +// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); +// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); +// Logger.debug("Prüfe im Formular ausgefüllte Daten..."); +// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); +// +// // Input processor +// ParepInputProcessor inputProcessor= getInputProcessor(); +// this.form = inputProcessor.validate(parameters, null); +// if (this.form == null) { +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// +// addAuthBlockExtendedSamlAttributes(); +// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); +// validationResult.setValid(true); +// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); +// return validationResult; +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) +// */ +// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { +// +// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); +// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung"); +// this.form = ""; +// try { +// +// +// request.setSignature(samlAssertion); +// +////DPO debug +//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); +//// String id = representationID; +//// CreateMandateResponse response; +//// if (true) { +//// if (this.params.getHideStammzahl()) { +//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); +//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen. +//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen. +//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK +//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); +//// } +//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); +// +// //ParepUtils.serializeElement(request.toElement(), System.out); +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); +// +// // configure szrgw client +// Logger.debug("Lade SZR-GW Client."); +// SZRGWClient client = new SZRGWClient(); +// // System.out.println("Parameters: " + cfg.getConnectionParameters()); +// Logger.debug("Initialisiere Verbindung..."); +// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); +// // Logger.debug("Connection Parameters: " + connectionParameters); +// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); +// client.setAddress(connectionParameters.getUrl()); +// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { +// Logger.debug("Initialisiere SSL Verbindung"); +// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); +// } +// +// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); // CreateMandateResponse response; -// if (true) { +// Element requ = request.toElement(); +// try { +// response = client.createMandateResponse(requ); +// } catch (SZRGWClientException e) { +// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. +// client = new SZRGWClient(connectionParameters.getUrl()); +// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); +// response = client.createMandateResponse(requ); +// } +// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():""); +// if (response.getResultCode()==2000) { +// if(response.getMandate()==null) { +// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// +// +// //DPO debug output (2lines) +// String id = representationID; +// if (id.equals("*")) id="standardisiert"; +// +// Element mandate = response.getMandate(); +// // Replace Stammzahlen +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); // if (this.params.getHideStammzahl()) { -// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); -// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen. -// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen. -// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK // ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); // } -// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); - - //ParepUtils.serializeElement(request.toElement(), System.out); - if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); - - // configure szrgw client - Logger.debug("Lade SZR-GW Client."); - SZRGWClient client = new SZRGWClient(); - // System.out.println("Parameters: " + cfg.getConnectionParameters()); - Logger.debug("Initialisiere Verbindung..."); - ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); - // Logger.debug("Connection Parameters: " + connectionParameters); - Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } - - Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); - CreateMandateResponse response; - Element requ = request.toElement(); - try { - response = client.createMandateResponse(requ); - } catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - client = new SZRGWClient(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - response = client.createMandateResponse(requ); - } - Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():""); - if (response.getResultCode()==2000) { - if(response.getMandate()==null) { - Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - - - //DPO debug output (2lines) - String id = representationID; - if (id.equals("*")) id="standardisiert"; - - Element mandate = response.getMandate(); - // Replace Stammzahlen - if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); - if (this.params.getHideStammzahl()) { - ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); - if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); - } - - extendedSamlAttributes.clear(); - // Vollmacht - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); - validationResult.setValid(true); - Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet"); - } else { - String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; - String responseInfo = response.getInfo(); - if (response.getResultCode()>=4000 && response.getResultCode()<4999) { - if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; - validationResult.setErrorMessage(errorMsg); - } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) { - // Person not found - ParepInputProcessor inputProcessor= getInputProcessor(); - switch (response.getResultCode()) { - case 5230: - errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben."; - break; - case 5231: - errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben."; - break; - default: - if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; - } - this.form = inputProcessor.validate(generateParameters(), errorMsg); - if (this.form == null) { - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - validationResult.setValid(true); - } else { - // Do not inform the user too much - Logger.error(errorMsg); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - } - - } - return validationResult; - } catch (Exception e) { - e.printStackTrace(); - Logger.info(e); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - } - - /** - * provides the primary infobox token of the given list. - * - * @param infoBoxTokens - * the list of infobox tokens. - * @return - * the XML element of the primary token. - * @throws ValidateException - * if an error occurs or list is not suitable. - */ - public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { - if (infoBoxTokens == null || infoBoxTokens.size() == 0) { - throw new ValidateException("validator.62", null); - } - for (int i = 0; i < infoBoxTokens.size(); i++) { - InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); - if (token.isPrimary()) { - return token.getXMLToken(); - } - } - throw new ValidateException("validator.62", null); - } - - /* - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() - */ - public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); - return ret; - } - - - /** - * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. - */ - public String getForm() { - return this.form; - } - - /** - * Gets the user form input processor (class) assigned to the current party representative - * If the method is called for the first time it initializes the input processor. - * - * @return The user form input processor - */ - private ParepInputProcessor getInputProcessor() { - - if (this.inputProcessor!=null) return inputProcessor; - String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); - ParepInputProcessor inputProcessor = null; - try { - Class inputProcessorClass = Class.forName(inputProcessorName); - inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); - inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); - } catch (Exception e) { - Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); - } - this.inputProcessor = inputProcessor; - return inputProcessor; - } - - /** - * Generates the parameter list, which is needed to simulate a return from - * an user form. - * - * @return the form parameters - */ - private Map generateParameters() { - Map parameters = new HashMap(); - boolean physical = true; - String familyName = ""; - String givenName = ""; - String dateOfBirth = ""; - String cbFullName = ""; - String cbIdentificationType = ""; - String cbIdentificationValue = ""; - String postalCode = ""; - String municipality = ""; - String streetName = ""; - String buildingNumber = ""; - String unit = ""; - - try { - // Vertretener (erstes Vorkommen) - Element mandator = request.getMandator(); - if (mandator != null) { - if (ParepUtils.isPhysicalPerson(mandator)) { - familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); - } else { - physical = false; - cbFullName = ParepUtils.extractMandatorFullName(mandator); - cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); - cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); - } - postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); - municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); - streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); - buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); - unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); - } - } catch (Exception e) { - Logger.error("Could not extract Mandator form SZR-gateway request"); - } - parameters.put("familyname_", familyName); - parameters.put("givenname_", givenName); - parameters.put("dateofbirth_", dateOfBirth); - parameters.put("dobyear_", dateOfBirth.substring(0,4)); - parameters.put("dobmonth_", dateOfBirth.substring(5,7)); - parameters.put("dobday_", dateOfBirth.substring(8,10)); - parameters.put("physical_", physical ? "true" : "false"); - parameters.put("fullname_", cbFullName); - parameters.put("cbidentificationtype_", cbIdentificationType); - parameters.put("cbidentificationvalue_", cbIdentificationValue); - parameters.put("postalcode_", postalCode); - parameters.put("municipality_", municipality); - parameters.put("streetname_", streetName); - parameters.put("buildingnumber_", buildingNumber); - parameters.put("unit_", unit); - return parameters; - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - */ - private void addAuthBlockExtendedSamlAttributes() { - extendedSamlAttributes.clear(); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - Element mandator = request.getMandator(); - // Name - String name = ParepUtils.extractMandatorName(mandator); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - // Geburtsdatum - String dob = ParepUtils.extractMandatorDateOfBirth(mandator); - if (dob != null && !"".equals(dob)) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - // (w)bpk - String wbpk = ParepUtils.extractMandatorWbpk(mandator); - if (!ParepUtils.isEmpty(wbpk)) { - if (!ParepUtils.isPhysicalPerson(mandator)){ - String idType = ParepUtils.extractMandatorIdentificationType(mandator); - if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } else if (this.params.getBusinessApplication()) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } - } - -// public static void main(String[] args) throws Exception { +// +// extendedSamlAttributes.clear(); +// // Vollmacht +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); +// +// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); +// validationResult.setValid(true); +// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet"); +// } else { +// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; +// String responseInfo = response.getInfo(); +// if (response.getResultCode()>=4000 && response.getResultCode()<4999) { +// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; +// validationResult.setErrorMessage(errorMsg); +// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) { +// // Person not found +// ParepInputProcessor inputProcessor= getInputProcessor(); +// switch (response.getResultCode()) { +// case 5230: +// errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben."; +// break; +// case 5231: +// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben."; +// break; +// default: +// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; +// } +// this.form = inputProcessor.validate(generateParameters(), errorMsg); +// if (this.form == null) { +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// validationResult.setValid(true); +// } else { +// // Do not inform the user too much +// Logger.error(errorMsg); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// } +// +// } +// return validationResult; +// } catch (Exception e) { +// e.printStackTrace(); +// Logger.info(e); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// } +// +// /** +// * provides the primary infobox token of the given list. +// * +// * @param infoBoxTokens +// * the list of infobox tokens. +// * @return +// * the XML element of the primary token. +// * @throws ValidateException +// * if an error occurs or list is not suitable. +// */ +// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { +// if (infoBoxTokens == null || infoBoxTokens.size() == 0) { +// throw new ValidateException("validator.62", null); +// } +// for (int i = 0; i < infoBoxTokens.size(); i++) { +// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); +// if (token.isPrimary()) { +// return token.getXMLToken(); +// } +// } +// throw new ValidateException("validator.62", null); +// } +// +// /* +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() +// */ +// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { +// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; +// extendedSamlAttributes.copyInto(ret); +// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); +// return ret; +// } +// +// +// /** +// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. +// */ +// public String getForm() { +// return this.form; +// } +// +// /** +// * Gets the user form input processor (class) assigned to the current party representative +// * If the method is called for the first time it initializes the input processor. +// * +// * @return The user form input processor +// */ +// private ParepInputProcessor getInputProcessor() { +// +// if (this.inputProcessor!=null) return inputProcessor; +// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); +// ParepInputProcessor inputProcessor = null; +// try { +// Class inputProcessorClass = Class.forName(inputProcessorName); +// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); +// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); +// } catch (Exception e) { +// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); +// } +// this.inputProcessor = inputProcessor; +// return inputProcessor; +// } +// +// /** +// * Generates the parameter list, which is needed to simulate a return from +// * an user form. +// * +// * @return the form parameters +// */ +// private Map generateParameters() { +// Map parameters = new HashMap(); +// boolean physical = true; +// String familyName = ""; +// String givenName = ""; +// String dateOfBirth = ""; +// String cbFullName = ""; +// String cbIdentificationType = ""; +// String cbIdentificationValue = ""; +// String postalCode = ""; +// String municipality = ""; +// String streetName = ""; +// String buildingNumber = ""; +// String unit = ""; +// +// try { +// // Vertretener (erstes Vorkommen) +// Element mandator = request.getMandator(); +// if (mandator != null) { +// if (ParepUtils.isPhysicalPerson(mandator)) { +// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); +// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); +// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); +// } else { +// physical = false; +// cbFullName = ParepUtils.extractMandatorFullName(mandator); +// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); +// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); +// } +// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); +// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); +// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); +// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); +// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); +// } +// } catch (Exception e) { +// Logger.error("Could not extract Mandator form SZR-gateway request"); +// } +// parameters.put("familyname_", familyName); +// parameters.put("givenname_", givenName); +// parameters.put("dateofbirth_", dateOfBirth); +// parameters.put("dobyear_", dateOfBirth.substring(0,4)); +// parameters.put("dobmonth_", dateOfBirth.substring(5,7)); +// parameters.put("dobday_", dateOfBirth.substring(8,10)); +// parameters.put("physical_", physical ? "true" : "false"); +// parameters.put("fullname_", cbFullName); +// parameters.put("cbidentificationtype_", cbIdentificationType); +// parameters.put("cbidentificationvalue_", cbIdentificationValue); +// parameters.put("postalcode_", postalCode); +// parameters.put("municipality_", municipality); +// parameters.put("streetname_", streetName); +// parameters.put("buildingnumber_", buildingNumber); +// parameters.put("unit_", unit); +// return parameters; +// } +// +// /** +// * Adds the AUTH block related SAML attributes to the validation result. +// * This is needed always before the AUTH block is to be signed, because the +// * name of the mandator has to be set +// */ +// private void addAuthBlockExtendedSamlAttributes() { +// extendedSamlAttributes.clear(); +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// Element mandator = request.getMandator(); +// // Name +// String name = ParepUtils.extractMandatorName(mandator); +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// // Geburtsdatum +// String dob = ParepUtils.extractMandatorDateOfBirth(mandator); +// if (dob != null && !"".equals(dob)) { +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// } +// // (w)bpk +// String wbpk = ParepUtils.extractMandatorWbpk(mandator); +// if (!ParepUtils.isEmpty(wbpk)) { +// if (!ParepUtils.isPhysicalPerson(mandator)){ +// String idType = ParepUtils.extractMandatorIdentificationType(mandator); +// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// } +// } else if (this.params.getBusinessApplication()) { +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// } +// } // } +// +//// public static void main(String[] args) throws Exception { +//// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index bc5a0e061..ee5a57914 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants; * @author Peter Danner */ public class ParepConfiguration { - - /** - * System property for config file. - */ - public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config"; - - /** - * SZR-GW connection parameters. - */ - private ConnectionParameter standardConnectionParameters; - - /** - * Input field processor. - */ - private String standardInputProcessorClass; - - /** - * Input field processor template. - */ - private String standardInputProcessorTemplate; - - /** - * Configured party representatives. - */ - private HashMap partyRepresentatives; - - /** - * The configuration element. - */ - private Element configElement = null; - - /** - * Defines whether the user input form must be shown on each - * request or not (also predefined mandates) - */ - private boolean alwaysShowForm = false; - - /** - * The configuration base directory. - */ - private String baseDir_; - - /** - * Gets the SZR-GW connection parameters. - * - * @return the connection parameters. - */ - public ConnectionParameter getConnectionParameters(String representationID) { - if (partyRepresentatives == null || "*".equals(representationID)) - return standardConnectionParameters; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - ConnectionParameter connectionParameters = pr.getConnectionParameters(); - if (connectionParameters==null) connectionParameters = standardConnectionParameters; - return connectionParameters; - } - - /** - * Sets the SZR-GW connection parameters for standard connection. - * - * @param connectionParameters - * the connection parameters. - */ - public void setStandardConnectionParameters(ConnectionParameter connectionParameters) { - this.standardConnectionParameters = connectionParameters; - } - - /* - * - */ - public String getFullDirectoryName(String fileString) { - return makeAbsoluteURL(fileString, baseDir_); - } - - /* - * - */ - private static String makeAbsoluteURL(String url, String root) { - // if url is relative to rootConfigFileDirName make it absolute - - File keyFile; - String newURL = url; - - if (null == url) - return null; - - if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) { - return url; - } else { - // check if absolute - if not make it absolute - keyFile = new File(url); - if (!keyFile.isAbsolute()) { - keyFile = new File(root, url); - newURL = keyFile.getPath(); - } - return newURL; - } - } - - /** - * Initializes the configuration with a given XML configuration element found - * in the MOA-ID configuration. - * - * @param configElem - * the configuration element. - * @throws ConfigurationException - * if an error occurs initializing the configuration. - */ - public ParepConfiguration(Element configElem) throws ConfigurationException { - - partyRepresentatives = new HashMap(); - partyRepresentatives.put("*", new PartyRepresentative(true, true)); - - String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); - - try { - - baseDir_ = (new File(fileName)).getParentFile().toURL().toString(); - Logger.trace("Config base directory: " + baseDir_); - // check for configuration in system properties - if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) { - Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG))); - this.configElement = doc.getDocumentElement(); - } else { - this.configElement = configElem; - } - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e); - } - load(); - } - - /* - * - */ - private void load() throws ConfigurationException { - Logger.debug("Parse ParepValidator Konfiguration"); - try { - Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); - // nameSpaceNode.setAttribute("xmlns:sgw", - // SZRGWConstants.SZRGW_PROFILE_NS); - - Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); - if (inputProcessorNode != null) { - this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template"); - Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode); - if (inputProcessorClassNode != null) { - this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue(); - } - } - Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode); - if (alwaysShowFormNode != null) { - this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue()); - } - - // load connection parameters - Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter"); - Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode); - if (connectionParamElement != null) { - // parse connection parameters - // ParepUtils.serializeElement(connectionParamElement, System.out); - this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); - } - - Logger.trace("Lade Konfiguration der Parteienvertreter"); - NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); - for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { - - PartyRepresentative partyRepresentative = new PartyRepresentative(); - - Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i); - boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false; - boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false; - partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid")); - partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty); - partyRepresentative.setRepresentingCorporateParty(representCorporateParty); - partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText")); - - Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); - if (inputProcessorSubNode != null) { - partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template")); - Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX - + ":InputProcessor/text()", nameSpaceNode); - if (inputProcessorClassSubNode != null) { - partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue()); - } - } - - Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX - + ":ConnectionParameter", nameSpaceNode); - if (connectionParamSubElement == null) { - if (this.standardConnectionParameters == null) { - throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter " - + partyRepresentative.getOid() + " fehlen.", null, null); - } - } else { - // parse connection parameters - // ParepUtils.serializeElement(connectionParamSubElement, System.out); - partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); - } - partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); - Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" - + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() - + ", representationText=" + partyRepresentative.getRepresentationText() - + ")"); - } - - Logger.debug("ParepValidator Konfiguration erfolgreich geparst."); - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e); - } - } - - /* - * - */ - private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException { - try { - ConnectionParameter connectionParameter = new ConnectionParameter(); - - // parse connection url - String URL = connParamElement.getAttribute("URL"); - connectionParameter.setUrl(URL); - - // accepted server certificates - Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()", - nameSpaceNode); - if (accServerCertsNode != null) { - - String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue()); - Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir); - connectionParameter.setAcceptedServerCertificates(serverCertsDir); - } - - // client key store - Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode); - if (clientKeyStoreNode != null) { - String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue()); - connectionParameter.setClientKeyStore(clientKeystore); - } - - // client key store password - Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password", - nameSpaceNode); - if (clientKeyStorePasswordNode != null) { - connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue()); - } - - return connectionParameter; - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); - } - } - - public boolean isPartyRepresentative(String representationID) { - if (partyRepresentatives == null) - return false; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - return pr != null; - } - - public boolean isRepresentingCorporateParty(String representationID) { - if (partyRepresentatives == null) return false; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr == null) return false; - return pr.isRepresentingCorporateParty(); - } - - public boolean isRepresentingPhysicalParty(String representationID) { - if (partyRepresentatives == null) return false; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr == null) return false; - return pr.isRepresentingPhysicalParty(); - } - - public String getRepresentationText(String representationID) { - String result = ParepValidator.STANDARD_REPRESENTATION_TEXT; - if (partyRepresentatives != null) { - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr != null) { - if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText(); - } - } - return result; - } - - /** - * @return the input processor classname corresponding to representationID - * @param representationID - * the representation ID. - */ - public String getInputProcessorClass(String representationID) { - String inputProcessorClass = standardInputProcessorClass; - if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR; - if (!(partyRepresentatives == null || "*".equals(representationID))) { - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr!=null) { - String prInputProcessorClass = pr.getInputProcessorClass(); - if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass; - } - } - return inputProcessorClass; - } - - /** - * @param standardInputProcessorClass the standardInputProcessorClass to set - */ - public void setStandardInputProcessorClass(String standardInputProcessorClass) { - this.standardInputProcessorClass = standardInputProcessorClass; - } - - /** - * @return the InputProcessorTemplate - */ - public String getInputProcessorTemplate(String representationID) { - String inputProcessorTemplate = standardInputProcessorTemplate; - if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE; - if (!(partyRepresentatives == null || "*".equals(representationID))) { - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr!=null) { - String prInputProcessorTemplate = pr.getInputProcessorTemplate(); - if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate; - } - } - return inputProcessorTemplate; - } - - /** - * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set - */ - public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) { - this.standardInputProcessorTemplate = standardInputProcessorTemplate; - } - - /** - * @return the alwaysShowForm - */ - public boolean isAlwaysShowForm() { - return alwaysShowForm; - } - + + + //TODO: check correctness!!!! /** - * @param alwaysShowForm the alwaysShowForm to set - */ - public void setAlwaysShowForm(String alwaysShowForm) { - if (ParepUtils.isEmpty(alwaysShowForm)) { - this.alwaysShowForm = false; - } else { - this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true"); - } - } - - public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { - try { - if (configElement==null) return false; - Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); - Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); - if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) { - return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true"); - } - return false; - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e); - } - - } - - -// public static void main(String[] args) throws Exception { -// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml"); -// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml"); -// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties"); -// Configuration cfg = new Configuration(null); -// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110")); -//} +// * System property for config file. +// */ +// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config"; +// +// /** +// * SZR-GW connection parameters. +// */ +// private ConnectionParameter standardConnectionParameters; +// +// /** +// * Input field processor. +// */ +// private String standardInputProcessorClass; +// +// /** +// * Input field processor template. +// */ +// private String standardInputProcessorTemplate; +// +// /** +// * Configured party representatives. +// */ +// private HashMap partyRepresentatives; +// +// /** +// * The configuration element. +// */ +// private Element configElement = null; +// +// /** +// * Defines whether the user input form must be shown on each +// * request or not (also predefined mandates) +// */ +// private boolean alwaysShowForm = false; +// +// /** +// * The configuration base directory. +// */ +// private String baseDir_; +// +// /** +// * Gets the SZR-GW connection parameters. +// * +// * @return the connection parameters. +// */ +// public ConnectionParameter getConnectionParameters(String representationID) { +// if (partyRepresentatives == null || "*".equals(representationID)) +// return standardConnectionParameters; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// ConnectionParameter connectionParameters = pr.getConnectionParameters(); +// if (connectionParameters==null) connectionParameters = standardConnectionParameters; +// return connectionParameters; +// } +// +// /** +// * Sets the SZR-GW connection parameters for standard connection. +// * +// * @param connectionParameters +// * the connection parameters. +// */ +// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) { +// this.standardConnectionParameters = connectionParameters; +// } +// +// /* +// * +// */ +// public String getFullDirectoryName(String fileString) { +// return makeAbsoluteURL(fileString, baseDir_); +// } +// +// /* +// * +// */ +// private static String makeAbsoluteURL(String url, String root) { +// // if url is relative to rootConfigFileDirName make it absolute +// +// File keyFile; +// String newURL = url; +// +// if (null == url) +// return null; +// +// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) { +// return url; +// } else { +// // check if absolute - if not make it absolute +// keyFile = new File(url); +// if (!keyFile.isAbsolute()) { +// keyFile = new File(root, url); +// newURL = keyFile.getPath(); +// } +// return newURL; +// } +// } +// +// /** +// * Initializes the configuration with a given XML configuration element found +// * in the MOA-ID configuration. +// * +// * @param configElem +// * the configuration element. +// * @throws ConfigurationException +// * if an error occurs initializing the configuration. +// */ +// public ParepConfiguration(Element configElem) throws ConfigurationException { +// +// partyRepresentatives = new HashMap(); +// partyRepresentatives.put("*", new PartyRepresentative(true, true)); +// +// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); +// +// try { +// +// baseDir_ = (new File(fileName)).getParentFile().toURL().toString(); +// Logger.trace("Config base directory: " + baseDir_); +// // check for configuration in system properties +// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) { +// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG))); +// this.configElement = doc.getDocumentElement(); +// } else { +// this.configElement = configElem; +// } +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e); +// } +// load(); +// } +// +// /* +// * +// */ +// private void load() throws ConfigurationException { +// Logger.debug("Parse ParepValidator Konfiguration"); +// try { +// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); +// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); +// // nameSpaceNode.setAttribute("xmlns:sgw", +// // SZRGWConstants.SZRGW_PROFILE_NS); +// +// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); +// if (inputProcessorNode != null) { +// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template"); +// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode); +// if (inputProcessorClassNode != null) { +// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue(); +// } +// } +// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode); +// if (alwaysShowFormNode != null) { +// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue()); +// } +// +// // load connection parameters +// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter"); +// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode); +// if (connectionParamElement != null) { +// // parse connection parameters +// // ParepUtils.serializeElement(connectionParamElement, System.out); +// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); +// } +// +// Logger.trace("Lade Konfiguration der Parteienvertreter"); +// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); +// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { +// +// PartyRepresentative partyRepresentative = new PartyRepresentative(); +// +// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i); +// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false; +// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false; +// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid")); +// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty); +// partyRepresentative.setRepresentingCorporateParty(representCorporateParty); +// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText")); +// +// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); +// if (inputProcessorSubNode != null) { +// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template")); +// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX +// + ":InputProcessor/text()", nameSpaceNode); +// if (inputProcessorClassSubNode != null) { +// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue()); +// } +// } +// +// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX +// + ":ConnectionParameter", nameSpaceNode); +// if (connectionParamSubElement == null) { +// if (this.standardConnectionParameters == null) { +// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter " +// + partyRepresentative.getOid() + " fehlen.", null, null); +// } +// } else { +// // parse connection parameters +// // ParepUtils.serializeElement(connectionParamSubElement, System.out); +// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); +// } +// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); +// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" +// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() +// + ", representationText=" + partyRepresentative.getRepresentationText() +// + ")"); +// } +// +// Logger.debug("ParepValidator Konfiguration erfolgreich geparst."); +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e); +// } +// } +// +// /* +// * +// */ +// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException { +// try { +// ConnectionParameter connectionParameter = new ConnectionParameter(); +// +// // parse connection url +// String URL = connParamElement.getAttribute("URL"); +// connectionParameter.setUrl(URL); +// +// // accepted server certificates +// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()", +// nameSpaceNode); +// if (accServerCertsNode != null) { +// +// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue()); +// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir); +// connectionParameter.setAcceptedServerCertificates(serverCertsDir); +// } +// +// // client key store +// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode); +// if (clientKeyStoreNode != null) { +// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue()); +// connectionParameter.setClientKeyStore(clientKeystore); +// } +// +// // client key store password +// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password", +// nameSpaceNode); +// if (clientKeyStorePasswordNode != null) { +// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue()); +// } +// +// return connectionParameter; +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); +// } +// } +// +// public boolean isPartyRepresentative(String representationID) { +// if (partyRepresentatives == null) +// return false; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// return pr != null; +// } +// +// public boolean isRepresentingCorporateParty(String representationID) { +// if (partyRepresentatives == null) return false; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr == null) return false; +// return pr.isRepresentingCorporateParty(); +// } +// +// public boolean isRepresentingPhysicalParty(String representationID) { +// if (partyRepresentatives == null) return false; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr == null) return false; +// return pr.isRepresentingPhysicalParty(); +// } +// +// public String getRepresentationText(String representationID) { +// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT; +// if (partyRepresentatives != null) { +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr != null) { +// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText(); +// } +// } +// return result; +// } +// +// /** +// * @return the input processor classname corresponding to representationID +// * @param representationID +// * the representation ID. +// */ +// public String getInputProcessorClass(String representationID) { +// String inputProcessorClass = standardInputProcessorClass; +// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR; +// if (!(partyRepresentatives == null || "*".equals(representationID))) { +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr!=null) { +// String prInputProcessorClass = pr.getInputProcessorClass(); +// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass; +// } +// } +// return inputProcessorClass; +// } +// +// /** +// * @param standardInputProcessorClass the standardInputProcessorClass to set +// */ +// public void setStandardInputProcessorClass(String standardInputProcessorClass) { +// this.standardInputProcessorClass = standardInputProcessorClass; +// } +// +// /** +// * @return the InputProcessorTemplate +// */ +// public String getInputProcessorTemplate(String representationID) { +// String inputProcessorTemplate = standardInputProcessorTemplate; +// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE; +// if (!(partyRepresentatives == null || "*".equals(representationID))) { +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr!=null) { +// String prInputProcessorTemplate = pr.getInputProcessorTemplate(); +// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate; +// } +// } +// return inputProcessorTemplate; +// } +// +// /** +// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set +// */ +// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) { +// this.standardInputProcessorTemplate = standardInputProcessorTemplate; +// } +// +// /** +// * @return the alwaysShowForm +// */ +// public boolean isAlwaysShowForm() { +// return alwaysShowForm; +// } +// +// /** +// * @param alwaysShowForm the alwaysShowForm to set +// */ +// public void setAlwaysShowForm(String alwaysShowForm) { +// if (ParepUtils.isEmpty(alwaysShowForm)) { +// this.alwaysShowForm = false; +// } else { +// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true"); +// } +// } +// +// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { +// try { +// if (configElement==null) return false; +// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); +// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); +// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); +// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) { +// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true"); +// } +// return false; +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e); +// } +// +// } +// +// +//// public static void main(String[] args) throws Exception { +//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml"); +//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml"); +//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties"); +//// Configuration cfg = new Configuration(null); +//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110")); +////} } -- cgit v1.2.3