From 49acb697426d3c313ad047449ea62ac1bf3f4fd0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Jul 2013 12:01:21 +0200 Subject: MOA-ID 2.x Configuration implemented -SSO deaktivated -Login with mandate and normal tested --- .../moa/id/auth/AuthenticationServer.java | 1110 +++++++--------- .../moa/id/auth/MOAIDAuthInitializer.java | 47 +- .../builder/CreateXMLSignatureRequestBuilder.java | 12 +- .../moa/id/auth/builder/DataURLBuilder.java | 38 +- .../builder/InfoboxValidatorParamsBuilder.java | 6 +- .../moa/id/auth/builder/LoginFormBuilder.java | 10 +- .../moa/id/auth/builder/RedirectFormBuilder.java | 43 + .../moa/id/auth/builder/SAMLArtifactBuilder.java | 2 +- .../builder/VerifyXMLSignatureRequestBuilder.java | 30 +- .../moa/id/auth/data/AuthenticationSession.java | 28 +- .../StartAuthentificationParameterParser.java | 40 +- .../moa/id/auth/servlet/AuthServlet.java | 13 +- .../servlet/GenerateIFrameTemplateServlet.java | 87 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 100 +- .../auth/servlet/ProcessValidatorInputServlet.java | 232 ++-- .../moa/id/auth/servlet/RedirectServlet.java | 37 + .../moa/id/auth/servlet/SelectBKUServlet.java | 178 +-- .../CreateXMLSignatureResponseValidator.java | 2 +- .../VerifyXMLSignatureResponseValidator.java | 2 +- .../validator/parep/ParepInputProcessorImpl.java | 486 +++---- .../id/auth/validator/parep/ParepValidator.java | 1104 ++++++++-------- .../validator/parep/config/ParepConfiguration.java | 762 +++++------ .../moa/id/config/ConfigurationBuilder.java | 1396 -------------------- .../moa/id/config/ConfigurationProvider.java | 23 +- .../moa/id/config/ConfigurationUtils.java | 36 + .../moa/id/config/ConnectionParameter.java | 130 -- .../moa/id/config/ConnectionParameterForeign.java | 41 + .../moa/id/config/ConnectionParameterMOASP.java | 42 + .../moa/id/config/ConnectionParameterMandate.java | 41 + .../gv/egovernment/moa/id/config/OAParameter.java | 133 +- .../id/config/auth/AuthConfigurationProvider.java | 623 +++++---- .../moa/id/config/auth/OAAuthParameter.java | 619 +++------ .../id/config/legacy/BuildFromLegacyConfig.java | 51 +- .../gv/egovernment/moa/id/config/legacy/CPEPS.java | 98 ++ .../moa/id/config/legacy/ConfigurationBuilder.java | 1396 ++++++++++++++++++++ .../moa/id/config/legacy/ConnectionParameter.java | 130 ++ .../moa/id/config/legacy/OAAuthParameter.java | 501 +++++++ .../moa/id/config/legacy/OAParameter.java | 164 +++ .../moa/id/config/legacy/STORKConfig.java | 90 ++ .../config/legacy/SignatureCreationParameter.java | 112 ++ .../legacy/SignatureVerificationParameter.java | 35 + .../id/config/legacy/VerifyInfoboxParameter.java | 411 ++++++ .../id/config/legacy/VerifyInfoboxParameters.java | 159 +++ .../moa/id/config/proxy/OAProxyParameter.java | 4 +- .../id/config/proxy/ProxyConfigurationBuilder.java | 4 +- .../config/proxy/ProxyConfigurationProvider.java | 2 +- .../moa/id/config/stork/STORKConfig.java | 125 +- .../config/stork/SignatureCreationParameter.java | 63 +- .../stork/SignatureVerificationParameter.java | 12 +- .../moa/id/entrypoints/DispatcherServlet.java | 50 +- .../id/iaik/config/CertStoreConfigurationImpl.java | 9 +- .../moa/id/moduls/AuthenticationManager.java | 16 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 4 +- .../moa/id/protocols/saml1/GetArtifactAction.java | 29 +- .../saml1/GetAuthenticationDataService.java | 4 +- .../protocols/saml1/SAML1AuthenticationServer.java | 325 ++++- .../moa/id/proxy/DefaultConnectionBuilder.java | 8 +- .../moa/id/proxy/ElakConnectionBuilder.java | 9 +- .../moa/id/proxy/EnhancedConnectionBuilder.java | 9 +- .../moa/id/proxy/MOAIDProxyInitializer.java | 14 +- .../proxy/invoke/GetAuthenticationDataInvoker.java | 2 +- .../moa/id/proxy/servlet/ProxyServlet.java | 6 +- .../moa/id/storage/AssertionStorage.java | 12 +- .../id/storage/AuthenticationSessionStoreage.java | 41 +- .../moa/id/util/ParamValidatorUtils.java | 18 +- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 4 +- .../moa/id/util/client/mis/simple/MISMandate.java | 8 +- .../id/util/client/mis/simple/MISSimpleClient.java | 11 +- 68 files changed, 6610 insertions(+), 4779 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f7c0ff812..214a1df7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -160,12 +160,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * time out in milliseconds used by {@link cleanup} for session store */ - private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes /** * Returns the single instance of AuthenticationServer. @@ -185,140 +186,144 @@ public class AuthenticationServer implements MOAIDAuthConstants { super(); } - /** - * Processes request to select a BKU.
- * Processing depends on value of - * {@link AuthConfigurationProvider#getBKUSelectionType}.
- * For bkuSelectionType==HTMLComplete, a returnURI - * for the "BKU Auswahl" service is returned.
- * For bkuSelectionType==HTMLSelect, an HTML form for BKU - * selection is returned. - * - * @param authURL - * base URL of MOA-ID Auth component - * @param target - * "Geschäftsbereich" - * @param oaURL - * online application URL requested - * @param bkuSelectionTemplateURL - * template for BKU selection form to be used in case of - * HTMLSelect; may be null - * @param templateURL - * URL providing an HTML template for the HTML form to be used - * for call startAuthentication - * @return for bkuSelectionType==HTMLComplete, the - * returnURI for the "BKU Auswahl" service; for - * bkuSelectionType==HTMLSelect, an HTML form for BKU - * selection - * @throws WrongParametersException - * upon missing parameters - * @throws AuthenticationException - * when the configured BKU selection service cannot be reached, - * and when the given bkuSelectionTemplateURL cannot be reached - * @throws ConfigurationException - * on missing configuration data - * @throws BuildException - * while building the HTML form - */ - public String selectBKU(String authURL, String target, String oaURL, - String bkuSelectionTemplateURL, String templateURL) - throws WrongParametersException, AuthenticationException, - ConfigurationException, BuildException { - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL - + "*" }); - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.05"); - - ConnectionParameter bkuConnParam = AuthConfigurationProvider - .getInstance().getBKUConnectionParameter(); - if (bkuConnParam == null) - throw new ConfigurationException("config.08", - new Object[] { "BKUSelection/ConnectionParameter" }); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (!isEmpty(target)) { - Logger - .info("Ignoring target parameter thus application type is \"businessService\""); - } - target = null; - } - - AuthenticationSession session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - - String returnURL = new DataURLBuilder().buildDataURL(authURL, - REQ_START_AUTHENTICATION, session.getSessionID()); - String bkuSelectionType = AuthConfigurationProvider.getInstance() - .getBKUSelectionType(); - if (bkuSelectionType - .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = bkuConnParam.getUrl() + "?" - + AuthServlet.PARAM_RETURN + "=" + returnURL; - return redirectURL; - } else { - // bkuSelectionType==HTMLSelect - String bkuSelectTag; - try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider - .getInstance(), bkuConnParam); - } catch (Throwable ex) { - throw new AuthenticationException("auth.11", new Object[] { - bkuConnParam.getUrl(), ex.toString() }, ex); - } - String bkuSelectionTemplate = null; - // override template url by url from configuration file - if (oaParam.getBkuSelectionTemplateURL() != null) { - bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); - } - if (bkuSelectionTemplateURL != null) { - try { - bkuSelectionTemplate = new String(FileUtils - .readURL(bkuSelectionTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - bkuSelectionTemplateURL, ex.toString() }, ex); - } - } - String htmlForm = new SelectBKUFormBuilder().build( - bkuSelectionTemplate, returnURL, bkuSelectTag); - return htmlForm; - } - } +// /** +// * Processes request to select a BKU.
+// * Processing depends on value of +// * {@link AuthConfigurationProvider#getBKUSelectionType}.
+// * For bkuSelectionType==HTMLComplete, a returnURI +// * for the "BKU Auswahl" service is returned.
+// * For bkuSelectionType==HTMLSelect, an HTML form for BKU +// * selection is returned. +// * +// * @param authURL +// * base URL of MOA-ID Auth component +// * @param target +// * "Geschäftsbereich" +// * @param oaURL +// * online application URL requested +// * @param bkuSelectionTemplateURL +// * template for BKU selection form to be used in case of +// * HTMLSelect; may be null +// * @param templateURL +// * URL providing an HTML template for the HTML form to be used +// * for call startAuthentication +// * @return for bkuSelectionType==HTMLComplete, the +// * returnURI for the "BKU Auswahl" service; for +// * bkuSelectionType==HTMLSelect, an HTML form for BKU +// * selection +// * @throws WrongParametersException +// * upon missing parameters +// * @throws AuthenticationException +// * when the configured BKU selection service cannot be reached, +// * and when the given bkuSelectionTemplateURL cannot be reached +// * @throws ConfigurationException +// * on missing configuration data +// * @throws BuildException +// * while building the HTML form +// */ +// public String selectBKU(String authURL, String target, String oaURL, +// String bkuSelectionTemplateURL, String templateURL) +// throws WrongParametersException, AuthenticationException, +// ConfigurationException, BuildException { +// +// // check if HTTP Connection may be allowed (through +// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +// if ((!authURL.startsWith("https:")) +// && (false == BoolUtils.valueOf(boolStr))) +// throw new AuthenticationException("auth.07", new Object[] { authURL +// + "*" }); +// if (isEmpty(authURL)) +// throw new WrongParametersException("StartAuthentication", +// "AuthURL", "auth.05"); +// if (isEmpty(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.05"); +// +// ConnectionParameter bkuConnParam = AuthConfigurationProvider +// .getInstance().getBKUConnectionParameter(); +// if (bkuConnParam == null) +// throw new ConfigurationException("config.08", +// new Object[] { "BKUSelection/ConnectionParameter" }); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// if (!oaParam.getBusinessService()) { +// if (isEmpty(target)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_TARGET, "auth.05"); +// } else { +// if (!isEmpty(target)) { +// Logger +// .info("Ignoring target parameter thus application type is \"businessService\""); +// } +// target = null; +// } +// +// AuthenticationSession session = newSession(); +// Logger.info("MOASession " + session.getSessionID() + " angelegt"); +// session.setTarget(target); +// session.setOAURLRequested(oaURL); +// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); +// session.setAuthURL(authURL); +// session.setTemplateURL(templateURL); +// session.setBusinessService(oaParam.getBusinessService()); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +// +// String returnURL = new DataURLBuilder().buildDataURL(authURL, +// REQ_START_AUTHENTICATION, session.getSessionID()); +// String bkuSelectionType = AuthConfigurationProvider.getInstance() +// .getBKUSelectionType(); +// if (bkuSelectionType +// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = bkuConnParam.getUrl() + "?" +// + AuthServlet.PARAM_RETURN + "=" + returnURL; +// return redirectURL; +// } else { +// // bkuSelectionType==HTMLSelect +// String bkuSelectTag; +// try { +// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider +// .getInstance(), bkuConnParam); +// } catch (Throwable ex) { +// throw new AuthenticationException("auth.11", new Object[] { +// bkuConnParam.getUrl(), ex.toString() }, ex); +// } +// String bkuSelectionTemplate = null; +// +// //removed in MOAID 2.0 +// // override template url by url from configuration file +//// if (oaParam.getBkuSelectionTemplateURL() != null) { +//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); +//// } +// +//// if (bkuSelectionTemplateURL != null) { +//// try { +//// bkuSelectionTemplate = new String(FileUtils +//// .readURL(bkuSelectionTemplateURL)); +//// } catch (IOException ex) { +//// throw new AuthenticationException("auth.03", new Object[] { +//// bkuSelectionTemplateURL, ex.toString() }, ex); +//// } +//// } +// +// String htmlForm = new SelectBKUFormBuilder().build( +// bkuSelectionTemplate, returnURL, bkuSelectTag); +// return htmlForm; +// } +// } /** * Method readBKUSelectTag. @@ -416,24 +421,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { //build ReadInfobox request String infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam + oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); + //removed in MOAID 2.0 String pushInfobox = ""; - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); - if (verifyInfoboxParameters != null) { - pushInfobox = verifyInfoboxParameters.getPushInfobox(); - session.setPushInfobox(pushInfobox); - } +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// if (verifyInfoboxParameters != null) { +// pushInfobox = verifyInfoboxParameters.getPushInfobox(); +// session.setPushInfobox(pushInfobox); +// } //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(oaParam.getSlVersion12()); + .build(oaParam.isSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); @@ -575,8 +581,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam - .getProvideStammzahl()); + + //TODO: check correctness +// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam +// .getProvideStammzahl()); + verifyInfoboxes(session, infoboxReadResponseParameters, false); //TODO: make it better!! @@ -665,13 +674,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); - String sMandate = new String(mandate.getMandate()); - if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { - Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -680,6 +682,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -693,30 +699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } - - if (oaParam.getProvideFullMandatorData()) { - try { - // set extended SAML attributes if provideMandatorData is true - setExtendedSAMLAttributeForMandates(session, mandate, oaParam - .getBusinessService(), oaParam.getProvideStammzahl()); - - //AuthenticationSessionStoreage.storeSession(session); - - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - } - + } /** @@ -766,14 +749,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); return createXMLSignatureRequest; } @@ -831,14 +814,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); System.out.println("XML: " + createXMLSignatureRequest); @@ -1156,18 +1139,26 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getInstance(); // get the default VerifyInfobox parameters Map defaultInfoboxParameters = null; - VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider - .getDefaultVerifyInfoboxParameters(); - if (defaultVerifyInfoboxParameters != null) { - defaultInfoboxParameters = defaultVerifyInfoboxParameters - .getInfoboxParameters(); - } + + //removed in MOA-ID 2.0 +// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider +// .getDefaultVerifyInfoboxParameters(); +// if (defaultVerifyInfoboxParameters != null) { +// defaultInfoboxParameters = defaultVerifyInfoboxParameters +// .getInfoboxParameters(); +// } + // get the OA specific VerifyInfobox parameters Map infoboxParameters = null; OAAuthParameter oaParam = authConfigurationProvider .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); + + //TODO: check correctness!!!! + //removed in MOAID 2.0 +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// VerifyInfoboxParameters verifyInfoboxParameters = null; + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML // Attributes session.setExtendedSAMLAttributesOA(new Vector()); @@ -1175,191 +1166,191 @@ public class AuthenticationServer implements MOAIDAuthConstants { // System.out.println("SAML set: " + // session.getExtendedSAMLAttributesAUTH().size()); - if (verifyInfoboxParameters != null) { - - infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); - // get the list of infobox identifiers - List identifiers = verifyInfoboxParameters.getIdentifiers(); - if (identifiers != null) { - // step through the identifiers and verify the infoboxes - Iterator it = identifiers.iterator(); - while (it.hasNext()) { - String identifier = (String) it.next(); - // get the infobox read response from the map of parameters - String infoboxReadResponse = (String) infoboxReadResponseParams - .get(identifier); - // get the configuration parameters - VerifyInfoboxParameter verifyInfoboxParameter = null; - Object object = infoboxParameters.get(identifier); - // if not present, use default - if ((object == null) && (defaultInfoboxParameters != null)) { - object = defaultInfoboxParameters.get(identifier); - } - if (object != null) { - verifyInfoboxParameter = (VerifyInfoboxParameter) object; - } - if (infoboxReadResponse != null) { - if (verifyInfoboxParameter == null) { - // should not happen because of the pushinfobox - // mechanism; check it anyway - Logger.error("No validator for verifying \"" - + identifier + "\"-infobox configured."); - throw new ValidateException("validator.41", - new Object[] { identifier }); - } else { - String friendlyName = verifyInfoboxParameter - .getFriendlyName(); - boolean isParepRequest = false; - - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = ExtendedInfoboxReadResponseParser - .parseInfoboxReadResponse( - infoboxReadResponse, - friendlyName); - } catch (ParseException e) { - Logger - .error("InfoboxReadResponse for \"" - + identifier - + "\"-infobox could not be parsed successfully: " - + e.getMessage()); - throw new ValidateException("validator.43", - new Object[] { friendlyName }); - } - // set compatibility mode for mandates infobox and - // all infoboxes (it is possible to be a parep - // infobox) - // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); - // check for party representation in mandates - // infobox - if (Constants.INFOBOXIDENTIFIER_MANDATES - .equalsIgnoreCase(identifier) - && !((infoboxTokenList == null || infoboxTokenList - .size() == 0))) { - // We need app specific parameters - if (null == verifyInfoboxParameter - .getApplicationSpecificParams()) { - throw new ValidateException("validator.66", - new Object[] { friendlyName }); - } - Element mandate = ParepValidator - .extractPrimaryToken(infoboxTokenList); - // ParepUtils.serializeElement(mandate, - // System.out); - String mandateID = ParepUtils - .extractRepresentativeID(mandate); - if (!isEmpty(mandateID) - && ("*".equals(mandateID) || mandateID - .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { - isParepRequest = true; - } - if (!isParepRequest) { - // if mandates validator is disabled we must - // throw an error in this case - if (!ParepUtils - .isValidatorEnabled(verifyInfoboxParameter - .getApplicationSpecificParams())) { - throw new ValidateException( - "validator.60", - new Object[] { friendlyName }); - } - } - } - - // get the class for validating the infobox - InfoboxValidator infoboxValidator = null; - try { - Class validatorClass = null; - if (isParepRequest) { - // Mandates infobox in party representation - // mode - validatorClass = Class - .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); - } else { - validatorClass = Class - .forName(verifyInfoboxParameter - .getValidatorClassName()); - } - infoboxValidator = (InfoboxValidator) validatorClass - .newInstance(); - } catch (Exception e) { - Logger - .error("Could not load validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox: " - + e.getMessage()); - throw new ValidateException("validator.42", - new Object[] { friendlyName }); - } - Logger - .debug("Successfully loaded validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox."); - // build the parameters for validating the infobox - InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder - .buildInfoboxValidatorParams(session, - verifyInfoboxParameter, - infoboxTokenList, oaParam); - - // now validate the infobox - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxValidator - .validate(infoboxValidatorParams); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - - Logger.info(identifier - + " infobox successfully validated."); - // store the validator for post processing - session.addInfoboxValidator(identifier, - friendlyName, infoboxValidator); - - // get the SAML attributes to be appended to the - // AUTHBlock or to the final - // SAML Assertion - AddAdditionalSAMLAttributes(session, - infoboxValidationResult - .getExtendedSamlAttributes(), - identifier, friendlyName); - } - } else { - if ((verifyInfoboxParameter != null) - && (verifyInfoboxParameter.isRequired())) { - Logger - .info("Infobox \"" - + identifier - + "\" is required, but not returned from the BKU"); - throw new ValidateException("validator.48", - new Object[] { verifyInfoboxParameter - .getFriendlyName() }); - } - Logger.debug("Infobox \"" + identifier - + "\" not returned from BKU."); - } - } - } - } +// if (verifyInfoboxParameters != null) { +// +// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); +// // get the list of infobox identifiers +// List identifiers = verifyInfoboxParameters.getIdentifiers(); +// if (identifiers != null) { +// // step through the identifiers and verify the infoboxes +// Iterator it = identifiers.iterator(); +// while (it.hasNext()) { +// String identifier = (String) it.next(); +// // get the infobox read response from the map of parameters +// String infoboxReadResponse = (String) infoboxReadResponseParams +// .get(identifier); +// // get the configuration parameters +// VerifyInfoboxParameter verifyInfoboxParameter = null; +// Object object = infoboxParameters.get(identifier); +// // if not present, use default +// if ((object == null) && (defaultInfoboxParameters != null)) { +// object = defaultInfoboxParameters.get(identifier); +// } +// if (object != null) { +// verifyInfoboxParameter = (VerifyInfoboxParameter) object; +// } +// if (infoboxReadResponse != null) { +// if (verifyInfoboxParameter == null) { +// // should not happen because of the pushinfobox +// // mechanism; check it anyway +// Logger.error("No validator for verifying \"" +// + identifier + "\"-infobox configured."); +// throw new ValidateException("validator.41", +// new Object[] { identifier }); +// } else { +// String friendlyName = verifyInfoboxParameter +// .getFriendlyName(); +// boolean isParepRequest = false; +// +// // parse the infobox read reponse +// List infoboxTokenList = null; +// try { +// infoboxTokenList = ExtendedInfoboxReadResponseParser +// .parseInfoboxReadResponse( +// infoboxReadResponse, +// friendlyName); +// } catch (ParseException e) { +// Logger +// .error("InfoboxReadResponse for \"" +// + identifier +// + "\"-infobox could not be parsed successfully: " +// + e.getMessage()); +// throw new ValidateException("validator.43", +// new Object[] { friendlyName }); +// } +// // set compatibility mode for mandates infobox and +// // all infoboxes (it is possible to be a parep +// // infobox) +// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); +// // check for party representation in mandates +// // infobox +// if (Constants.INFOBOXIDENTIFIER_MANDATES +// .equalsIgnoreCase(identifier) +// && !((infoboxTokenList == null || infoboxTokenList +// .size() == 0))) { +// // We need app specific parameters +// if (null == verifyInfoboxParameter +// .getApplicationSpecificParams()) { +// throw new ValidateException("validator.66", +// new Object[] { friendlyName }); +// } +// Element mandate = ParepValidator +// .extractPrimaryToken(infoboxTokenList); +// // ParepUtils.serializeElement(mandate, +// // System.out); +// String mandateID = ParepUtils +// .extractRepresentativeID(mandate); +// if (!isEmpty(mandateID) +// && ("*".equals(mandateID) || mandateID +// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { +// isParepRequest = true; +// } +// if (!isParepRequest) { +// // if mandates validator is disabled we must +// // throw an error in this case +// if (!ParepUtils +// .isValidatorEnabled(verifyInfoboxParameter +// .getApplicationSpecificParams())) { +// throw new ValidateException( +// "validator.60", +// new Object[] { friendlyName }); +// } +// } +// } +// +// // get the class for validating the infobox +// InfoboxValidator infoboxValidator = null; +// try { +// Class validatorClass = null; +// if (isParepRequest) { +// // Mandates infobox in party representation +// // mode +// validatorClass = Class +// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); +// } else { +// validatorClass = Class +// .forName(verifyInfoboxParameter +// .getValidatorClassName()); +// } +// infoboxValidator = (InfoboxValidator) validatorClass +// .newInstance(); +// } catch (Exception e) { +// Logger +// .error("Could not load validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox: " +// + e.getMessage()); +// throw new ValidateException("validator.42", +// new Object[] { friendlyName }); +// } +// Logger +// .debug("Successfully loaded validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox."); +// // build the parameters for validating the infobox +// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder +// .buildInfoboxValidatorParams(session, +// verifyInfoboxParameter, +// infoboxTokenList, oaParam); +// +// // now validate the infobox +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxValidator +// .validate(infoboxValidatorParams); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// +// Logger.info(identifier +// + " infobox successfully validated."); +// // store the validator for post processing +// session.addInfoboxValidator(identifier, +// friendlyName, infoboxValidator); +// +// // get the SAML attributes to be appended to the +// // AUTHBlock or to the final +// // SAML Assertion +// AddAdditionalSAMLAttributes(session, +// infoboxValidationResult +// .getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } else { +// if ((verifyInfoboxParameter != null) +// && (verifyInfoboxParameter.isRequired())) { +// Logger +// .info("Infobox \"" +// + identifier +// + "\" is required, but not returned from the BKU"); +// throw new ValidateException("validator.48", +// new Object[] { verifyInfoboxParameter +// .getFriendlyName() }); +// } +// Logger.debug("Infobox \"" + identifier +// + "\" not returned from BKU."); +// } +// } +// } +// } } /** @@ -1378,18 +1369,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws IOException * @throws SAXException */ - private void setExtendedSAMLAttributeForMandates( + private void validateExtendedSAMLAttributeForMandates( AuthenticationSession session, MISMandate mandate, - boolean business, boolean provideStammzahl) + boolean business) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes( - mandate, business, provideStammzahl); + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } } /** @@ -1421,56 +1417,56 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - /** - * Intermediate processing of the infoboxes. The first pending infobox - * validator may validate the provided input - * - * @param session - * The current authentication session - * @param parameters - * The parameters got returned by the user input fields - */ - public static void processInput(AuthenticationSession session, - Map parameters) throws ValidateException { - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector - .get(1); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator - .validate(parameters); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } - } - } - } +// /** +// * Intermediate processing of the infoboxes. The first pending infobox +// * validator may validate the provided input +// * +// * @param session +// * The current authentication session +// * @param parameters +// * The parameters got returned by the user input fields +// */ +// public static void processInput(AuthenticationSession session, +// Map parameters) throws ValidateException { +// +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// if (iter != null) { +// while (iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector +// .get(1); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator +// .validate(parameters); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } +// } +// } /** * Adds given SAML Attributes to the current session. They will be appended @@ -1581,7 +1577,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws TransformerException */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( MISMandate mandate, boolean business, boolean provideStammzahl) throws SAXException, IOException, ParserConfigurationException, TransformerException { @@ -1733,7 +1729,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return doc.getDocumentElement(); } - private static void replaceExtendedSAMLAttribute(List attributes, + protected static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { if (null == attributes) { attributes = new Vector(); @@ -1813,7 +1809,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // validates new CreateXMLSignatureResponseValidator().validate(csresp, session); // builds a for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); @@ -1997,223 +1993,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(AuthenticationSession session, - Element mandate) throws AuthenticationException, BuildException, - ParseException, ConfigurationException, ServiceException, - ValidateException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - //AuthenticationSession session = getSession(sessionID); - // AuthConfigurationProvider authConf = - // AuthConfigurationProvider.getInstance(); - - IdentityLink tempIdentityLink = null; - - if (session.getUseMandate()) { - tempIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils - .extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, - "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical - && session.getBusinessService() - && identificationType != null - && Constants.URN_PREFIX_BASEID - .equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the - // BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" - + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK( - identificationValue, session.getDomainIdentifier()); - ParepUtils - .HideStammZahlen(prPerson, true, null, null, true); - } - - tempIdentityLink.setDateOfBirth(dateOfBirth); - tempIdentityLink.setFamilyName(familyName); - tempIdentityLink.setGivenName(givenName); - tempIdentityLink.setIdentificationType(identificationType); - tempIdentityLink.setIdentificationValue(identificationValue); - tempIdentityLink.setPrPerson(prPerson); - try { - tempIdentityLink.setSamlAssertion(session.getIdentityLink() - .getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - - } - - } - - // builds authentication data and stores it together with a SAML - // artifact - - // TODO: Check, if this element is in use!!!! - //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, - // vsresp, - // replacementIdentityLink); - - - Element mandatePerson = tempIdentityLink.getPrPerson(); -// try { -// System.out.println("MANDATE: " + -// DOMUtils.serializeNode(mandatePerson)); -// } -// catch(Exception e) { -// e.printStackTrace(); -// } - String mandateData = null; - boolean useCondition = false; - int conditionLength = -1; - try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - useCondition = oaParam.getUseCondition(); - conditionLength = oaParam.getConditionLength(); - - String oatargetType; - - if(session.getBusinessService()) { - oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); - - } else { - oatargetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); - } - - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - - if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { - - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); - - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); - } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); - } - } - - } else { - -// Element identificationBpK = mandatePerson.getOwnerDocument() -// .createElementNS(Constants.PD_NS_URI, "Identification"); -// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Value"); -// -// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// tempIdentityLink.getIdentificationValue())); -// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Type"); -// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// "urn:publicid:gv.at:cdid+bpk")); -// identificationBpK.appendChild(valueBpK); -// identificationBpK.appendChild(typeBpK); -// -// mandatePerson.insertBefore(identificationBpK, prIdentification); - } - - - mandateData = DOMUtils.serializeNode(mandatePerson); - - } catch (TransformerException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } catch (IOException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - - //TODO: Check, if this element is in use!!! - //session.setAuthData(authData); - - session.setMandateData(mandateData); - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - String oldsessionID = session.getSessionID(); - - //Session is implicite stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - return newMOASessionID; - - /* - String samlAssertion = new AuthenticationDataAssertionBuilder() - .buildMandate(authData, session.getAssertionPrPerson(), - mandateData, session.getAssertionAuthBlock(), session - .getAssertionIlAssertion(), - session.getBkuURL(), session - .getAssertionSignerCertificateBase64(), session - .getAssertionBusinessService(), session - .getSourceID(), session - .getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } - - String samlArtifact = new SAMLArtifactBuilder().build(session - .getAuthURL(), session.getSessionID(), session.getSourceID()); - storeAuthenticationData(samlArtifact, authData); - - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact;*/ - - } - - private Element createIdentificationBPK(Element mandatePerson, + protected Element createIdentificationBPK(Element mandatePerson, String baseid, String target) throws BuildException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); @@ -2234,7 +2015,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - private String getBaseId(Element mandatePerson) + protected String getBaseId(Element mandatePerson) throws TransformerException, IOException { NodeList list = mandatePerson.getElementsByTagNameNS( Constants.PD_NS_URI, "Identification"); @@ -2437,11 +2218,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - if (provideStammzahl) { - authData.setIdentificationValue(identityLink - .getIdentificationValue()); - } + //TODO: check correctness +// boolean provideStammzahl = oaParam.getProvideStammzahl(); +// if (provideStammzahl) { +// authData.setIdentificationValue(identityLink +// .getIdentificationValue()); +// } // String prPerson = new PersonDataBuilder().build(identityLink, // provideStammzahl); @@ -2599,7 +2381,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //clean AuthenticationSessionStore //TODO: acutally the StartAuthentificaten timestamp is used!!!!! //TODO: maybe change this to lastupdate timestamp. - AuthenticationSessionStoreage.clean(now, sessionTimeOut); + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); @@ -2612,8 +2394,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param seconds * Time out of the session in seconds */ - public void setSecondsSessionTimeOut(long seconds) { - sessionTimeOut = 1000 * seconds; + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; } /** @@ -2623,7 +2409,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Time out for signing AuthData in seconds */ public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = 1000 * seconds; + authDataTimeOut = seconds * 1000; } /** @@ -2650,7 +2436,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * the friendly name of the infobox for messages * @return the SAML attribute value (Element or String) */ - private static Object verifySAMLAttribute( + protected static Object verifySAMLAttribute( ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) throws ValidateException { String name = samlAttribute.getName(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index e23b26417..725773b75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,7 +28,7 @@ import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; -import java.io.PrintWriter; +import java.math.BigInteger; import java.security.GeneralSecurityException; import java.util.Properties; @@ -37,9 +37,6 @@ import javax.activation.MailcapCommandMap; import javax.mail.Session; import javax.net.ssl.SSLSocketFactory; -import org.apache.commons.logging.impl.SLF4JLog; -import org.apache.log4j.config.PropertyPrinter; - import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -177,40 +174,26 @@ public class MOAIDAuthInitializer { } - //TODO: Set TimeOuts!!! // sets the authentication session and authentication data time outs - String param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + BigInteger param = authConf.getTimeOuts().getMOASessionCreated(); if (param != null) { - long sessionTimeOut = 0; - try { - sessionTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); if (sessionTimeOut > 0) AuthenticationServer.getInstance() - .setSecondsSessionTimeOut(sessionTimeOut); + .setSecondsSessionTimeOutCreated(sessionTimeOut); } - param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + + param = authConf.getTimeOuts().getMOASessionUpdated(); if (param != null) { - long authDataTimeOut = 0; - try { - authDataTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOutUpdated(sessionTimeOut); + } + + param = authConf.getTimeOuts().getAssertion(); + if (param != null) { + long authDataTimeOut = param.longValue(); if (authDataTimeOut > 0) AuthenticationServer.getInstance() .setSecondsAuthDataTimeOut(authDataTimeOut); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 245ab206d..23596abda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import java.util.Calendar; +import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; @@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <CreateXMLSignatureRequest> */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + public String build(String authBlock, String keyBoxIdentifier, List dsigTransformInfos, boolean slVersion12) { String sl10Prefix; String sl11Prefix; String slNsDeclaration; String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) { - dsigTransformInfosString += dsigTransformInfos[i]; + + for (String element : dsigTransformInfos) { + dsigTransformInfosString += element; } +// for (int i = 0; i < dsigTransformInfos.length; i++) { +// dsigTransformInfosString += dsigTransformInfos[i]; +// } + if (slVersion12) { // replace the SecurityLayer namespace prefixes and URIs within the transforms diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 4dd6ac78b..9b7cc41ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -60,27 +60,23 @@ public class DataURLBuilder { String individualDataURLPrefix = null; String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } + + //is removed from config in MOA-ID 2.0 + //check if an individual prefix is configured +// individualDataURLPrefix = AuthConfigurationProvider.getInstance(). +// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); +// +// if (null != individualDataURLPrefix) { +// +// //check individualDataURLPrefix +// if(!individualDataURLPrefix.startsWith("http")) +// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); +// +// //when ok then use it +// dataURL = individualDataURLPrefix + authServletName; +// } else + + dataURL = authBaseURL + authServletName; dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); return dataURL; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index fa1de87de..913b12d49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -99,7 +99,11 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); + + //TODO: check if this is Protocol specific + //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); + infoboxValidatorParams.setHideStammzahl(true); + return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index a81baafac..ed55d660c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -6,17 +6,22 @@ import java.io.StringWriter; import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { - private static String SERVLET = "GenerateIframeTemplate"; + private static String SERVLET = "./GenerateIframeTemplate"; private static String AUTH_URL = "#AUTH_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; private static String OANAME = "#OAName#"; + private static String BKU_ONLINE = "#ONLINE#"; + private static String BKU_HANDY = "#HANDY#"; + private static String BKU_LOCAL = "#LOCAL#"; private static String template; @@ -32,6 +37,9 @@ public class LoginFormBuilder { IOUtils.copy(input, writer); template = writer.toString(); template = template.replace(AUTH_URL, SERVLET); + template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); + template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); + template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); } catch (Exception e) { Logger.error("Failed to read template", e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java new file mode 100644 index 000000000..6d10f5519 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.InputStream; +import java.io.StringWriter; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectFormBuilder { + + private static String URL = "#URL#"; + private static String template; + + private static String getTemplate() { + + if (template == null) { + try { + String classpathLocation = "resources/templates/redirectForm.html"; + InputStream input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(classpathLocation); + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + } + + return template; + } + + public static String buildLoginForm(String url) { + String value = getTemplate(); + value = value.replace(URL, url); + + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index a0fe0de1b..304a5b70c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -72,7 +72,7 @@ public class SAMLArtifactBuilder { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; // alternative sourceId - String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID(); // if sourceID is given in GET/POST param - use this as source id if (!ParepUtils.isEmpty(sourceIdParam)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 5e6d47bdf..b65b3db0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder { */ public Element build( CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, + List verifyTransformsInfoProfileID, String trustProfileID) throws BuildException { //samlAssertionObject @@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder { // add the transform profile IDs Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); - } + +// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { +// +// Element verifyTransformsInfoProfileIDElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); +// verifyTransformsInfoProfileIDElem.appendChild( +// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); +// } + + for (String element : verifyTransformsInfoProfileID) { + + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(element)); + } + Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); requestElem_.appendChild(returnHashInputDataElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4001fdd1a..ffe938d89 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; +import java.io.IOException; import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -34,13 +35,19 @@ import java.util.Iterator; import java.util.List; import java.util.Vector; +import javax.xml.parsers.ParserConfigurationException; + import org.w3c.dom.Element; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; /** @@ -125,7 +132,7 @@ public class AuthenticationSession implements Serializable { * * Mandate element */ - private Element mandate; + private MISMandate mandate; /** * Reference value for mandate @@ -1081,11 +1088,26 @@ public class AuthenticationSession implements Serializable { XMLVerifySignatureResponse = xMLVerifySignatureResponse; } - public Element getMandate() { + public MISMandate getMISMandate() { return mandate; } - public void setMandate(Element mandate) { + public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } + + public Element getMandate() { + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + }catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 63ad62662..b0a4f2f8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -25,7 +25,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ public static void parse(AuthenticationSession moasession, String target, - String sourceID, String oaURL, String bkuURL, String templateURL, @@ -40,7 +39,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // escape parameter strings //TODO: use URLEncoder.encode!! target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); @@ -49,15 +47,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check parameter if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); @@ -115,6 +107,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } + //Validate BKU URI + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", @@ -155,20 +151,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + //INFO: removed from MOA-ID 2.0 Config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) +// && (false == BoolUtils.valueOf(boolStr)) + ) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); moasession.setAuthURL(authURL); - //check and set SourceID - if (sourceID != null) - moasession.setSourceID(sourceID); +// //check and set SourceID +// if (sourceID != null) +// moasession.setSourceID(sourceID); // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -179,7 +178,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } } moasession.setBkuURL(bkuURL); + + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + // override template url by url from configuration file if (oaParam.getTemplateURL() != null) { templateURL = oaParam.getTemplateURL(); @@ -213,7 +216,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ //get Parameters from request String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -223,7 +225,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 187cf4fdb..4b15d80b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -415,12 +415,15 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { throws AuthenticationException, ConfigurationException { // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + + //Removed from MOA-ID 2.0 config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) + //&& (false == BoolUtils.valueOf(boolStr)) + ) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index e6eecd11b..2ea34ee12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -86,15 +86,16 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { //load Parameters from config String target = oaParam.getTarget(); - String sourceID = ""; //TODO: load from Config - String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); - String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; - +// String sourceID = ""; //TODO: load from Config +// String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); +// String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam); + + String bkuURL = oaParam.getBKUURL(bkuid); + String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); //parse all OA parameters i StartAuthentificationParameterParser.parse(moasession, target, - sourceID, moasession.getOAURLRequested(), bkuURL, templateURL, @@ -136,43 +137,43 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { } - private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { - //TODO: CHANGE to real OA config - - List bkuURIs = Arrays.asList( - "http://localhost:8080/moa-id-auth/template_onlineBKU.html", - "http://localhost:8080/moa-id-auth/template_handyBKU.html", - "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); - +// private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +// //TODO: CHANGE to real OA config +// // List bkuURIs = Arrays.asList( -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); - - if (bkuID < bkuURIs.size()) - return bkuURIs.get(bkuID); - else - throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, - "auth.12"); - } - - private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { - //TODO: CHANGE to real OA config - - List bkuURIs = Arrays.asList( - "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", - "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", - "https://127.0.0.1:3496/https-security-layer-request"); - -// List bkuURIs = Arrays.asList( -// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", -// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", -// "https://127.0.0.1:3496/https-security-layer-request"); - - if (bkuID < bkuURIs.size()) - return bkuURIs.get(bkuID); - else - throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, - "auth.12"); - } +// "http://localhost:8080/moa-id-auth/template_onlineBKU.html", +// "http://localhost:8080/moa-id-auth/template_handyBKU.html", +// "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); +// +//// List bkuURIs = Arrays.asList( +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); +// +// if (bkuID < bkuURIs.size()) +// return bkuURIs.get(bkuID); +// else +// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, +// "auth.12"); +// } +// +// private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +// //TODO: CHANGE to real OA config +// +// List bkuURIs = Arrays.asList( +// "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", +// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +// "https://127.0.0.1:3496/https-security-layer-request"); +// +//// List bkuURIs = Arrays.asList( +//// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +//// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +//// "https://127.0.0.1:3496/https-security-layer-request"); +// +// if (bkuID < bkuURIs.size()) +// return bkuURIs.get(bkuID); +// else +// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, +// "auth.12"); +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index d41d20def..7d825da17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -40,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -174,47 +176,75 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); - // verify mandate signature - AuthenticationServer.getInstance().verifyMandate(session, mandate); - - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, - null, null).getDocumentElement(); - + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + // TODO OW bPK (Offen: was bei saml:NameIdentifier // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und ", session.getAuthURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); - resp.setContentType("text/html;charset=UTF-8"); - } else { - htmlForm = createXMLSignatureRequestOrRedirect; - resp.setStatus(307); - resp.addHeader("Location", dataURL); - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - } - - OutputStream out = resp.getOutputStream(); - out.write(htmlForm.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST ProcessInput"); - } else { - String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } +// Logger.debug("POST ProcessInput"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// Map parameters; +// try { +// parameters = getParameters(req); +// } catch (FileUploadException e) { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// } +// +// String sessionID = req.getParameter(PARAM_SESSIONID); +// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); +// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); +// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); +// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +// +// try { +// +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); +// +// AuthenticationSession session = AuthenticationServer.getSession(sessionID); +// AuthenticationServer.processInput(session, parameters); +// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); +// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { +// // Now sign the AUTH Block +// String dataURL = new DataURLBuilder().buildDataURL( +// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); +// +// String htmlForm = null; +// +// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed +// +// String inputProcessorSignForm = req.getParameter("Sign_Form"); +// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); +// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); +// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); +// // escape parameter strings +// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm); +// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); +// if (doInputProcessorSign) { +// // Test if we have a user input form sign template +// +// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); +// +// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) +// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); +// +// String inputProcessorSignTemplate = null; +// OAAuthParameter oaParam = +// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); +// // override template url by url from configuration file +// if (oaParam.getInputProcessorSignTemplateURL() != null) { +// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); +// } +// if (inputProcessorSignTemplateURL != null) { +// try { +// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); +// } catch (IOException ex) { +// throw new AuthenticationException( +// "auth.03", +// new Object[] { inputProcessorSignTemplateURL, ex.toString()}, +// ex); +// } +// } +// +// htmlForm = new GetVerifyAuthBlockFormBuilder().build( +// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); +// htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); +// resp.setContentType("text/html;charset=UTF-8"); +// } else { +// htmlForm = createXMLSignatureRequestOrRedirect; +// resp.setStatus(307); +// resp.addHeader("Location", dataURL); +// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) +// resp.setContentType("text/xml;charset=UTF-8"); +// } +// +// OutputStream out = resp.getOutputStream(); +// out.write(htmlForm.getBytes("UTF-8")); +// out.flush(); +// out.close(); +// Logger.debug("Finished POST ProcessInput"); +// } else { +// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); +// resp.setContentType("text/html"); +// resp.setStatus(302); +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// } +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +// +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// catch (MOAIDException ex) { +// handleError(null, ex, req, resp); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java new file mode 100644 index 000000000..310f3509c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.logging.Logger; + + + +public class RedirectServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + public static final String REDIRCT_GETPARAM = "redirecturl"; + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + RedirectServlet.class + " Request"); + + String url = req.getParameter(REDIRCT_GETPARAM); + + Logger.info("Redirect to " + url); + + String redirect_form = RedirectFormBuilder.buildLoginForm(url); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index d544e2f85..2deece26f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet { Logger.debug("GET SelectBKU"); - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); - String templateURL = req.getParameter(PARAM_TEMPLATE); - - // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); - - - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - - String returnValue = null; - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); - } - else { - // use target from config - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); - } - - - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; - resp.setContentType("text/html"); - resp.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - } else { - // bkuSelectionType==HTMLSelect - String htmlForm = returnValue; - resp.setContentType("text/html;charset=UTF-8"); - Logger.debug("HTML-Form: " + htmlForm); - Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); - out.write(htmlForm); - out.flush(); - Logger.debug("Finished GET SelectBKU"); - } - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (Throwable ex) { - handleError(null, ex, req, resp); - } +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// String authURL = req.getScheme() + "://" + req.getServerName(); +// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { +// authURL = authURL.concat(":" + req.getServerPort()); +// } +// authURL = authURL.concat(req.getContextPath() + "/"); +// +// String target = req.getParameter(PARAM_TARGET); +// String oaURL = req.getParameter(PARAM_OA); +// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); +// String templateURL = req.getParameter(PARAM_TEMPLATE); +// +// // escape parameter strings +// target = StringEscapeUtils.escapeHtml(target); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// templateURL = StringEscapeUtils.escapeHtml(templateURL); +// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); +// +// +// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); +// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); +// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); +// +// OAAuthParameter oaParam = +// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// // get target and target friendly name from config +// String targetConfig = oaParam.getTarget(); +// +// String returnValue = null; +// if (StringUtils.isEmpty(targetConfig)) { +// // no target attribut is given in OA config +// // target is used from request +// // check parameter +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); +// +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// else { +// // use target from config +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// +// +// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); +// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = returnValue; +// resp.setContentType("text/html"); +// resp.sendRedirect(redirectURL); +// Logger.info("REDIRECT TO: " + redirectURL); +// } else { +// // bkuSelectionType==HTMLSelect +// String htmlForm = returnValue; +// resp.setContentType("text/html;charset=UTF-8"); +// Logger.debug("HTML-Form: " + htmlForm); +// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); +// out.write(htmlForm); +// out.flush(); +// Logger.debug("Finished GET SelectBKU"); +// } +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// catch (Throwable ex) { +// handleError(null, ex, req, resp); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 115c52688..ba7893412 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -55,7 +55,7 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; - private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; + //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; /** Singleton instance. null, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 892607c16..ed826c615 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -81,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator { * @throws ValidateException on any validation error */ public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, - List identityLinkSignersSubjectDNNames, + List identityLinkSignersSubjectDNNames, String whatToCheck, boolean ignoreManifestValidationResult) throws ValidateException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 88c4a8feb..a154c9ece 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ this.rpGivenName = rpGivenName; this.rpDateOfBirth = rpDateOfBirth; this.request = request; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String) - */ - public String start( - boolean physical, String familyName, String givenName, String dateOfBirth, - String streetName, String buildingNumber, String unit, String postalCode, String municipality, - String cbFullName, String cbIdentificationType, String cbIdentificationValue) - { - // Load the form - String form = loadForm( - physical, familyName, givenName, dateOfBirth, - streetName, buildingNumber, unit, postalCode, municipality, - cbFullName, cbIdentificationType, cbIdentificationValue, ""); - try { - request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, - cbIdentificationType, cbIdentificationValue); - } catch (SZRGWClientException e) { - //e.printStackTrace(); - Logger.info(e); - return null; - } - return form; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String) - */ - public String validate(Map parameters, String extErrortext) - { - - // Process the gotten parameters - String form = null; - boolean formNecessary = false; - if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; - String locErrortext = "Folgende Parameter fehlen: "; - - String familyName = (String) parameters.get("familyname_"); - if (null == familyName) familyName =""; - String givenName = (String) parameters.get("givenname_"); - if (null == givenName) givenName =""; - boolean physical = "true".equals(parameters.get("physical_")); - String dobday = (String) parameters.get("dobday_"); - if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; - String dobmonth = (String) parameters.get("dobmonth_"); - if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; - String dobyear = (String) parameters.get("dobyear_"); - if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; - String dateOfBirth = ""; - dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); - dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); - dobday = (" ".substring(0, 2-dobday.length()) + dobday); - dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; - String cbFullName = (String) parameters.get("fullname_"); - if (null == cbFullName) cbFullName =""; - String cbIdentificationType = (String) parameters.get("cbidentificationtype_"); - if (null == cbIdentificationType) cbIdentificationType =""; - String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_"); - if (null == cbIdentificationValue) cbIdentificationValue =""; - String postalCode = (String) parameters.get("postalcode_"); - if (null == postalCode) postalCode =""; - String municipality = (String) parameters.get("municipality_"); - if (null == municipality) municipality =""; - String streetName = (String) parameters.get("streetname_"); - if (null == streetName) streetName =""; - String buildingNumber = (String) parameters.get("buildingnumber_"); - if (null == buildingNumber) buildingNumber =""; - String unit = (String) parameters.get("unit_"); - if (null == unit) unit =""; - - if (physical) { - if (ParepUtils.isEmpty(familyName)) { - formNecessary = true; - locErrortext = locErrortext + "Familienname"; - } - if (ParepUtils.isEmpty(givenName)) { - formNecessary = true; - if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "Vorname"; - } - // Auf existierendes Datum prüfen - SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); - format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen - try { - format.parse(dateOfBirth); - } - catch(ParseException pe) - { - formNecessary = true; - if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "korrektes Geburtsdatum"; - } - } else { - if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { - formNecessary = true; - if (ParepUtils.isEmpty(cbFullName)) { - locErrortext = locErrortext + "Name der Organisation"; - } - if (ParepUtils.isEmpty(cbIdentificationType)) { - if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "Auswahl des Registers"; - } - if (ParepUtils.isEmpty(cbIdentificationValue)) { - if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; - } - } - } - try { - request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, - cbIdentificationType, cbIdentificationValue); - if (formNecessary) { - // Daten noch nicht vollständig oder anderer Fehler - if (locErrortext.endsWith("fehlen: ")) locErrortext =""; - String error = ""; - if (!ParepUtils.isEmpty(extErrortext)) { - error = extErrortext; - if (!ParepUtils.isEmpty(locErrortext)) error = error + "; "; - } - if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; - if (!ParepUtils.isEmpty(error)) { - error = "
\"Rufezeichen\"  " + error + "
"; - } - form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); - if (form == null) { - return null; - } - } else { - return ""; // everything is ok - } - } catch (Exception e) { - //e.printStackTrace(); - Logger.info(e); - return null; - } - return form; - } - - /** - * Loads the empty user input form and replaces tag occurences with given variables - * - * @param physical - * @param familyName - * @param givenName - * @param dateOfBirth - * @param streetName - * @param buildingNumber - * @param unit - * @param postalCode - * @param municipality - * @param cbFullName - * @param cbIdentificationType - * @param cbIdentificationValue - * @param errorText - * @return - */ - private String loadForm( - boolean physical, String familyName, String givenName, String dateOfBirth, - String streetName, String buildingNumber, String unit, String postalCode, String municipality, - String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) - { - String form = ""; - try { - String fileName = parepConfiguration.getInputProcessorTemplate(representationID); - InputStream instream = null; - File file = new File(fileName); - if (file.exists()) { - //if this resolves to a file, load it - instream = new FileInputStream(fileName); - } else { - fileName = parepConfiguration.getFullDirectoryName(fileName); - if (fileName.startsWith("file:\\")) fileName = fileName.substring(6); - file = new File(fileName); - if (file.exists()) { - //if this resolves to a file, load it - instream = new FileInputStream(fileName); - } else { - //else load a named resource in our classloader. - instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID)); - if (instream == null) { - Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt"); - return null; - } - } - } - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ParepUtils.dumpInputOutputStream(instream, bos); - form = bos.toString("UTF-8"); - } catch(Exception e) { - Logger.error("Fehler beim Einlesen des Input-Templates.", e); - } - - if (!ParepUtils.isEmpty(form)) { - boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID); - boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID); - boolean reducedSelection = (!physEnabled || !cbEnabled); - if (reducedSelection) { - physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar - } - if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT"; - form = ParepUtils.replaceAll(form, "", rpGivenName); - form = ParepUtils.replaceAll(form, "", rpFamilyName); - form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); - form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); - form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); - //darf zw. phys. und jur. Person gewählt werden: - //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); - form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); - form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); - form = ParepUtils.replaceAll(form, "", givenName); - form = ParepUtils.replaceAll(form, "", familyName); - form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(0,4).trim()); - form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(5,7).trim()); - form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(8,10).trim()); - form = ParepUtils.replaceAll(form, "", streetName); - form = ParepUtils.replaceAll(form, "", buildingNumber); - form = ParepUtils.replaceAll(form, "", unit); - form = ParepUtils.replaceAll(form, "", postalCode); - form = ParepUtils.replaceAll(form, "", municipality); - form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\""); - form = ParepUtils.replaceAll(form, "", cbFullName); - form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\""); - form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\""); - form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : ""); - form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : ""); - form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : ""); - form = ParepUtils.replaceAll(form, "", cbIdentificationValue); - form = ParepUtils.replaceAll(form, "", errorText); - } - return form; - } + } + +public String start(boolean physical, String familyName, String givenName, + String dateOfBirth, String streetName, String buildingNumber, + String unit, String postalCode, String municipality, String cbFullName, + String cbIdentificationType, String cbIdentificationValue) { + // TODO Auto-generated method stub + return null; +} + +public String validate(Map parameters, String extErrortext) { + // TODO Auto-generated method stub + return null; +} + + //TODO: check correctness +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String) +// */ +// public String start( +// boolean physical, String familyName, String givenName, String dateOfBirth, +// String streetName, String buildingNumber, String unit, String postalCode, String municipality, +// String cbFullName, String cbIdentificationType, String cbIdentificationValue) +// { +// // Load the form +// String form = loadForm( +// physical, familyName, givenName, dateOfBirth, +// streetName, buildingNumber, unit, postalCode, municipality, +// cbFullName, cbIdentificationType, cbIdentificationValue, ""); +// try { +// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, +// cbIdentificationType, cbIdentificationValue); +// } catch (SZRGWClientException e) { +// //e.printStackTrace(); +// Logger.info(e); +// return null; +// } +// return form; +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String) +// */ +// public String validate(Map parameters, String extErrortext) +// { +// +// // Process the gotten parameters +// String form = null; +// boolean formNecessary = false; +// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; +// String locErrortext = "Folgende Parameter fehlen: "; +// +// String familyName = (String) parameters.get("familyname_"); +// if (null == familyName) familyName =""; +// String givenName = (String) parameters.get("givenname_"); +// if (null == givenName) givenName =""; +// boolean physical = "true".equals(parameters.get("physical_")); +// String dobday = (String) parameters.get("dobday_"); +// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; +// String dobmonth = (String) parameters.get("dobmonth_"); +// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; +// String dobyear = (String) parameters.get("dobyear_"); +// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; +// String dateOfBirth = ""; +// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); +// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); +// dobday = (" ".substring(0, 2-dobday.length()) + dobday); +// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; +// String cbFullName = (String) parameters.get("fullname_"); +// if (null == cbFullName) cbFullName =""; +// String cbIdentificationType = (String) parameters.get("cbidentificationtype_"); +// if (null == cbIdentificationType) cbIdentificationType =""; +// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_"); +// if (null == cbIdentificationValue) cbIdentificationValue =""; +// String postalCode = (String) parameters.get("postalcode_"); +// if (null == postalCode) postalCode =""; +// String municipality = (String) parameters.get("municipality_"); +// if (null == municipality) municipality =""; +// String streetName = (String) parameters.get("streetname_"); +// if (null == streetName) streetName =""; +// String buildingNumber = (String) parameters.get("buildingnumber_"); +// if (null == buildingNumber) buildingNumber =""; +// String unit = (String) parameters.get("unit_"); +// if (null == unit) unit =""; +// +// if (physical) { +// if (ParepUtils.isEmpty(familyName)) { +// formNecessary = true; +// locErrortext = locErrortext + "Familienname"; +// } +// if (ParepUtils.isEmpty(givenName)) { +// formNecessary = true; +// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "Vorname"; +// } +// // Auf existierendes Datum prüfen +// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); +// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen +// try { +// format.parse(dateOfBirth); +// } +// catch(ParseException pe) +// { +// formNecessary = true; +// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "korrektes Geburtsdatum"; +// } +// } else { +// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { +// formNecessary = true; +// if (ParepUtils.isEmpty(cbFullName)) { +// locErrortext = locErrortext + "Name der Organisation"; +// } +// if (ParepUtils.isEmpty(cbIdentificationType)) { +// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "Auswahl des Registers"; +// } +// if (ParepUtils.isEmpty(cbIdentificationValue)) { +// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; +// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; +// } +// } +// } +// try { +// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, +// cbIdentificationType, cbIdentificationValue); +// if (formNecessary) { +// // Daten noch nicht vollständig oder anderer Fehler +// if (locErrortext.endsWith("fehlen: ")) locErrortext =""; +// String error = ""; +// if (!ParepUtils.isEmpty(extErrortext)) { +// error = extErrortext; +// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; "; +// } +// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; +// if (!ParepUtils.isEmpty(error)) { +// error = "
\"Rufezeichen\"  " + error + "
"; +// } +// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); +// if (form == null) { +// return null; +// } +// } else { +// return ""; // everything is ok +// } +// } catch (Exception e) { +// //e.printStackTrace(); +// Logger.info(e); +// return null; +// } +// return form; +// } +// +// /** +// * Loads the empty user input form and replaces tag occurences with given variables +// * +// * @param physical +// * @param familyName +// * @param givenName +// * @param dateOfBirth +// * @param streetName +// * @param buildingNumber +// * @param unit +// * @param postalCode +// * @param municipality +// * @param cbFullName +// * @param cbIdentificationType +// * @param cbIdentificationValue +// * @param errorText +// * @return +// */ +// private String loadForm( +// boolean physical, String familyName, String givenName, String dateOfBirth, +// String streetName, String buildingNumber, String unit, String postalCode, String municipality, +// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) +// { +// String form = ""; +// try { +// String fileName = parepConfiguration.getInputProcessorTemplate(representationID); +// InputStream instream = null; +// File file = new File(fileName); +// if (file.exists()) { +// //if this resolves to a file, load it +// instream = new FileInputStream(fileName); +// } else { +// fileName = parepConfiguration.getFullDirectoryName(fileName); +// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6); +// file = new File(fileName); +// if (file.exists()) { +// //if this resolves to a file, load it +// instream = new FileInputStream(fileName); +// } else { +// //else load a named resource in our classloader. +// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID)); +// if (instream == null) { +// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt"); +// return null; +// } +// } +// } +// ByteArrayOutputStream bos = new ByteArrayOutputStream(); +// ParepUtils.dumpInputOutputStream(instream, bos); +// form = bos.toString("UTF-8"); +// } catch(Exception e) { +// Logger.error("Fehler beim Einlesen des Input-Templates.", e); +// } +// +// if (!ParepUtils.isEmpty(form)) { +// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID); +// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID); +// boolean reducedSelection = (!physEnabled || !cbEnabled); +// if (reducedSelection) { +// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar +// } +// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT"; +// form = ParepUtils.replaceAll(form, "", rpGivenName); +// form = ParepUtils.replaceAll(form, "", rpFamilyName); +// form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); +// form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); +// form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); +// //darf zw. phys. und jur. Person gewählt werden: +// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); +// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); +// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); +// form = ParepUtils.replaceAll(form, "", givenName); +// form = ParepUtils.replaceAll(form, "", familyName); +// form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(0,4).trim()); +// form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(5,7).trim()); +// form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(8,10).trim()); +// form = ParepUtils.replaceAll(form, "", streetName); +// form = ParepUtils.replaceAll(form, "", buildingNumber); +// form = ParepUtils.replaceAll(form, "", unit); +// form = ParepUtils.replaceAll(form, "", postalCode); +// form = ParepUtils.replaceAll(form, "", municipality); +// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\""); +// form = ParepUtils.replaceAll(form, "", cbFullName); +// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\""); +// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\""); +// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : ""); +// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : ""); +// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : ""); +// form = ParepUtils.replaceAll(form, "", cbIdentificationValue); +// form = ParepUtils.replaceAll(form, "", errorText); +// } +// return form; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 735117094..f2f897432 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants; * * @author Peter Danner */ -public class ParepValidator implements InfoboxValidator { - - /** activates debug settings */ - private boolean PAREP_DEBUG = false; - - /** contains the parameters the validator initially was called with */ - private InfoboxValidatorParams params = null; - - /** contains the configuration of the validator */ - private ParepConfiguration parepConfiguration = null; - - /** the requested representation ID (currently * or OID) */ - private String representationID = null; - - /** holds the information of the SZR-request */ - private CreateMandateRequest request = null; - - /** List of extended SAML attributes. */ - private Vector extendedSamlAttributes = new Vector(); - - /** the class which processes the user input */ - private ParepInputProcessor inputProcessor = null; - - /** The form if user input is necessary */ - private String form = null; - - /** unspecified error of parep-validator (must not know more about)*/ - private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten"; - - /** Default class to gather remaining mandator data. */ - public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; - - /** Default template to gather remaining mandator data. */ - public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; - - /** kind of representation text in AUTH block*/ - public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)"; - - /** Names of the produced SAML-attributes. */ - public final static String EXT_SAML_MANDATE_RAW = "Mandate"; - public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; - public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; - public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +public class ParepValidator implements InfoboxValidator { + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; public final static String EXT_SAML_MANDATE_OID = "OID"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - /** */ - public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; - - /** register and register number for non physical persons - the domain identifier for business applications*/ - public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - - /** - * Parses the XML configuration element and creates the validators configuration - * Use this function if you want to preconfigure the validator. - * - * @param configElem - * the XML configuration element to parse. - * @throws ConfigurationException - * if an error occurs during the configuration process - */ - public void Configure(Element configElem) throws ConfigurationException { - if (this.parepConfiguration == null) { - Logger.debug("Lade Konfiguration."); - parepConfiguration = new ParepConfiguration(configElem); - Logger.debug("Konfiguration erfolgreich geladen."); - } - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) - */ - public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { - - InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - - try { - Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); - this.params = params; - - Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); - // ParepUtils.serializeElement(mandate, System.out); - this.representationID = ParepUtils.extractRepresentativeID(mandate); - if (ParepUtils.isEmpty(representationID)) { - validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); - return validationResult; - } - - // überprüfen der Identifikation (Type/Value). - String identificationType = this.params.getIdentificationType(); - String identificationValue = this.params.getIdentificationValue(); - if (this.params.getBusinessApplication()) { - if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { - validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); - return validationResult; - - } else { - Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); - } - } else { - if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { - //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt - if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { - Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein."); - validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); - return validationResult; - } else { - Logger.debug("Organwalter wird mit Stammzahl identifiziert"); - } - } else { - if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { - // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist - identificationType = Constants.URN_PREFIX_CDID; - String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); - identificationValue = bpkBase64; - Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); - } else { - Logger.debug("Parteienvertreter wird mit bPK identifiziert"); - } - } - } - - Configure(this.params.getApplicationSpecificParams()); - // check if we have a configured party representative for that - if (!parepConfiguration.isPartyRepresentative(representationID)) { - Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); - validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); - return validationResult; - } - - // Vertreter - this.request = new CreateMandateRequest(); - request.setRepresentative(this.params, identificationType, identificationValue); - // ParepUtils.serializeElement(request.getRepresentative(), System.out); - //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); - - Logger.debug("Prüfe vorausgefüllte Daten..."); - boolean physical = true; - String familyName = ""; - String givenName = ""; - String dateOfBirth = ""; - String cbFullName = ""; - String cbIdentificationType = ""; - String cbIdentificationValue = ""; - String postalCode = ""; - String municipality = ""; - String streetName = ""; - String buildingNumber = ""; - String unit = ""; - - boolean formNecessary = false; - // Vertretener (erstes Vorkommen) - Element mandator = ParepUtils.extractMandator(mandate); - if (mandator != null) { - // ParepUtils.serializeElement(mandator, System.out); - // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); - if (ParepUtils.isPhysicalPerson(mandator)) { - familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); - } else { - physical = false; - cbFullName = ParepUtils.extractMandatorFullName(mandator); - cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); - cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); - } - postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); - municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); - streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); - buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); - unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); - - } - if (physical) { - if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { - validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); - return validationResult; - } - if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { - formNecessary = true; - } - } else { - if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { - validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); - return validationResult; - } - if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { - formNecessary = true; - } - } - - //Zeigen wir, dass die Daten �bernommen wurden: - if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; - - // Input processor - this.form = ""; - if (formNecessary) { - ParepInputProcessor inputProcessor= getInputProcessor(); - this.form = inputProcessor.start( - physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, - cbFullName, cbIdentificationType, cbIdentificationValue); - if (this.form == null) { - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - } else { - // Request vorbereiten mit vorgegebenen Daten - request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, - cbIdentificationType, cbIdentificationValue); - } - - - // ParepUtils.serializeElement(request.getMandator(), System.out); - // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); - - addAuthBlockExtendedSamlAttributes(); - validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); - Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet"); - validationResult.setValid(true); - return validationResult; - } catch (Exception e) { - e.printStackTrace(); - Logger.info(e); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) - */ - public InfoboxValidationResult validate(Map parameters) throws ValidateException { - - InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); - Logger.debug("Prüfe im Formular ausgefüllte Daten..."); - if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); - - // Input processor - ParepInputProcessor inputProcessor= getInputProcessor(); - this.form = inputProcessor.validate(parameters, null); - if (this.form == null) { - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - - addAuthBlockExtendedSamlAttributes(); - validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); - validationResult.setValid(true); - Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); - return validationResult; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) - */ - public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { - - InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung"); - this.form = ""; - try { - - - request.setSignature(samlAssertion); - -//DPO debug -// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); -// String id = representationID; + + public InfoboxValidationResult validate(InfoboxValidatorParams params) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Map parameters) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Element samlAssertion) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public String getForm() { + // TODO Auto-generated method stub + return null; + } + + + //TODO: check correctness!!!! +// /** activates debug settings */ +// private boolean PAREP_DEBUG = false; +// +// /** contains the parameters the validator initially was called with */ +// private InfoboxValidatorParams params = null; +// +// /** contains the configuration of the validator */ +// private ParepConfiguration parepConfiguration = null; +// +// /** the requested representation ID (currently * or OID) */ +// private String representationID = null; +// +// /** holds the information of the SZR-request */ +// private CreateMandateRequest request = null; +// +// /** List of extended SAML attributes. */ +// private Vector extendedSamlAttributes = new Vector(); +// +// /** the class which processes the user input */ +// private ParepInputProcessor inputProcessor = null; +// +// /** The form if user input is necessary */ +// private String form = null; +// +// /** unspecified error of parep-validator (must not know more about)*/ +// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten"; +// +// /** Default class to gather remaining mandator data. */ +// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; +// +// /** Default template to gather remaining mandator data. */ +// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; +// +// /** kind of representation text in AUTH block*/ +// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)"; +// +// /** Names of the produced SAML-attributes. */ +// public final static String EXT_SAML_MANDATE_RAW = "Mandate"; +// public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; +// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; +// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; +// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; +// public final static String EXT_SAML_MANDATE_OID = "OID"; +// +// /** */ +// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; +// +// /** register and register number for non physical persons - the domain identifier for business applications*/ +// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; +// +// /** +// * Parses the XML configuration element and creates the validators configuration +// * Use this function if you want to preconfigure the validator. +// * +// * @param configElem +// * the XML configuration element to parse. +// * @throws ConfigurationException +// * if an error occurs during the configuration process +// */ +// public void Configure(Element configElem) throws ConfigurationException { +// if (this.parepConfiguration == null) { +// Logger.debug("Lade Konfiguration."); +// parepConfiguration = new ParepConfiguration(configElem); +// Logger.debug("Konfiguration erfolgreich geladen."); +// } +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) +// */ +// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { +// +// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); +// +// try { +// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); +// this.params = params; +// +// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); +// // ParepUtils.serializeElement(mandate, System.out); +// this.representationID = ParepUtils.extractRepresentativeID(mandate); +// if (ParepUtils.isEmpty(representationID)) { +// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); +// return validationResult; +// } +// +// // überprüfen der Identifikation (Type/Value). +// String identificationType = this.params.getIdentificationType(); +// String identificationValue = this.params.getIdentificationValue(); +// if (this.params.getBusinessApplication()) { +// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { +// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); +// return validationResult; +// +// } else { +// Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); +// } +// } else { +// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { +// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt +// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { +// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein."); +// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); +// return validationResult; +// } else { +// Logger.debug("Organwalter wird mit Stammzahl identifiziert"); +// } +// } else { +// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { +// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist +// identificationType = Constants.URN_PREFIX_CDID; +// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); +// identificationValue = bpkBase64; +// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); +// } else { +// Logger.debug("Parteienvertreter wird mit bPK identifiziert"); +// } +// } +// } +// +// Configure(this.params.getApplicationSpecificParams()); +// // check if we have a configured party representative for that +// if (!parepConfiguration.isPartyRepresentative(representationID)) { +// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); +// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); +// return validationResult; +// } +// +// // Vertreter +// this.request = new CreateMandateRequest(); +// request.setRepresentative(this.params, identificationType, identificationValue); +// // ParepUtils.serializeElement(request.getRepresentative(), System.out); +// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); +// +// Logger.debug("Prüfe vorausgefüllte Daten..."); +// boolean physical = true; +// String familyName = ""; +// String givenName = ""; +// String dateOfBirth = ""; +// String cbFullName = ""; +// String cbIdentificationType = ""; +// String cbIdentificationValue = ""; +// String postalCode = ""; +// String municipality = ""; +// String streetName = ""; +// String buildingNumber = ""; +// String unit = ""; +// +// boolean formNecessary = false; +// // Vertretener (erstes Vorkommen) +// Element mandator = ParepUtils.extractMandator(mandate); +// if (mandator != null) { +// // ParepUtils.serializeElement(mandator, System.out); +// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); +// if (ParepUtils.isPhysicalPerson(mandator)) { +// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); +// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); +// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); +// } else { +// physical = false; +// cbFullName = ParepUtils.extractMandatorFullName(mandator); +// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); +// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); +// } +// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); +// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); +// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); +// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); +// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); +// +// } +// if (physical) { +// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { +// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); +// return validationResult; +// } +// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { +// formNecessary = true; +// } +// } else { +// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { +// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); +// return validationResult; +// } +// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { +// formNecessary = true; +// } +// } +// +// //Zeigen wir, dass die Daten �bernommen wurden: +// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; +// +// // Input processor +// this.form = ""; +// if (formNecessary) { +// ParepInputProcessor inputProcessor= getInputProcessor(); +// this.form = inputProcessor.start( +// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, +// cbFullName, cbIdentificationType, cbIdentificationValue); +// if (this.form == null) { +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// } else { +// // Request vorbereiten mit vorgegebenen Daten +// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, +// cbIdentificationType, cbIdentificationValue); +// } +// +// +// // ParepUtils.serializeElement(request.getMandator(), System.out); +// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); +// +// addAuthBlockExtendedSamlAttributes(); +// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); +// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet"); +// validationResult.setValid(true); +// return validationResult; +// } catch (Exception e) { +// e.printStackTrace(); +// Logger.info(e); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) +// */ +// public InfoboxValidationResult validate(Map parameters) throws ValidateException { +// +// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); +// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); +// Logger.debug("Prüfe im Formular ausgefüllte Daten..."); +// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); +// +// // Input processor +// ParepInputProcessor inputProcessor= getInputProcessor(); +// this.form = inputProcessor.validate(parameters, null); +// if (this.form == null) { +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// +// addAuthBlockExtendedSamlAttributes(); +// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); +// validationResult.setValid(true); +// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); +// return validationResult; +// } +// +// /* +// * (non-Javadoc) +// * +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) +// */ +// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { +// +// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); +// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung"); +// this.form = ""; +// try { +// +// +// request.setSignature(samlAssertion); +// +////DPO debug +//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); +//// String id = representationID; +//// CreateMandateResponse response; +//// if (true) { +//// if (this.params.getHideStammzahl()) { +//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); +//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen. +//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen. +//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK +//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); +//// } +//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); +// +// //ParepUtils.serializeElement(request.toElement(), System.out); +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); +// +// // configure szrgw client +// Logger.debug("Lade SZR-GW Client."); +// SZRGWClient client = new SZRGWClient(); +// // System.out.println("Parameters: " + cfg.getConnectionParameters()); +// Logger.debug("Initialisiere Verbindung..."); +// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); +// // Logger.debug("Connection Parameters: " + connectionParameters); +// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); +// client.setAddress(connectionParameters.getUrl()); +// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { +// Logger.debug("Initialisiere SSL Verbindung"); +// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); +// } +// +// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); // CreateMandateResponse response; -// if (true) { +// Element requ = request.toElement(); +// try { +// response = client.createMandateResponse(requ); +// } catch (SZRGWClientException e) { +// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. +// client = new SZRGWClient(connectionParameters.getUrl()); +// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); +// response = client.createMandateResponse(requ); +// } +// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():""); +// if (response.getResultCode()==2000) { +// if(response.getMandate()==null) { +// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// +// +// //DPO debug output (2lines) +// String id = representationID; +// if (id.equals("*")) id="standardisiert"; +// +// Element mandate = response.getMandate(); +// // Replace Stammzahlen +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); // if (this.params.getHideStammzahl()) { -// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); -// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen. -// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen. -// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK // ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); // } -// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); - - //ParepUtils.serializeElement(request.toElement(), System.out); - if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); - - // configure szrgw client - Logger.debug("Lade SZR-GW Client."); - SZRGWClient client = new SZRGWClient(); - // System.out.println("Parameters: " + cfg.getConnectionParameters()); - Logger.debug("Initialisiere Verbindung..."); - ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); - // Logger.debug("Connection Parameters: " + connectionParameters); - Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } - - Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); - CreateMandateResponse response; - Element requ = request.toElement(); - try { - response = client.createMandateResponse(requ); - } catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - client = new SZRGWClient(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - response = client.createMandateResponse(requ); - } - Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():""); - if (response.getResultCode()==2000) { - if(response.getMandate()==null) { - Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - - - //DPO debug output (2lines) - String id = representationID; - if (id.equals("*")) id="standardisiert"; - - Element mandate = response.getMandate(); - // Replace Stammzahlen - if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); - if (this.params.getHideStammzahl()) { - ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); - if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); - } - - extendedSamlAttributes.clear(); - // Vollmacht - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); - validationResult.setValid(true); - Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet"); - } else { - String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; - String responseInfo = response.getInfo(); - if (response.getResultCode()>=4000 && response.getResultCode()<4999) { - if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; - validationResult.setErrorMessage(errorMsg); - } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) { - // Person not found - ParepInputProcessor inputProcessor= getInputProcessor(); - switch (response.getResultCode()) { - case 5230: - errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben."; - break; - case 5231: - errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben."; - break; - default: - if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; - } - this.form = inputProcessor.validate(generateParameters(), errorMsg); - if (this.form == null) { - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - validationResult.setValid(true); - } else { - // Do not inform the user too much - Logger.error(errorMsg); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - } - - } - return validationResult; - } catch (Exception e) { - e.printStackTrace(); - Logger.info(e); - validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); - return validationResult; - } - } - - /** - * provides the primary infobox token of the given list. - * - * @param infoBoxTokens - * the list of infobox tokens. - * @return - * the XML element of the primary token. - * @throws ValidateException - * if an error occurs or list is not suitable. - */ - public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { - if (infoBoxTokens == null || infoBoxTokens.size() == 0) { - throw new ValidateException("validator.62", null); - } - for (int i = 0; i < infoBoxTokens.size(); i++) { - InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); - if (token.isPrimary()) { - return token.getXMLToken(); - } - } - throw new ValidateException("validator.62", null); - } - - /* - * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() - */ - public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); - return ret; - } - - - /** - * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. - */ - public String getForm() { - return this.form; - } - - /** - * Gets the user form input processor (class) assigned to the current party representative - * If the method is called for the first time it initializes the input processor. - * - * @return The user form input processor - */ - private ParepInputProcessor getInputProcessor() { - - if (this.inputProcessor!=null) return inputProcessor; - String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); - ParepInputProcessor inputProcessor = null; - try { - Class inputProcessorClass = Class.forName(inputProcessorName); - inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); - inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); - } catch (Exception e) { - Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); - } - this.inputProcessor = inputProcessor; - return inputProcessor; - } - - /** - * Generates the parameter list, which is needed to simulate a return from - * an user form. - * - * @return the form parameters - */ - private Map generateParameters() { - Map parameters = new HashMap(); - boolean physical = true; - String familyName = ""; - String givenName = ""; - String dateOfBirth = ""; - String cbFullName = ""; - String cbIdentificationType = ""; - String cbIdentificationValue = ""; - String postalCode = ""; - String municipality = ""; - String streetName = ""; - String buildingNumber = ""; - String unit = ""; - - try { - // Vertretener (erstes Vorkommen) - Element mandator = request.getMandator(); - if (mandator != null) { - if (ParepUtils.isPhysicalPerson(mandator)) { - familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); - } else { - physical = false; - cbFullName = ParepUtils.extractMandatorFullName(mandator); - cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); - cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); - } - postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); - municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); - streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); - buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); - unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); - } - } catch (Exception e) { - Logger.error("Could not extract Mandator form SZR-gateway request"); - } - parameters.put("familyname_", familyName); - parameters.put("givenname_", givenName); - parameters.put("dateofbirth_", dateOfBirth); - parameters.put("dobyear_", dateOfBirth.substring(0,4)); - parameters.put("dobmonth_", dateOfBirth.substring(5,7)); - parameters.put("dobday_", dateOfBirth.substring(8,10)); - parameters.put("physical_", physical ? "true" : "false"); - parameters.put("fullname_", cbFullName); - parameters.put("cbidentificationtype_", cbIdentificationType); - parameters.put("cbidentificationvalue_", cbIdentificationValue); - parameters.put("postalcode_", postalCode); - parameters.put("municipality_", municipality); - parameters.put("streetname_", streetName); - parameters.put("buildingnumber_", buildingNumber); - parameters.put("unit_", unit); - return parameters; - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - */ - private void addAuthBlockExtendedSamlAttributes() { - extendedSamlAttributes.clear(); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - Element mandator = request.getMandator(); - // Name - String name = ParepUtils.extractMandatorName(mandator); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - // Geburtsdatum - String dob = ParepUtils.extractMandatorDateOfBirth(mandator); - if (dob != null && !"".equals(dob)) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - // (w)bpk - String wbpk = ParepUtils.extractMandatorWbpk(mandator); - if (!ParepUtils.isEmpty(wbpk)) { - if (!ParepUtils.isPhysicalPerson(mandator)){ - String idType = ParepUtils.extractMandatorIdentificationType(mandator); - if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } else if (this.params.getBusinessApplication()) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } - } - -// public static void main(String[] args) throws Exception { +// +// extendedSamlAttributes.clear(); +// // Vollmacht +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); +// +// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); +// validationResult.setValid(true); +// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet"); +// } else { +// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; +// String responseInfo = response.getInfo(); +// if (response.getResultCode()>=4000 && response.getResultCode()<4999) { +// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; +// validationResult.setErrorMessage(errorMsg); +// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) { +// // Person not found +// ParepInputProcessor inputProcessor= getInputProcessor(); +// switch (response.getResultCode()) { +// case 5230: +// errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben."; +// break; +// case 5231: +// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben."; +// break; +// default: +// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; +// } +// this.form = inputProcessor.validate(generateParameters(), errorMsg); +// if (this.form == null) { +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// validationResult.setValid(true); +// } else { +// // Do not inform the user too much +// Logger.error(errorMsg); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// } +// +// } +// return validationResult; +// } catch (Exception e) { +// e.printStackTrace(); +// Logger.info(e); +// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); +// return validationResult; +// } +// } +// +// /** +// * provides the primary infobox token of the given list. +// * +// * @param infoBoxTokens +// * the list of infobox tokens. +// * @return +// * the XML element of the primary token. +// * @throws ValidateException +// * if an error occurs or list is not suitable. +// */ +// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { +// if (infoBoxTokens == null || infoBoxTokens.size() == 0) { +// throw new ValidateException("validator.62", null); +// } +// for (int i = 0; i < infoBoxTokens.size(); i++) { +// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); +// if (token.isPrimary()) { +// return token.getXMLToken(); +// } +// } +// throw new ValidateException("validator.62", null); +// } +// +// /* +// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() +// */ +// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { +// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; +// extendedSamlAttributes.copyInto(ret); +// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); +// return ret; +// } +// +// +// /** +// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. +// */ +// public String getForm() { +// return this.form; +// } +// +// /** +// * Gets the user form input processor (class) assigned to the current party representative +// * If the method is called for the first time it initializes the input processor. +// * +// * @return The user form input processor +// */ +// private ParepInputProcessor getInputProcessor() { +// +// if (this.inputProcessor!=null) return inputProcessor; +// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); +// ParepInputProcessor inputProcessor = null; +// try { +// Class inputProcessorClass = Class.forName(inputProcessorName); +// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); +// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); +// } catch (Exception e) { +// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); +// } +// this.inputProcessor = inputProcessor; +// return inputProcessor; +// } +// +// /** +// * Generates the parameter list, which is needed to simulate a return from +// * an user form. +// * +// * @return the form parameters +// */ +// private Map generateParameters() { +// Map parameters = new HashMap(); +// boolean physical = true; +// String familyName = ""; +// String givenName = ""; +// String dateOfBirth = ""; +// String cbFullName = ""; +// String cbIdentificationType = ""; +// String cbIdentificationValue = ""; +// String postalCode = ""; +// String municipality = ""; +// String streetName = ""; +// String buildingNumber = ""; +// String unit = ""; +// +// try { +// // Vertretener (erstes Vorkommen) +// Element mandator = request.getMandator(); +// if (mandator != null) { +// if (ParepUtils.isPhysicalPerson(mandator)) { +// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); +// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); +// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); +// } else { +// physical = false; +// cbFullName = ParepUtils.extractMandatorFullName(mandator); +// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); +// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); +// } +// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); +// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); +// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); +// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); +// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); +// } +// } catch (Exception e) { +// Logger.error("Could not extract Mandator form SZR-gateway request"); +// } +// parameters.put("familyname_", familyName); +// parameters.put("givenname_", givenName); +// parameters.put("dateofbirth_", dateOfBirth); +// parameters.put("dobyear_", dateOfBirth.substring(0,4)); +// parameters.put("dobmonth_", dateOfBirth.substring(5,7)); +// parameters.put("dobday_", dateOfBirth.substring(8,10)); +// parameters.put("physical_", physical ? "true" : "false"); +// parameters.put("fullname_", cbFullName); +// parameters.put("cbidentificationtype_", cbIdentificationType); +// parameters.put("cbidentificationvalue_", cbIdentificationValue); +// parameters.put("postalcode_", postalCode); +// parameters.put("municipality_", municipality); +// parameters.put("streetname_", streetName); +// parameters.put("buildingnumber_", buildingNumber); +// parameters.put("unit_", unit); +// return parameters; +// } +// +// /** +// * Adds the AUTH block related SAML attributes to the validation result. +// * This is needed always before the AUTH block is to be signed, because the +// * name of the mandator has to be set +// */ +// private void addAuthBlockExtendedSamlAttributes() { +// extendedSamlAttributes.clear(); +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// Element mandator = request.getMandator(); +// // Name +// String name = ParepUtils.extractMandatorName(mandator); +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// // Geburtsdatum +// String dob = ParepUtils.extractMandatorDateOfBirth(mandator); +// if (dob != null && !"".equals(dob)) { +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// } +// // (w)bpk +// String wbpk = ParepUtils.extractMandatorWbpk(mandator); +// if (!ParepUtils.isEmpty(wbpk)) { +// if (!ParepUtils.isPhysicalPerson(mandator)){ +// String idType = ParepUtils.extractMandatorIdentificationType(mandator); +// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// } +// } else if (this.params.getBusinessApplication()) { +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// } +// } // } +// +//// public static void main(String[] args) throws Exception { +//// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index bc5a0e061..ee5a57914 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants; * @author Peter Danner */ public class ParepConfiguration { - - /** - * System property for config file. - */ - public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config"; - - /** - * SZR-GW connection parameters. - */ - private ConnectionParameter standardConnectionParameters; - - /** - * Input field processor. - */ - private String standardInputProcessorClass; - - /** - * Input field processor template. - */ - private String standardInputProcessorTemplate; - - /** - * Configured party representatives. - */ - private HashMap partyRepresentatives; - - /** - * The configuration element. - */ - private Element configElement = null; - - /** - * Defines whether the user input form must be shown on each - * request or not (also predefined mandates) - */ - private boolean alwaysShowForm = false; - - /** - * The configuration base directory. - */ - private String baseDir_; - - /** - * Gets the SZR-GW connection parameters. - * - * @return the connection parameters. - */ - public ConnectionParameter getConnectionParameters(String representationID) { - if (partyRepresentatives == null || "*".equals(representationID)) - return standardConnectionParameters; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - ConnectionParameter connectionParameters = pr.getConnectionParameters(); - if (connectionParameters==null) connectionParameters = standardConnectionParameters; - return connectionParameters; - } - - /** - * Sets the SZR-GW connection parameters for standard connection. - * - * @param connectionParameters - * the connection parameters. - */ - public void setStandardConnectionParameters(ConnectionParameter connectionParameters) { - this.standardConnectionParameters = connectionParameters; - } - - /* - * - */ - public String getFullDirectoryName(String fileString) { - return makeAbsoluteURL(fileString, baseDir_); - } - - /* - * - */ - private static String makeAbsoluteURL(String url, String root) { - // if url is relative to rootConfigFileDirName make it absolute - - File keyFile; - String newURL = url; - - if (null == url) - return null; - - if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) { - return url; - } else { - // check if absolute - if not make it absolute - keyFile = new File(url); - if (!keyFile.isAbsolute()) { - keyFile = new File(root, url); - newURL = keyFile.getPath(); - } - return newURL; - } - } - - /** - * Initializes the configuration with a given XML configuration element found - * in the MOA-ID configuration. - * - * @param configElem - * the configuration element. - * @throws ConfigurationException - * if an error occurs initializing the configuration. - */ - public ParepConfiguration(Element configElem) throws ConfigurationException { - - partyRepresentatives = new HashMap(); - partyRepresentatives.put("*", new PartyRepresentative(true, true)); - - String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); - - try { - - baseDir_ = (new File(fileName)).getParentFile().toURL().toString(); - Logger.trace("Config base directory: " + baseDir_); - // check for configuration in system properties - if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) { - Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG))); - this.configElement = doc.getDocumentElement(); - } else { - this.configElement = configElem; - } - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e); - } - load(); - } - - /* - * - */ - private void load() throws ConfigurationException { - Logger.debug("Parse ParepValidator Konfiguration"); - try { - Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); - // nameSpaceNode.setAttribute("xmlns:sgw", - // SZRGWConstants.SZRGW_PROFILE_NS); - - Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); - if (inputProcessorNode != null) { - this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template"); - Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode); - if (inputProcessorClassNode != null) { - this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue(); - } - } - Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode); - if (alwaysShowFormNode != null) { - this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue()); - } - - // load connection parameters - Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter"); - Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode); - if (connectionParamElement != null) { - // parse connection parameters - // ParepUtils.serializeElement(connectionParamElement, System.out); - this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); - } - - Logger.trace("Lade Konfiguration der Parteienvertreter"); - NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" - + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); - for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { - - PartyRepresentative partyRepresentative = new PartyRepresentative(); - - Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i); - boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false; - boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false; - partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid")); - partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty); - partyRepresentative.setRepresentingCorporateParty(representCorporateParty); - partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText")); - - Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); - if (inputProcessorSubNode != null) { - partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template")); - Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX - + ":InputProcessor/text()", nameSpaceNode); - if (inputProcessorClassSubNode != null) { - partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue()); - } - } - - Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX - + ":ConnectionParameter", nameSpaceNode); - if (connectionParamSubElement == null) { - if (this.standardConnectionParameters == null) { - throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter " - + partyRepresentative.getOid() + " fehlen.", null, null); - } - } else { - // parse connection parameters - // ParepUtils.serializeElement(connectionParamSubElement, System.out); - partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); - } - partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); - Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" - + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() - + ", representationText=" + partyRepresentative.getRepresentationText() - + ")"); - } - - Logger.debug("ParepValidator Konfiguration erfolgreich geparst."); - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e); - } - } - - /* - * - */ - private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException { - try { - ConnectionParameter connectionParameter = new ConnectionParameter(); - - // parse connection url - String URL = connParamElement.getAttribute("URL"); - connectionParameter.setUrl(URL); - - // accepted server certificates - Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()", - nameSpaceNode); - if (accServerCertsNode != null) { - - String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue()); - Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir); - connectionParameter.setAcceptedServerCertificates(serverCertsDir); - } - - // client key store - Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode); - if (clientKeyStoreNode != null) { - String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue()); - connectionParameter.setClientKeyStore(clientKeystore); - } - - // client key store password - Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password", - nameSpaceNode); - if (clientKeyStorePasswordNode != null) { - connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue()); - } - - return connectionParameter; - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); - } - } - - public boolean isPartyRepresentative(String representationID) { - if (partyRepresentatives == null) - return false; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - return pr != null; - } - - public boolean isRepresentingCorporateParty(String representationID) { - if (partyRepresentatives == null) return false; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr == null) return false; - return pr.isRepresentingCorporateParty(); - } - - public boolean isRepresentingPhysicalParty(String representationID) { - if (partyRepresentatives == null) return false; - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr == null) return false; - return pr.isRepresentingPhysicalParty(); - } - - public String getRepresentationText(String representationID) { - String result = ParepValidator.STANDARD_REPRESENTATION_TEXT; - if (partyRepresentatives != null) { - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr != null) { - if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText(); - } - } - return result; - } - - /** - * @return the input processor classname corresponding to representationID - * @param representationID - * the representation ID. - */ - public String getInputProcessorClass(String representationID) { - String inputProcessorClass = standardInputProcessorClass; - if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR; - if (!(partyRepresentatives == null || "*".equals(representationID))) { - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr!=null) { - String prInputProcessorClass = pr.getInputProcessorClass(); - if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass; - } - } - return inputProcessorClass; - } - - /** - * @param standardInputProcessorClass the standardInputProcessorClass to set - */ - public void setStandardInputProcessorClass(String standardInputProcessorClass) { - this.standardInputProcessorClass = standardInputProcessorClass; - } - - /** - * @return the InputProcessorTemplate - */ - public String getInputProcessorTemplate(String representationID) { - String inputProcessorTemplate = standardInputProcessorTemplate; - if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE; - if (!(partyRepresentatives == null || "*".equals(representationID))) { - PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); - if (pr!=null) { - String prInputProcessorTemplate = pr.getInputProcessorTemplate(); - if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate; - } - } - return inputProcessorTemplate; - } - - /** - * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set - */ - public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) { - this.standardInputProcessorTemplate = standardInputProcessorTemplate; - } - - /** - * @return the alwaysShowForm - */ - public boolean isAlwaysShowForm() { - return alwaysShowForm; - } - + + + //TODO: check correctness!!!! /** - * @param alwaysShowForm the alwaysShowForm to set - */ - public void setAlwaysShowForm(String alwaysShowForm) { - if (ParepUtils.isEmpty(alwaysShowForm)) { - this.alwaysShowForm = false; - } else { - this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true"); - } - } - - public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { - try { - if (configElement==null) return false; - Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); - Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); - if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) { - return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true"); - } - return false; - } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e); - } - - } - - -// public static void main(String[] args) throws Exception { -// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml"); -// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml"); -// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties"); -// Configuration cfg = new Configuration(null); -// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110")); -//} +// * System property for config file. +// */ +// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config"; +// +// /** +// * SZR-GW connection parameters. +// */ +// private ConnectionParameter standardConnectionParameters; +// +// /** +// * Input field processor. +// */ +// private String standardInputProcessorClass; +// +// /** +// * Input field processor template. +// */ +// private String standardInputProcessorTemplate; +// +// /** +// * Configured party representatives. +// */ +// private HashMap partyRepresentatives; +// +// /** +// * The configuration element. +// */ +// private Element configElement = null; +// +// /** +// * Defines whether the user input form must be shown on each +// * request or not (also predefined mandates) +// */ +// private boolean alwaysShowForm = false; +// +// /** +// * The configuration base directory. +// */ +// private String baseDir_; +// +// /** +// * Gets the SZR-GW connection parameters. +// * +// * @return the connection parameters. +// */ +// public ConnectionParameter getConnectionParameters(String representationID) { +// if (partyRepresentatives == null || "*".equals(representationID)) +// return standardConnectionParameters; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// ConnectionParameter connectionParameters = pr.getConnectionParameters(); +// if (connectionParameters==null) connectionParameters = standardConnectionParameters; +// return connectionParameters; +// } +// +// /** +// * Sets the SZR-GW connection parameters for standard connection. +// * +// * @param connectionParameters +// * the connection parameters. +// */ +// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) { +// this.standardConnectionParameters = connectionParameters; +// } +// +// /* +// * +// */ +// public String getFullDirectoryName(String fileString) { +// return makeAbsoluteURL(fileString, baseDir_); +// } +// +// /* +// * +// */ +// private static String makeAbsoluteURL(String url, String root) { +// // if url is relative to rootConfigFileDirName make it absolute +// +// File keyFile; +// String newURL = url; +// +// if (null == url) +// return null; +// +// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) { +// return url; +// } else { +// // check if absolute - if not make it absolute +// keyFile = new File(url); +// if (!keyFile.isAbsolute()) { +// keyFile = new File(root, url); +// newURL = keyFile.getPath(); +// } +// return newURL; +// } +// } +// +// /** +// * Initializes the configuration with a given XML configuration element found +// * in the MOA-ID configuration. +// * +// * @param configElem +// * the configuration element. +// * @throws ConfigurationException +// * if an error occurs initializing the configuration. +// */ +// public ParepConfiguration(Element configElem) throws ConfigurationException { +// +// partyRepresentatives = new HashMap(); +// partyRepresentatives.put("*", new PartyRepresentative(true, true)); +// +// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); +// +// try { +// +// baseDir_ = (new File(fileName)).getParentFile().toURL().toString(); +// Logger.trace("Config base directory: " + baseDir_); +// // check for configuration in system properties +// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) { +// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG))); +// this.configElement = doc.getDocumentElement(); +// } else { +// this.configElement = configElem; +// } +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e); +// } +// load(); +// } +// +// /* +// * +// */ +// private void load() throws ConfigurationException { +// Logger.debug("Parse ParepValidator Konfiguration"); +// try { +// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); +// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); +// // nameSpaceNode.setAttribute("xmlns:sgw", +// // SZRGWConstants.SZRGW_PROFILE_NS); +// +// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); +// if (inputProcessorNode != null) { +// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template"); +// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode); +// if (inputProcessorClassNode != null) { +// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue(); +// } +// } +// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode); +// if (alwaysShowFormNode != null) { +// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue()); +// } +// +// // load connection parameters +// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter"); +// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode); +// if (connectionParamElement != null) { +// // parse connection parameters +// // ParepUtils.serializeElement(connectionParamElement, System.out); +// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); +// } +// +// Logger.trace("Lade Konfiguration der Parteienvertreter"); +// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" +// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); +// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { +// +// PartyRepresentative partyRepresentative = new PartyRepresentative(); +// +// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i); +// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false; +// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false; +// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid")); +// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty); +// partyRepresentative.setRepresentingCorporateParty(representCorporateParty); +// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText")); +// +// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); +// if (inputProcessorSubNode != null) { +// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template")); +// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX +// + ":InputProcessor/text()", nameSpaceNode); +// if (inputProcessorClassSubNode != null) { +// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue()); +// } +// } +// +// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX +// + ":ConnectionParameter", nameSpaceNode); +// if (connectionParamSubElement == null) { +// if (this.standardConnectionParameters == null) { +// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter " +// + partyRepresentative.getOid() + " fehlen.", null, null); +// } +// } else { +// // parse connection parameters +// // ParepUtils.serializeElement(connectionParamSubElement, System.out); +// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); +// } +// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); +// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" +// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() +// + ", representationText=" + partyRepresentative.getRepresentationText() +// + ")"); +// } +// +// Logger.debug("ParepValidator Konfiguration erfolgreich geparst."); +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e); +// } +// } +// +// /* +// * +// */ +// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException { +// try { +// ConnectionParameter connectionParameter = new ConnectionParameter(); +// +// // parse connection url +// String URL = connParamElement.getAttribute("URL"); +// connectionParameter.setUrl(URL); +// +// // accepted server certificates +// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()", +// nameSpaceNode); +// if (accServerCertsNode != null) { +// +// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue()); +// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir); +// connectionParameter.setAcceptedServerCertificates(serverCertsDir); +// } +// +// // client key store +// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode); +// if (clientKeyStoreNode != null) { +// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue()); +// connectionParameter.setClientKeyStore(clientKeystore); +// } +// +// // client key store password +// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password", +// nameSpaceNode); +// if (clientKeyStorePasswordNode != null) { +// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue()); +// } +// +// return connectionParameter; +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); +// } +// } +// +// public boolean isPartyRepresentative(String representationID) { +// if (partyRepresentatives == null) +// return false; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// return pr != null; +// } +// +// public boolean isRepresentingCorporateParty(String representationID) { +// if (partyRepresentatives == null) return false; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr == null) return false; +// return pr.isRepresentingCorporateParty(); +// } +// +// public boolean isRepresentingPhysicalParty(String representationID) { +// if (partyRepresentatives == null) return false; +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr == null) return false; +// return pr.isRepresentingPhysicalParty(); +// } +// +// public String getRepresentationText(String representationID) { +// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT; +// if (partyRepresentatives != null) { +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr != null) { +// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText(); +// } +// } +// return result; +// } +// +// /** +// * @return the input processor classname corresponding to representationID +// * @param representationID +// * the representation ID. +// */ +// public String getInputProcessorClass(String representationID) { +// String inputProcessorClass = standardInputProcessorClass; +// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR; +// if (!(partyRepresentatives == null || "*".equals(representationID))) { +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr!=null) { +// String prInputProcessorClass = pr.getInputProcessorClass(); +// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass; +// } +// } +// return inputProcessorClass; +// } +// +// /** +// * @param standardInputProcessorClass the standardInputProcessorClass to set +// */ +// public void setStandardInputProcessorClass(String standardInputProcessorClass) { +// this.standardInputProcessorClass = standardInputProcessorClass; +// } +// +// /** +// * @return the InputProcessorTemplate +// */ +// public String getInputProcessorTemplate(String representationID) { +// String inputProcessorTemplate = standardInputProcessorTemplate; +// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE; +// if (!(partyRepresentatives == null || "*".equals(representationID))) { +// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); +// if (pr!=null) { +// String prInputProcessorTemplate = pr.getInputProcessorTemplate(); +// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate; +// } +// } +// return inputProcessorTemplate; +// } +// +// /** +// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set +// */ +// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) { +// this.standardInputProcessorTemplate = standardInputProcessorTemplate; +// } +// +// /** +// * @return the alwaysShowForm +// */ +// public boolean isAlwaysShowForm() { +// return alwaysShowForm; +// } +// +// /** +// * @param alwaysShowForm the alwaysShowForm to set +// */ +// public void setAlwaysShowForm(String alwaysShowForm) { +// if (ParepUtils.isEmpty(alwaysShowForm)) { +// this.alwaysShowForm = false; +// } else { +// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true"); +// } +// } +// +// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { +// try { +// if (configElement==null) return false; +// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); +// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); +// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); +// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) { +// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true"); +// } +// return false; +// } catch (Exception e) { +// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e); +// } +// +// } +// +// +//// public static void main(String[] args) throws Exception { +//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml"); +//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml"); +//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties"); +//// Configuration cfg = new Configuration(null); +//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110")); +////} } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java deleted file mode 100644 index 2f138fbfc..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ /dev/null @@ -1,1396 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config; - -import iaik.pki.pathvalidation.ChainingModes; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -import java.math.BigInteger; -import java.net.MalformedURLException; -import java.net.URL; -import java.security.Principal; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Vector; - -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.w3c.dom.Attr; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.Schema; -import at.gv.egovernment.moa.id.auth.data.SchemaImpl; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter; -import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter; -import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathException; -import at.gv.egovernment.moa.util.XPathUtils; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; - -/** - * A class that builds configuration data from a DOM based representation. - * - * @author Patrick Peck - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConfigurationBuilder { - - // - // XPath namespace prefix shortcuts - // - /** an XPATH-Expression */ - protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; - /** an XPATH-Expression */ - protected static final String DSIG = Constants.DSIG_PREFIX + ":"; - - /** an XPATH-Expression */ - protected static final String STORK = Constants.STORK_PREFIX + ":"; - - /** an XPATH-Expression */ - protected static final String STORKP= Constants.STORKP_PREFIX + ":"; - - // - // chaining mode constants appearing in the configuration file - // - /** an XPATH-Expression */ - protected static final String CM_CHAINING = "chaining"; - /** an XPATH-Expression */ - protected static final String CM_PKIX = "pkix"; - /** an XPATH-Expression */ - protected static final String DEFAULT_ENCODING = "UTF-8"; - - // - // XPath expressions to select certain parts of the configuration - // - /** an XPATH-Expression */ - protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; - - /** an XPATH-Expression */ - protected static final String AUTH_BKU_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; - /** an XPATH-Expression */ - protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; - /** an XPATH-Expression */ - protected static final String AUTH_TEMPLATE_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; - /** an XPATH-Expression */ - public static final String AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; - - - //protected static final String AUTH_MANDATE_TEMPLATE_XPATH = -// ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "MandateTemplate/@URL"; - /** an XPATH-Expression */ - protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; - /** an XPATH-Expression */ - public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; - /** an XPATH-Expression */ - protected static final String AUTH_MOA_SP_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; - /** an XPATH-Expression */ - protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; - /** an XPATH-Expression */ - protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; - /** an XPATH-Expression */ - protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; - - /** an XPATH-Expression */ - protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; - - /** an XPATH-Expression */ - public static final String AUTH_VERIFY_INFOBOXES_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes"; - - /** an XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities"; - - /** an XPATH-Expression */ - public static final String AUTH_ONLINEMANDATES_XPATH = - ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates"; - - - - /** an XPATH-Expression */ - protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; - /** an XPATH-Expression */ - protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; - /** an XPATH-Expression */ - protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; - /** an XPATH-Expression */ - protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; - /** an XPATH-Expression */ - protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH = - CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; - /** an XPATH-Expression */ - protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = - CONF + "Templates/" + CONF + "Template/@URL"; - /** an XPATH-Expression */ - public static final String OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH = - CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; - //protected static final String OA_AUTH_COMPONENT_MANDATE_TEMPLATE_XPATH = - //CONF + "Templates/" + CONF + "MandateTemplate/@URL"; - /** an XPATH-Expression */ - protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; - /** an XPATH-Expression */ - protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; - /** an XPATH-Expression */ - protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles"; - /** an XPATH-Expression */ - protected static final String CONNECTION_PARAMETER_URL_XPATH = - CONF + "ConnectionParameter/@URL"; - /** an XPATH-Expression */ - protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = - CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; - /** an XPATH-Expression */ - protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = - CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; - /** an XPATH-Expression */ - protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = - CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; - /** an XPATH-Expression */ - protected static final String GENERIC_CONFIGURATION_XPATH = - ROOT + CONF + "GenericConfiguration"; - - /** an XPATH-Expression */ - protected static final String TRUSTED_BKUS = - ROOT + CONF + "TrustedBKUs/" + CONF + "BKUURL"; - - protected static final String TRUSTED_TEMPLATEURLS = - ROOT + CONF + "TrustedTemplateURLs/" + CONF + "TemplateURL"; - - - /** an XPATH-Expression */ - protected static final String CHAINING_MODES_XPATH = - ROOT + CONF + "ChainingModes"; - /** an XPATH-Expression */ - protected static final String CHAINING_MODES_DEFAULT_XPATH = - CHAINING_MODES_XPATH + "/@systemDefaultMode"; - /** an XPATH-Expression */ - protected static final String TRUST_ANCHOR_XPATH = - ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; - /** an XPATH-Expression */ - protected static final String ISSUER_XPATH = DSIG + "X509IssuerName"; - /** an XPATH-Expression */ - protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; - /** an XPATH-Expression */ - protected static final String TRUSTED_CA_CERTIFICATES_XPATH = - ROOT + CONF + "TrustedCACertificates"; - - /** an XPATH-Expression */ - protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile"; - /** an XPATH-Expression */ - protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID"; - /** an XPATH-Expression */ - protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; - - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS = - ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "C-PEPS"; - - /** STORK Config AttributeName */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE = "countryCode"; - - /** STORK Config AttributeName */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL = "URL"; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER = - ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + - CONF + "SignatureCreationParameter" ; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES = - STORK + "RequestedAttribute"; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER = - ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + - CONF + "SignatureVerificationParameter"; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE = - CONF + "KeyStore"; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME = - CONF + "KeyName"; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD = - CONF + "KeyStore/@password"; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD = - CONF + "KeyName/@password"; - - /** STORK Config XPATH-Expression */ - public static final String AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID = - CONF + "TrustProfileID"; - - /** STORK Config XPATH-Expression */ - public static final String OA_AUTH_COMPONENT_STORK_QAA = - CONF + "STORK/" + STORK + "QualityAuthenticationAssuranceLevel"; - - /** STORK Config XPATH-Expression */ - public static final String OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE = - CONF + "STORK/" + STORKP + "RequestedAttributes/" + STORK + "RequestedAttribute"; - - /** - * main configuration file directory name used to configure MOA-ID - */ - protected String rootConfigFileDir_; - - /** The root element of the MOA-ID configuration */ - protected Element configElem_; - - /** - * Creates a new MOAConfigurationProvider. - * - * @param configElem The root element of the MOA-ID configuration. - */ - public ConfigurationBuilder(Element configElem, String rootConfigDir) { - configElem_ = configElem; - rootConfigFileDir_ = rootConfigDir; - } - - /** - * Returns the root element of the MOA-ID configuration. - * - * @return The root element of the MOA-ID configuration. - */ - public Element getConfigElem() { - return configElem_; - } - - /** - * Build a ConnectionParameter object containing all information - * of the moa-sp element in the authentication component - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter buildAuthBKUConnectionParameter() { - - Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); - if (authBKU==null) return null; - return buildConnectionParameter(authBKU); - } - - /** - * Build a ConnectionParameter containing all information - * of the foreignid element in the authentication component - * @return ConnectionParameter of the authentication component foreignid element - */ - public ConnectionParameter buildForeignIDConnectionParameter() { - Element foreignid = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_XPATH); - if (foreignid==null) return null; - return buildConnectionParameter(foreignid); - - } - - /** - * Build a ConnectionParameter containing all information - * of the OnlineMandates element in the authentication component - * @return ConnectionParameter of the authentication component OnlineMandates element - */ - public ConnectionParameter buildOnlineMandatesConnectionParameter() { - Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH); - if (onlinemandates==null) return null; - return buildConnectionParameter(onlinemandates); - - } - - /** - * Method buildAuthBKUSelectionType. - * - * Build a string with the configuration value of BKUSelectionAlternative - * - * @return String - */ - public String buildAuthBKUSelectionType() { - - Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); - if (authBKU==null) return null; - return (authBKU).getAttribute("BKUSelectionAlternative"); - } - - /** - * Build a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @param contextNode The node from which should be searched - * @param xpathExpr The XPATH expression for the search - * @return String[] of filenames to the Security Layer Transforms Information - * or null if no transforms are included - */ - public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) { - - List transformsInfoFileNames = new ArrayList(); - - try { - NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); - - Attr tiElem; - while ((tiElem = (Attr) tiIter.nextNode()) != null) { - String tiFileName = tiElem.getNodeValue(); - transformsInfoFileNames.add(tiFileName); - } - - String[] result = new String[transformsInfoFileNames.size()]; - transformsInfoFileNames.toArray(result); - - return result; - } catch (XPathException xpe) { - return new String[0]; - } - } - - - /** - * Loads the transformsInfos from files. - * @throws Exception on any exception thrown - */ - public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { - - String[] transformsInfos = new String[transformsInfoFileNames.length]; - for (int i = 0; i < transformsInfoFileNames.length; i++) { - String fileURL = transformsInfoFileNames[i]; - - //if fileURL is relative to rootConfigFileDir make it absolute - fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); - String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); - transformsInfos[i] = transformsInfo; - } - return transformsInfos; - } - - /** - * Build a ConnectionParameter bean containing all information - * of the authentication component moa-sp element - * @return ConnectionParameter of the authentication component moa-sp element - */ - public ConnectionParameter buildMoaSpConnectionParameter() { - - Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH); - if (connectionParameter==null) return null; - return buildConnectionParameter(connectionParameter); - } - - /** - * Return a string with a url-reference to the VerifyIdentityLink trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyIdentityLink trust profile ID - */ - public String getMoaSpIdentityLinkTrustProfileID() { - return XPathUtils.getElementValue( - configElem_, - AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, - ""); - } - /** - * Return a string representation of an URL pointing to trusted CA Certificates - * @return String representation of an URL pointing to trusted CA Certificates - */ - public String getTrustedCACertificates() { - return XPathUtils.getElementValue( - configElem_, - TRUSTED_CA_CERTIFICATES_XPATH,null); - } - - /** - * Return a string with a url-reference to the VerifyAuthBlock trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - */ - public String getMoaSpAuthBlockTrustProfileID() { - return XPathUtils.getElementValue( - configElem_, - AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, - ""); - } - /** - * Build a string array with references to all verify transform info - * IDs within the moa-sp part of the authentication component - * @return A string array containing all urls to the - * verify transform info IDs - */ - public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { - - List verifyTransformsInfoIDs = new ArrayList(); - NodeIterator vtIter = - XPathUtils.selectNodeIterator( - configElem_, - AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); - Element vtElem; - - while ((vtElem = (Element) vtIter.nextNode()) != null) { - - String vtInfoIDs = DOMUtils.getText(vtElem); - verifyTransformsInfoIDs.add(vtInfoIDs); - } - String[] result = new String[verifyTransformsInfoIDs.size()]; - verifyTransformsInfoIDs.toArray(result); - - return result; - } - - public List getTrustedBKUs() { - - List trustedBKUs = new ArrayList(); - - NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_BKUS); - - Element vtElem; - - while ((vtElem = (Element) bkuIter.nextNode()) != null) { - String bkuURL = DOMUtils.getText(vtElem); - trustedBKUs.add(bkuURL); - } - - return trustedBKUs; - - } - -public List getTrustedTemplateURLs() { - - List trustedTemplateURLs = new ArrayList(); - - NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_TEMPLATEURLS); - - Element vtElem; - - while ((vtElem = (Element) bkuIter.nextNode()) != null) { - String bkuURL = DOMUtils.getText(vtElem); - trustedTemplateURLs.add(bkuURL); - } - - return trustedTemplateURLs; - - } - - /** - * Returns a list containing all X509 Subject Names - * of the Identity Link Signers - * @return a list containing the configured identity-link signer X509 subject names - */ - public List getIdentityLink_X509SubjectNames() { - - Vector x509SubjectNameList = new Vector(); - NodeIterator x509Iter = - XPathUtils.selectNodeIterator( - configElem_, - AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); - Element x509Elem; - - while ((x509Elem = (Element) x509Iter.nextNode()) != null) { - String vtInfoIDs = DOMUtils.getText(x509Elem); - x509SubjectNameList.add(vtInfoIDs); - } - - // now add the default identity link signers - String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; - for (int i=0; inull. - * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating - * the identity link signer certificate. Needed for - * checking if this ID is not used for validating other - * infoboxes. - * - * @return An OAProxyParameter array containing beans - * with all relevant information for the authentication component of the online - * application - */ - public OAAuthParameter[] buildOnlineApplicationAuthParameters( - VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID) - throws ConfigurationException - { - - String bkuSelectionTemplateURL = - XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); - String templateURL = - XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); - String inputProcessorSignTemplateURL = - XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); - - - List OA_set = new ArrayList(); - NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); - - for (int i = 0; i < OAIter.getLength(); i++) { - Element oAElem = (Element) OAIter.item(i); - Element authComponent = - (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); - - OAAuthParameter oap = new OAAuthParameter(); - String publicURLPrefix = oAElem.getAttribute("publicURLPrefix"); - oap.setPublicURLPrefix(publicURLPrefix); - oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); - oap.setFriendlyName(oAElem.getAttribute("friendlyName")); - String targetConfig = oAElem.getAttribute("target"); - String targetFriendlyNameConfig = oAElem.getAttribute("targetFriendlyName"); - - // get the type of the online application - String oaType = oAElem.getAttribute("type"); - oap.setOaType(oaType); - String slVersion = "1.1"; - if ("businessService".equalsIgnoreCase(oaType)) { - if (authComponent==null) { - Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\""); - throw new ConfigurationException("config.02", null); - } - Element identificationNumberElem = - (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH); - if (identificationNumberElem==null) { - Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); - throw new ConfigurationException("config.02", null); - } - Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes()); - if (identificationNumberChild == null) { - Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); - throw new ConfigurationException("config.02", null); - } - - if (!StringUtils.isEmpty(targetConfig)) { - Logger.error("Target attribute can not be set for OA of type \"businessService\""); - throw new ConfigurationException("config.02", null); - } - if (!StringUtils.isEmpty(targetFriendlyNameConfig)) { - Logger.error("Target friendly name attribute can not be set for OA of type \"businessService\""); - throw new ConfigurationException("config.02", null); - } - - - if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { - oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); - //BZ.., setting type of IdLinkDomainIdentifier - oap.setIdentityLinkDomainIdentifierType(identificationNumberChild.getLocalName()); - //..BZ - } else { - // If we have business service and want to dealt with GDA, the security layer can be advised to calulate - // the Health Professional Identifier HPI instead of the wbPK - Logger.info("OA uses HPI for Identification"); - oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI); - } - - // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file - Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2"); - slVersion = "1.2"; - - } else { - - if (StringUtils.isEmpty(targetConfig) && !StringUtils.isEmpty(targetFriendlyNameConfig)) { - Logger.error("Target friendly name attribute can not be set alone for OA of type \"businessService\""); - throw new ConfigurationException("config.02", null); - } - oap.setTarget(targetConfig); - oap.setTargetFriendlyName(targetFriendlyNameConfig); - - if (authComponent!=null) { - slVersion = authComponent.getAttribute("slVersion"); - } - - - } - oap.setSlVersion(slVersion); - //Check if there is an Auth-Block to read from configuration - - if (authComponent!=null) - { - oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); - oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); - oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); - oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); - oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData"))); - oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC"))); - oap.setUseCondition(BoolUtils.valueOf(authComponent.getAttribute("useCondition"))); - oap.setConditionLength(buildConditionLength(authComponent.getAttribute("conditionLength"))); - oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); - oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); - -// System.out.println(publicURLPrefix); -// System.out.println("useCondition: " + oap.getUseCondition()); -// System.out.println("conditionLength: " + oap.getConditionLength()); - - oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); - // load OA specific transforms if present - String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); - try { - oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames)); - } catch (Exception ex) { - Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms."); - } - Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); - oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( - verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); - - Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH); - if (mandateProfilesNode != null) { - if ("businessService".equalsIgnoreCase(oaType)) { - Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed."); - throw new ConfigurationException("config.02", null); - } - else { - String profiles = DOMUtils.getText(mandateProfilesNode); - oap.setMandateProfiles(profiles); - } - } - - //add STORK Configuration specific to OA (RequestedAttributes, QAALevel) - //QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); - //if (qaaLevel != null) { - // oap.setQaaLevel(qaaLevel); - // Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); - //} - - //RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); - // - //if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { - // //we have additional STORK attributes to request for this OA - // Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); - // for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { - // if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { - /// addReqAttr.detach(); - // oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); - // Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); - // } - // } - - //} else { - // //do nothing, only request default attributes - //} - - - } - OA_set.add(oap); - } - OAAuthParameter[] result = - new OAAuthParameter[OA_set.size()]; - OA_set.toArray(result); - - return result; - - } - - /** - * Returns the condition length as int - * @param length the condition length as int - * @return - */ - private int buildConditionLength(String length) { - - if (StringUtils.isEmpty(length)) - return -1; - else - return new Integer(length).intValue(); - } - - /** - * Builds the URL for a BKUSelectionTemplate or a Template. The method selects - * the uri string from the MOA ID configuration file via the given xpath expression - * and returns either this string or the default value. - * - * @param oaAuthComponent The AuthComponent element to get the template from. - * @param xpathExpr The xpath expression for selecting the template uri. - * @param defaultURL The default template url. - * @return The template url. This may either the via xpath selected uri - * or, if no template is specified within the online appliacation, - * the default url. Both may be null. - */ - protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) { - String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL); - if (templateURL != null) { - templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_); - } - return templateURL; - } - - - - - - - /** - * Method buildConnectionParameter: internal Method for creating a - * ConnectionParameter object with all data found in the incoming element - * @param root This Element contains the ConnectionParameter - * @return ConnectionParameter - */ - protected ConnectionParameter buildConnectionParameter(Element root) - { - ConnectionParameter result = new ConnectionParameter(); - result.setAcceptedServerCertificates( - XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); - - result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( - result.getAcceptedServerCertificates(), rootConfigFileDir_)); - - result.setUrl( - XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); - result.setClientKeyStore( - XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); - - result.setClientKeyStore(FileUtils.makeAbsoluteURL( - result.getClientKeyStore(), rootConfigFileDir_)); - - result.setClientKeyStorePassword( - XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); - - if ((result.getAcceptedServerCertificates()==null) - && (result.getUrl()=="") - && (result.getClientKeyStore()==null) - && (result.getClientKeyStorePassword()=="")) - return null; - - return result; - } - - - /** - * Build the mapping of generic configuration properties. - * - * @return a {@link Map} of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map buildGenericConfiguration() { - - Map genericConfiguration = new HashMap(); - NodeIterator gcIter = - XPathUtils.selectNodeIterator( - configElem_, - GENERIC_CONFIGURATION_XPATH); - Element gcElem; - - while ((gcElem = (Element) gcIter.nextNode()) != null) { - String gcName = gcElem.getAttribute("name"); - String gcValue = gcElem.getAttribute("value"); - - genericConfiguration.put(gcName, gcValue); - } - - return genericConfiguration; - } - - - /** - * Returns the default chaining mode from the configuration. - * - * @return The default chaining mode. - */ - public String getDefaultChainingMode() { - String defaultChaining = - XPathUtils.getAttributeValue( - configElem_, - CHAINING_MODES_DEFAULT_XPATH, - CM_CHAINING); - - return translateChainingMode(defaultChaining); - - } - /** - * Build the chaining modes for all configured trust anchors. - * - * @return The mapping from trust anchors to chaining modes. - */ - public Map buildChainingModes() { - Map chainingModes = new HashMap(); - NodeIterator trustIter = - XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH); - Element trustAnchorElem; - - while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { - IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); - String mode = trustAnchorElem.getAttribute("mode"); - - if (issuerAndSerial != null) { - chainingModes.put(issuerAndSerial, translateChainingMode(mode)); - } - } - - return chainingModes; - } - - /** - * Build an IssuerAndSerial from the DOM representation. - * - * @param root The root element (being of type dsig: - * X509IssuerSerialType. - * @return The issuer and serial number contained in the root - * element or null if could not be built for any reason. - */ - protected IssuerAndSerial buildIssuerAndSerial(Element root) { - String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); - String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); - - if (issuer != null && serial != null) { - try { - RFC2253NameParser nameParser = new RFC2253NameParser(issuer); - Principal issuerDN = nameParser.parse(); - - return new IssuerAndSerial(issuerDN, new BigInteger(serial)); - } catch (RFC2253NameParserException e) { - warn("config.09", new Object[] { issuer, serial }, e); - return null; - } catch (NumberFormatException e) { - warn("config.09", new Object[] { issuer, serial }, e); - return null; - } - } - return null; - } - - /** - * Translate the chaining mode from the configuration file to one used in the - * IAIK MOA API. - * - * @param chainingMode The chaining mode from the configuration. - * @return The chaining mode as provided by the ChainingModes - * interface. - * @see iaik.pki.pathvalidation.ChainingModes - */ - protected String translateChainingMode(String chainingMode) { - if (chainingMode.equals(CM_CHAINING)) { - return ChainingModes.CHAIN_MODE; - } else if (chainingMode.equals(CM_PKIX)) { - return ChainingModes.PKIX_MODE; - } else { - return ChainingModes.CHAIN_MODE; - } - } - - /** - * Builds the IdentityLinkDomainIdentifier as needed for providing it to the - * SecurityLayer for computation of the wbPK. - *

e.g.:
- * input element: - *
- * <pr:Firmenbuchnummer Identifier="FN">000468 i</pr:Firmenbuchnummer> - *

- * return value: urn:publicid:gv.at+wbpk+FN468i - * - * @param number The element holding the identification number of the business - * company. - * @return The domain identifier - */ - protected String buildIdentityLinkDomainIdentifier(Element number) { - if (number == null) { - return null; - } - String identificationNumber = number.getFirstChild().getNodeValue(); - String identifier = number.getAttribute("Identifier"); - // remove all blanks - identificationNumber = StringUtils.removeBlanks(identificationNumber); - if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { - // delete zeros from the beginning of the number - identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); - // remove hyphens - identificationNumber = StringUtils.removeToken(identificationNumber, "-"); - } - StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK); - identityLinkDomainIdentifier.append("+"); - if (!identificationNumber.startsWith(identifier)) { - identityLinkDomainIdentifier.append(identifier); - } - identityLinkDomainIdentifier.append("+"); - identityLinkDomainIdentifier.append(identificationNumber); - return identityLinkDomainIdentifier.toString(); - } - - /** - * Builds the parameters for verifying additional infoboxes (additional to the - * IdentityLink infobox). - * - * @param verifyInfoboxesElem The VerifyInfoboxes element from the - * config file. This maybe the global element or the - * elment from an Online application. - * @param defaultVerifyInfoboxParameters Default parameters to be used, if no - * VerifyInfoboxes element is present. - * This only applies to parameters - * of an specific online application and is set to - * null when building the global parameters. - * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating - * the identity link signer certificate. Needed for - * checking if this ID is not used for validating other - * infoboxes. - * - * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters} - * object needed for verifying additional infoboxes. - * - * @throws ConfigurationException If the trust profile for validating the identity link - * signer certificate is used for validating another infobox. - */ - public VerifyInfoboxParameters buildVerifyInfoboxParameters( - Node verifyInfoboxesElem, - VerifyInfoboxParameters defaultVerifyInfoboxParameters, - String moaSpIdentityLinkTrustProfileID) - throws ConfigurationException - { - - if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) { - return null; - } - Vector identifiers = new Vector(); - List defaultIdentifiers = null; - Map defaultInfoboxParameters = null; - if (defaultVerifyInfoboxParameters != null) { - defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers(); - defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters(); - } - Hashtable infoboxParameters = new Hashtable(); - if (verifyInfoboxesElem != null) { - // get the DefaultTrustProfileID - String defaultTrustProfileID = null; - Node defaultTrustProfileNode = - XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH); - if (defaultTrustProfileNode != null) { - Node trustProfileIDNode = - XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH); - defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); - if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) { - throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID}); - } - } - // get the Infoboxes - NodeList infoboxes = - XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH); - for (int i=0; i buildSTORKcPEPSMap() { - - Logger.debug("Loading STORK C-PEPS information"); - - Map cpepsMap = new HashMap(); - - NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS); - - Element cpepsElement; - CPEPS cpeps; - - while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) { - cpeps = buildSTORKCpeps(cpepsElement); - if (cpeps != null) { - cpepsMap.put(cpeps.getCountryCode(), cpeps); - } - } - - if(!cpepsMap.isEmpty()) { - Logger.info("STORK C-PEPS information loaded"); - } - - return cpepsMap; - - } - - /** - * Builds the required STORK QAALevel for this OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK QAALevel for this OA - */ - public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) { - Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA); - - if (qaaLevelElement == null) return null; - - try { - QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement); - return qaaLevel; - } catch (MessageEncodingException e) { - Logger.error("Could not build STORK QAALevel, using default."); - return null; - } - - } - - /** - * Builds the Requested Attributes specific for an OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK RequestedAttributes for this OA - */ - public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) { - List reqAttributeList = new ArrayList(); - - - Element reqAttributeElement; - NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE); - - while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { - RequestedAttribute requestedAttribute; - try { - requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); - } catch (MessageEncodingException e) { - Logger.error("Provided RequestedAttributes Online Application is malformed.", e); - return null; - } - //only add if STORK attribute is correct - if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { - reqAttributeList.add(requestedAttribute); - } else { - Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); - } - } - - return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); - } - - /** - * Method warn. - * @param messageId to identify a country-specific message - * @param parameters for the logger - */ - // - // various utility methods - // - - protected static void warn(String messageId, Object[] parameters) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - } - - /** - * Method warn. - * @param messageId to identify a country-specific message - * @param args for the logger - * @param t as throwabl - */ - protected static void warn(String messageId, Object[] args, Throwable t) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index fb1dc0293..bf4952113 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -81,7 +81,7 @@ public class ConfigurationProvider { * A Map which contains the IssuerAndSerial to * chaining mode (a String) mapping. */ - protected Map chainingModes; + protected Map chainingModes; /** * the URL for the trusted CA Certificates @@ -93,6 +93,10 @@ public class ConfigurationProvider { */ protected String rootConfigFileDir; + protected String certstoreDirectory; + + protected boolean trustmanagerrevoationchecking; + /** * Returns the main configuration file directory used to configure MOA-ID * @@ -148,5 +152,22 @@ public class ConfigurationProvider { return trustedCACertificates; } + +/** + * @return the certstoreDirectory + */ +public String getCertstoreDirectory() { + return certstoreDirectory; +} + +/** + * @return the trustmanagerrevoationchecking + */ +public boolean isTrustmanagerrevoationchecking() { + return trustmanagerrevoationchecking; +} + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java new file mode 100644 index 000000000..65fda8396 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.config; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +public class ConfigurationUtils { + + public static List getTransformInfos(List transformations) { + List list = new ArrayList(); + + for (TransformsInfoType e1 : transformations) { + + try { + String transform = new String(e1.getTransformation(), "UTF-8"); + String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); + list.add(encoded); + + } catch (UnsupportedEncodingException e) { + Logger.warn("Transformation can not be loaded. An encoding error ocurs"); + return null; + + } catch (IOException e) { + Logger.warn("Transformation can not be loaded from database."); + return null; + } + } + return list; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java deleted file mode 100644 index b1b90f40b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config; - -/** - * This bean class is used to store data for various connectionParameter - * within the MOA-ID configuration - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConnectionParameter { - - /** - * Server URL - */ - private String url; - /** - * File URL for a directory containing PKCS#12 server SSL certificates. - * From these certificates, a X509 trust store will be assembled for use - * by a JSSE TrustManager. - * This field will only be used in case of an HTTPS URL. - */ - private String acceptedServerCertificates; - /** - * File URL of a X509 key store containing the private key to be used - * for an HTTPS connection when the server requires client authentication. - * This field will only be used in case of an HTTPS URL. - */ - private String clientKeyStore; - /** - * Password protecting the client key store. - */ - private String clientKeyStorePassword; - - /** - * Checks whether the URL scheme is "https". - * @return true in case of an URL starting with "https" - */ - public boolean isHTTPSURL() { - return getUrl().indexOf("https") == 0; - } - - /** - * Returns the url. - * @return String - */ - public String getUrl() { - return url; - } - - /** - * Returns the acceptedServerCertificates. - * @return String - */ - public String getAcceptedServerCertificates() { - return acceptedServerCertificates; - } - - /** - * Sets the acceptedServerCertificates. - * @param acceptedServerCertificates The acceptedServerCertificates to set - */ - public void setAcceptedServerCertificates(String acceptedServerCertificates) { - this.acceptedServerCertificates = acceptedServerCertificates; - } - - /** - * Sets the url. - * @param url The url to set - */ - public void setUrl(String url) { - this.url = url; - } - - /** - * Returns the clientKeyStore. - * @return String - */ - public String getClientKeyStore() { - return clientKeyStore; - } - - /** - * Returns the clientKeyStorePassword. - * @return String - */ - public String getClientKeyStorePassword() { - return clientKeyStorePassword; - } - - /** - * Sets the clientKeyStore. - * @param clientKeyStore The clientKeyStore to set - */ - public void setClientKeyStore(String clientKeyStore) { - this.clientKeyStore = clientKeyStore; - } - - /** - * Sets the clientKeyStorePassword. - * @param clientKeyStorePassword The clientKeyStorePassword to set - */ - public void setClientKeyStorePassword(String clientKeyStorePassword) { - this.clientKeyStorePassword = clientKeyStorePassword; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java new file mode 100644 index 000000000..41d6959b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterForeign extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities."; + + public ConnectionParameterForeign(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java new file mode 100644 index 000000000..0e05633c8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMOASP extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp."; + + public ConnectionParameterMOASP(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java new file mode 100644 index 000000000..00b393b92 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMandate extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates."; + + public ConnectionParameterMandate(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 56c97a802..c1715d6fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + /** * Configuration parameters belonging to an online application, * to be used within both, the MOA ID Auth and the @@ -33,6 +35,25 @@ package at.gv.egovernment.moa.id.config; */ public class OAParameter { + public OAParameter(OnlineApplication oa) { + + this.oaType = oa.getType(); + + if (this.oaType.equals("businessService")) + this.businessService = true; + else + this.businessService = false; + + this.publicURLPrefix = oa.getPublicURLPrefix(); + + this.friendlyName = oa.getFriendlyName(); + + this.target = oa.getTarget(); + + this.targetFriendlyName = oa.getTargetFriendlyName(); + + } + /** * type of the online application (maybe "PublicService" or "BusinessService") */ @@ -63,102 +84,26 @@ public class OAParameter { */ private String targetFriendlyName; - /** - * Returns the type of the online application. - * @return the type of the online application. - */ - public String getOaType() { - return oaType; - } - - /** - * Returns true is the OA is a businss application, otherwise - * false. - * @return true is the OA is a businss application, otherwise - * false - */ - public boolean getBusinessService() { - return this.businessService; - } - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - /** - * - * Sets the type of the online application. - * If the type is "businessService" the value of businessService - * ({@link #getBusinessService()}) is also set to true - * @param oaType The type of the online application. - */ - public void setOaType(String oaType) { - this.oaType = oaType; - if ("businessService".equalsIgnoreCase(oaType)) { - this.businessService = true; - } - } + public String getOaType() { + return oaType; + } + public boolean getBusinessService() { + return businessService; + } + public String getPublicURLPrefix() { + return publicURLPrefix; + } + public String getFriendlyName() { + return friendlyName; + } + public String getTarget() { + return target; + } + public String getTargetFriendlyName() { + return targetFriendlyName; + } - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; - } - - - /** - * Gets the friendly name of the OA - * @return Friendly Name of the OA - */ - public String getFriendlyName() { - return friendlyName; - } - - /** - * Sets the friendly name of the OA - * @param friendlyName - */ - public void setFriendlyName(String friendlyName) { - this.friendlyName = friendlyName; - } - - /** - * Gets the target of the OA - * @return target of the OA - */ - public String getTarget() { - return target; - } - - /** - * Sets the target of the OA - * @param target - */ - public void setTarget(String target) { - this.target = target; - } - - /** - * Gets the target friendly name of the OA - * @return target Friendly Name of the OA - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the target friendly name of the OA - * @param targetFriendlyName - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6f1af9842..922d86fc0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -24,38 +24,60 @@ package at.gv.egovernment.moa.id.config.auth; -import java.io.BufferedInputStream; +import iaik.util.logging.Log; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; -import java.io.InputStream; import java.net.MalformedURLException; +import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Properties; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + import org.hibernate.cfg.Configuration; -import org.w3c.dom.Element; -import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ConfigurationUtil; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; +import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; +import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.XPathUtils; import eu.stork.vidp.messages.common.STORKBootstrap; /** @@ -123,90 +145,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // // configuration data // + private static MOAIDConfiguration moaidconfig; - /** - * configuration files containing transformations for rendering in the - * secure viewer of the security layer implementation; - * multiple files can be given for different mime types - */ - private String[] transformsInfoFileNames; - - /** - * transformations for rendering in the secure viewer of the security layer implementation, - * read from {@link transformsInfoFileNames}; - * multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - - /** - * parameters for connection to MOA SP component - */ - private ConnectionParameter moaSpConnectionParameter; - - - /** - * trust profile ID to be used for verifying the identity link signature via MOA ID SP - */ - private String moaSpIdentityLinkTrustProfileID; - /** - * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP - */ - private String moaSpAuthBlockTrustProfileID; - /** - * transformations to be used for verifying the AUTH block signature via MOA ID SP - */ - private String[] moaSpAuthBlockVerifyTransformsInfoIDs; - /** - * X509 SubjectNames which will be trusted - */ - private List identityLinkX509SubjectNames; - /** - * default parameters for verifying additional infoboxes. - */ - private VerifyInfoboxParameters defaultVerifyInfoboxParameters; - - /** - * configuration parameters for online applications - */ - private OAAuthParameter[] onlineApplicationAuthParameters; - /** - * the Selection Type of the bku Selection Element - */ - private String bKUSelectionType; - /** - * is the bku Selection Element present? - */ - private boolean bKUSelectable; - /** - * the bku Selection Connection Parameters - */ - private ConnectionParameter bKUConnectionParameter; - - /** - * parameter for connection to SZR-GW GetIdentityLink - */ - private ConnectionParameter foreignIDConnectionParameter; - - /** - * parameter for connection to OnlineMandates Service - */ - private ConnectionParameter onlineMandatesConnectionParameter; - - /** - * Parameter for trusted BKUs - */ - private List trustedBKUs; - - /** - * Parameter for trusted Template URLs - */ - private List trustedTemplateURLs; - - /** - * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.) - */ - private STORKConfig storkConfig; + private static Properties props; + private static STORKConfig storkconfig; + /** * Return the single instance of configuration data. * @@ -260,38 +204,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * read/built. */ private void load(String fileName) throws ConfigurationException { - InputStream stream = null; - Element configElem; - ConfigurationBuilder builder; - - try { - // load the main config file - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseXmlValidating(stream); - } catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - } - } - try { - + + try { //Initial Hibernate Framework Logger.trace("Initializing Hibernate framework."); //Load MOAID-2.0 properties file - String propertiesFileLocation = System.getProperty("moa.id.config"); - MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName"); - File propertiesFile = new File(propertiesFileLocation); + File propertiesFile = new File(fileName); FileInputStream fis; - Properties props = new Properties(); + props = new Properties(); - //TODO: determine from new config file path // determine the directory of the root config file rootConfigFileDir = new File(fileName).getParent(); @@ -306,7 +228,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { fis = new FileInputStream(propertiesFile); props.load(fis); - + //TODO: maybe some general hibnerate config!!! // read MOAID Session Hibernate properties Properties moaSessionProp = new Properties(); for (Object key : props.keySet()) { @@ -331,7 +253,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { synchronized (AuthConfigurationProvider.class) { //Initial config Database - ConfigurationUtil.initHibernate(configProp); + ConfigurationDBUtils.initHibernate(configProp); //initial MOAID Session Database Configuration config = new Configuration(); @@ -340,7 +262,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); config.addProperties(moaSessionProp); - MOASessionUtil.initHibernate(config, moaSessionProp); + MOASessionDBUtils.initHibernate(config, moaSessionProp); } Logger.trace("Hibernate initialization finished."); @@ -360,113 +282,141 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.info("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); + + + String legacyconfig = props.getProperty("configuration.xml.legacy"); + String xmlconfig = props.getProperty("configuration.xml"); + + //check if XML config should be used + if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + } + + //load legacy config if it is configured + if (MiscUtil.isNotEmpty(legacyconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); + MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(legacyconfig, rootConfigFileDir); + ConfigurationDBUtils.save(moaconfig); + Logger.info("Legacy Configuration load is completed."); + + //TODO: only for Testing!!! + if (MiscUtil.isNotEmpty(xmlconfig)) { + Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Marshaller m = jc.createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + File test = new File(xmlconfig); + m.marshal(moaconfig, test); + + } + } - //TODO: load from Legacy if legacy.xml.configuration != null -// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(fileName, rootConfigFileDir); -// ConfigurationUtil.save(moaconfig); + //load legacy config if it is configured + if (MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); - //TODO: Save MOAID 2.0 config to XML -// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); -// Marshaller m = jc.createMarshaller(); -// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); -// File test = new File("D:/moa2.0_config.xml"); -// m.marshal(moaconfig, test); + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Unmarshaller m = jc.createUnmarshaller(); + File file = new File(xmlconfig); + MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); + //ConfigurationDBUtils.save(moaconfig); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } catch (Exception e) { + Log.err("MOA-ID XML configuration can not be loaded from File."); + throw new ConfigurationException("config.02", null); + } + Logger.info("XML Configuration load is completed."); + } + Logger.info("Read MOA-ID 2.0 configuration from database."); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + Logger.info("MOA-ID 2.0 is loaded."); -// // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - bKUSelectable = (bKUConnectionParameter!=null); - bKUSelectionType = builder.buildAuthBKUSelectionType(); - genericConfiguration = builder.buildGenericConfiguration(); - transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); - moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - defaultVerifyInfoboxParameters = null; - Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); - if (defaultVerifyInfoboxParamtersElem != null) { - defaultVerifyInfoboxParameters = - builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); - } - - - foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); - onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); - onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); - identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - trustedBKUs = builder.getTrustedBKUs(); - trustedTemplateURLs = builder.getTrustedTemplateURLs(); - storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); + + //build STORK Config + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + ForeignIdentities foreign = authgeneral.getForeignIdentities(); + if (foreign == null ) { + Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); + throw new ConfigurationException("config.02", null); + } + storkconfig = new STORKConfig(foreign.getSTORK(), props); + + + //load Chaining modes + ChainingModes cm = moaidconfig.getChainingModes(); + if (cm != null) { + defaultChainingMode = cm.getSystemDefaultMode().value(); + + List tas = cm.getTrustAnchor(); + + chainingModes = new HashMap(); + for (TrustAnchor ta : tas) { + IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); + chainingModes.put(is, ta.getMode().value()); + } + } else { + Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); + throw new ConfigurationException("config.02", null); + } + //set Trusted CA certs directory + trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); + + //set CertStoreDirectory + setCertStoreDirectory(); + + //set TrustManagerRevocationChecking + setTrustManagerRevocationChecking(); + + } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } } - /** - * Loads the transformsInfos from files. - * @throws Exception on any exception thrown - */ -// private void loadTransformsInfos() throws Exception { -// -// transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// } - -// /** -// * Loads the transformsInfos from files. -// * @throws Exception on any exception thrown -// */ -// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { -// -// String[] transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// return transformsInfos; -// } - - - /** - * Return a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - //TODO: only for testing -// public String[] getTransformsInfoFileNames() { -// return transformsInfoFileNames; -// } + public TimeOuts getTimeOuts() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + return auth.getGeneralConfiguration().getTimeOuts(); + else { + Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined."); + throw new ConfigurationException("config.02", null); + } + } - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for theauthentication component of the online - * application - */ - public OAAuthParameter[] getOnlineApplicationParameters() { - return onlineApplicationAuthParameters; + public String getAlternativeSourceID() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + return auth.getGeneralConfiguration().getAlternativeSourceID(); + else { + Logger.warn("Error in MOA-ID Configuration. No AlternativeSourceID defined."); + throw new ConfigurationException("config.02", null); + } } + + public List getLegacyAllowedProtocols() { + try { + AuthComponentGeneral auth = getAuthComponentGeneral(); + Protocols procols = auth.getProtocols(); + LegacyAllowed legacy = procols.getLegacyAllowed(); + return legacy.getProtocolName(); + + } catch (Exception e) { + Logger.info("No protocols found with legacy allowed flag!"); + return new ArrayList(); + } + + } + /** * Provides configuration information regarding the online application behind @@ -478,15 +428,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ public OAAuthParameter getOnlineApplicationParameter(String oaURL) { -// return ConfigurationDBUtils.getOnlineApplication(oaURL); + OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaURL); - OAAuthParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAAuthParameter oaParam = oaParams[i]; - if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) - return oaParam; - } - return null; + if (oa == null) { + Logger.warn("Online application with identifier " + oaURL + " is not found."); + return null; + } + + return new OAAuthParameter(oa); } @@ -495,9 +444,19 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * profile id within the moa-sp part of the authentication component * * @return String with a url-reference to the VerifyAuthBlock trust profile ID + * @throws ConfigurationException */ - public String getMoaSpAuthBlockTrustProfileID() { - return moaSpAuthBlockTrustProfileID; + public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(auth); + VerifyAuthBlock verifyidl = moasp.getVerifyAuthBlock(); + + if (verifyidl != null) + return verifyidl.getTrustProfileID(); + + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); + throw new ConfigurationException("config.02", null); + } /** @@ -505,119 +464,207 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs + * @throws ConfigurationException */ - public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { - return moaSpAuthBlockVerifyTransformsInfoIDs; + public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + + AuthComponentGeneral auth = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(auth); + VerifyAuthBlock verifyidl = moasp.getVerifyAuthBlock(); + + if (verifyidl != null) + return verifyidl.getVerifyTransformsInfoProfileID(); + + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); + throw new ConfigurationException("config.02", null); } /** * Return a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element + * @throws ConfigurationException */ - public ConnectionParameter getMoaSpConnectionParameter() { - return moaSpConnectionParameter; + public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(authgeneral); + + if (moasp.getConnectionParameter() != null) + return new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); + else + return null; } /** * Return a ConnectionParameter bean containing all information * of the authentication component foreigid element * @return ConnectionParameter of the authentication component foreignid element + * @throws ConfigurationException */ - public ConnectionParameter getForeignIDConnectionParameter() { - return foreignIDConnectionParameter; + public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + ForeignIdentities foreign = authgeneral.getForeignIdentities(); + + if (foreign != null) { + return new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); + } + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); + throw new ConfigurationException("config.02", null); } /** * Return a ConnectionParameter bean containing all information * of the authentication component OnlineMandates element * @return ConnectionParameter of the authentication component OnlineMandates element + * @throws ConfigurationException */ - public ConnectionParameter getOnlineMandatesConnectionParameter() { - return onlineMandatesConnectionParameter; + public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + OnlineMandates ovs = authgeneral.getOnlineMandates(); + + if (ovs != null) { + return new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); + } + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); + throw new ConfigurationException("config.02", null); } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID + * @throws ConfigurationException */ - public String getMoaSpIdentityLinkTrustProfileID() { - return moaSpIdentityLinkTrustProfileID; + public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(auth); + VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); + + if (verifyidl != null) + return verifyidl.getTrustProfileID(); + + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); + throw new ConfigurationException("config.02", null); } + /** * Returns the transformsInfos. * @return String[] + * @throws ConfigurationException */ - public String[] getTransformsInfos() { - return transformsInfos; + public List getTransformsInfos() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + + SecurityLayer seclayer = authgeneral.getSecurityLayer(); + if (seclayer == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); + throw new ConfigurationException("config.02", null); + } + + return ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); } /** * Returns the identityLinkX509SubjectNames. * @return List + * @throws ConfigurationException */ - public List getIdentityLinkX509SubjectNames() { - return identityLinkX509SubjectNames; + public List getIdentityLinkX509SubjectNames() throws ConfigurationException { + + AuthComponentGeneral auth = getAuthComponentGeneral(); + IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); + + if (idlsigners != null) { + return idlsigners.getX509SubjectName(); + + } + + Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found."); + return new ArrayList(); } - /** - * Returns the trustBKUs. - * @return List - */ - public List getTrustedBKUs() { - return this.trustedBKUs; - } - - /** - * Returns the trustedTemplateURLs. - * @return List - */ - public List getTrustedTemplateURLs() { - return this.trustedTemplateURLs; - } - - /** - * Returns the bKUConnectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getBKUConnectionParameter() { - return bKUConnectionParameter; - } - - /** - * Returns the bKUSelectable. - * @return boolean - */ - public boolean isBKUSelectable() { - return bKUSelectable; - } - - /** - * Returns the bKUSelectionType. - * @return String - */ - public String getBKUSelectionType() { - return bKUSelectionType; + public List getSLRequestTemplates() throws ConfigurationException { + SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); + List list = new ArrayList(); + + if (templ == null) { + Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); + throw new ConfigurationException("config.02", null); + } + list.add(templ.getOnlineBKU()); + list.add(templ.getHandyBKU()); + list.add(templ.getLocalBKU()); + return list; } - - /** - * Returns the defaultVerifyInfoboxParameters. - * - * @return The defaultVerifyInfoboxParameters. - */ - public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() { - return defaultVerifyInfoboxParameters; + + public String getSLRequestTemplates(String type) throws ConfigurationException { + SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); + if (templ != null) { + if (type.equals(OAAuthParameter.ONLINEBKU)) + return templ.getOnlineBKU(); + else if (type.equals(OAAuthParameter.HANDYBKU)) + return templ.getHandyBKU(); + else if (type.equals(OAAuthParameter.LOCALBKU)) + return templ.getLocalBKU(); + + } + Logger.warn("getSLRequestTemplates: BKU Type does not match: " + + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + return null; } - + /** * Retruns the STORK Configuration * @return STORK Configuration + * @throws ConfigurationException */ - public STORKConfig getStorkConfig() { - return storkConfig; + public STORKConfig getStorkConfig() throws ConfigurationException { + + return storkconfig; } + + private void setCertStoreDirectory() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + + private void setTrustManagerRevocationChecking() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + if (auth.getGeneralConfiguration() != null) + trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { + AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); + if (authgeneral == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); + throw new ConfigurationException("config.02", null); + } + return authgeneral; + } + private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { + MOASP moasp = authgeneral.getMOASP(); + + if (moasp == null) { + Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); + throw new ConfigurationException("config.02", null); + } + return moasp; + } } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 7c174de77..32c609e81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -25,10 +25,21 @@ package at.gv.egovernment.moa.id.config.auth; import java.util.ArrayList; +import java.util.List; -import org.opensaml.saml2.metadata.RequestedAttribute; - +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; @@ -47,88 +58,20 @@ import eu.stork.vidp.messages.stork.RequestedAttributes; * @author Harald Bratko */ public class OAAuthParameter extends OAParameter { - /** - * Sercurity Layer version - */ - private String slVersion; - /** - * true, if the Security Layer version is version 1.2, otherwise false - */ - private boolean slVersion12; - /** - * identityLinkDomainIdentifier - * (e.g urn:publicid:gv.at+wbpk+FN468i for a "Firmenbuchnummer") - *
- * only used within a business application context for providing it to the - * security layer as input for wbPK computation - */ - private String identityLinkDomainIdentifier; - /** - * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) - */ - private String keyBoxIdentifier; - /** - * transformations for rendering in the secure viewer of the security layer - * implementation; multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - /** - * determines whether "Stammzahl" is to be included in the authentication data - */ - private boolean provideStammzahl; - /** - * determines whether AUTH block is to be included in the authentication data - */ - private boolean provideAuthBlock; - /** - * determines whether identity link is to be included in the authentication data - */ - private boolean provideIdentityLink; - /** - * determines whether the certificate is to be included in the authentication data - */ - private boolean provideCertificate; - /** - * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data - */ - private boolean provideFullMandatorData; - - /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ - private boolean useUTC; - - /** determines wheter a saml:Condition is added to the SAML assertion or not */ - private boolean useCondition; - - /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ - private int conditionLength; - /** - * url to a template for web page "Auswahl der Bürgerkartenumgebung" - */ - private String bkuSelectionTemplateURL; - /** - * template for web page "Anmeldung mit Bürgerkarte" - */ - private String templateURL; - /** - * template for web page "Signatur der Anmeldedaten" - */ - private String inputProcessorSignTemplateURL; - /** - * Parameters for verifying infoboxes. - */ - private VerifyInfoboxParameters verifyInfoboxParameters; - - /** - * Parameter for Mandate profiles - */ - private String mandateProfiles; - - /** - * - * Type for authentication number (e.g. Firmenbuchnummer) - */ - private String identityLinkDomainIdentifierType; + public static final String ONLINEBKU = "online"; + public static final String HANDYBKU = "handy"; + public static final String LOCALBKU = "local"; + + private AuthComponentOA oa_auth; + + public OAAuthParameter(OnlineApplication oa) { + super(oa); + + this.oa_auth = oa.getAuthComponentOA(); + + this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); +} /** * STORK QAA Level, Default = 4 @@ -144,359 +87,205 @@ public class OAAuthParameter extends OAParameter { STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); - - -/** - * Returns true if the Security Layer version is version 1.2, - * otherwise false. - * @return true if the Security Layer version is version 1.2, - * otherwise false - */ - public boolean getSlVersion12() { - return slVersion12; - } - - /** - * Returns the security layer version. - * @return the security layer version. - */ - public String getSlVersion() { - return slVersion; - } - - /** - * Returns the identityLinkDomainIdentifier. - * @return the identityLinkDomainIdentifier. - */ - public String getIdentityLinkDomainIdentifier() { - return identityLinkDomainIdentifier; - } - - /** - * Returns the transformsInfos. - * @return the transformsInfos. - */ - public String[] getTransformsInfos() { - return transformsInfos; - } - - /** - * Returns the provideAuthBlock. - * @return String - */ - public boolean getProvideAuthBlock() { - return provideAuthBlock; - } - - /** - * Returns the provideIdentityLink. - * @return String - */ - public boolean getProvideIdentityLink() { - return provideIdentityLink; - } - /** - * Returns the provideStammzahl. - * @return String - */ - public boolean getProvideStammzahl() { - return provideStammzahl; - } - - /** - * Returns true if the certificate should be provided within the - * authentication data, otherwise false. - * @return true if the certificate should be provided, - * otherwise false - */ - public boolean getProvideCertifcate() { - return provideCertificate; - } - - /** - * Returns true if the full mandator data should be provided within the - * authentication data, otherwise false. - * @return true if the full mandator data should be provided, - * otherwise false - */ - public boolean getProvideFullMandatorData() { - return provideFullMandatorData; - } - - /** - * Returns true if the IssueInstant should be given in UTC, otherwise false. - * @return true if the IssueInstant should be given in UTC, otherwise false. - */ - public boolean getUseUTC() { - return useUTC; - } - - /** - * Returns true if the SAML assertion should contain a saml:Condition, otherwise false. - * @return true if the SAML assertion should contain a saml:Condition, otherwise false. - */ - public boolean getUseCondition() { - return useCondition; - } - - /** - * Returns the validity time of the SAML assertion (if useCondition is true) in seconds - * @return the validity time of the SAML assertion (if useCondition is true) in seconds - */ - public int getConditionLength() { - return conditionLength; - } + private String keyBoxIdentifier; - /** - * Returns the key box identifier. - * @return String - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - /** - * Returns the BkuSelectionTemplate url. - * @return The BkuSelectionTemplate url or null if no url for - * a BkuSelectionTemplate is set. - */ - public String getBkuSelectionTemplateURL() { - return bkuSelectionTemplateURL; - } - - /** - * Returns the TemplateURL url. - * @return The TemplateURL url or null if no url for - * a Template is set. - */ - public String getTemplateURL() { - return templateURL; - } - - - /** - * Returns the inputProcessorSignTemplateURL url. - * @return The inputProcessorSignTemplateURL url or null if no url for - * a input processor sign template is set. - */ - public String getInputProcessorSignTemplateURL() { - return inputProcessorSignTemplateURL; - } - - /** - * Returns the parameters for verifying additional infoboxes. - * - * @return The parameters for verifying additional infoboxes. - * Maybe null. - */ - public VerifyInfoboxParameters getVerifyInfoboxParameters() { - return verifyInfoboxParameters; - } - - /** - * Sets the security layer version. - * Also sets slVersion12 ({@link #getSlVersion12()}) - * to true if the Security Layer version is 1.2. - * @param slVersion The security layer version to be used. - */ - public void setSlVersion(String slVersion) { - this.slVersion = slVersion; - if ("1.2".equals(slVersion)) { - this.slVersion12 = true; - } - } - /** - * Sets the IdentityLinkDomainIdentifier. - * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. - */ - public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { - this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; - } - /** - * Sets the transformsInfos. - * @param transformsInfos The transformsInfos to be used. - */ - public void setTransformsInfos(String[] transformsInfos) { - this.transformsInfos = transformsInfos; - } - + * @return the slVersion + */ +public String getSlVersion() { + return oa_auth.getSlVersion(); +} /** - * Sets the provideAuthBlock. - * @param provideAuthBlock The provideAuthBlock to set - */ - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } + * @return the slVersion12 + */ +public boolean isSlVersion12() { + if ("1.2".equals(oa_auth.getSlVersion())) + return true; + else + return false; + } - /** - * Sets the provideIdentityLink. - * @param provideIdentityLink The provideIdentityLink to set - */ - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } +public boolean getUseUTC() { + return oa_auth.isUseUTC(); +} - /** - * Sets the provideStammzahl. - * @param provideStammzahl The provideStammzahl to set - */ - public void setProvideStammzahl(boolean provideStammzahl) { - this.provideStammzahl = provideStammzahl; - } - - /** - * Sets the provideCertificate variable. - * @param provideCertificate The provideCertificate value to set - */ - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - - /** - * Sets the provideFullMandatorData variable. - * @param provideFullMandatorData The provideFullMandatorData value to set - */ - public void setProvideFullMandatorData(boolean provideFullMandatorData) { - this.provideFullMandatorData = provideFullMandatorData; - } - - /** - * Sets the useUTC variable. - * @param useUTC The useUTC value to set - */ - public void setUseUTC(boolean useUTC) { - this.useUTC = useUTC; - } - - /** - * Sets the useCondition variable - * @param useCondition The useCondition value to set - */ - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - - /** - * Sets the conditionLength variable - * @param conditionLength the conditionLength value to set - */ - public void setConditionLength(int conditionLength) { - this.conditionLength = conditionLength; - } - +public boolean useIFrame() { + return oa_auth.isUseIFrame(); +} - /** - * Sets the key box identifier. - * @param keyBoxIdentifier to set - */ - public void setKeyBoxIdentier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - /** - * Sets the BkuSelectionTemplate url. - * @param bkuSelectionTemplateURL The url string specifying the location - * of a BkuSelectionTemplate. - */ - public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { - this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; - } - - /** - * Sets the Template url. - * @param templateURL The url string specifying the location - * of a Template. - */ - public void setTemplateURL(String templateURL) { - this.templateURL = templateURL; - } - - /** - * Sets the input processor sign form template url. - * - * @param inputProcessorSignTemplateURL The url string specifying the - * location of the input processor sign form - */ - public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { - this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; - } +/** + * @return the identityLinkDomainIdentifier + */ +public String getIdentityLinkDomainIdentifier() { + + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getValue(); + + return null; +} - /** - * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. - * - * @param verifyInfoboxParameters The verifyInfoboxParameters to set. - */ - public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { - this.verifyInfoboxParameters = verifyInfoboxParameters; - } - - /** - * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - */ - public String getIdentityLinkDomainIdentifierType() { - return identityLinkDomainIdentifierType; - } +/** + * @return the keyBoxIdentifier + */ +public String getKeyBoxIdentifier() { + + return keyBoxIdentifier; +} - /** - * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) - */ - public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { - this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; - } - - /** - * Sets the Mandate/Profiles - * @param profiles - */ - public void setMandateProfiles(String profiles) { - this.mandateProfiles = profiles; - } - - /** - * Returns the Mandates/Profiles - * @return - */ - public String getMandateProfiles() { - return this.mandateProfiles; - } +/** + * @return the transformsInfos + */ +public List getTransformsInfos() { + + List transformations = oa_auth.getTransformsInfo(); + return ConfigurationUtils.getTransformInfos(transformations); +} - /** - * Returns the defined STORK QAALevel - * @return STORK QAALevel - */ - public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; + public OASAML1 getSAML1Parameter() { + return oa_auth.getOASAML1(); } + public OAPVP2 getPVP2Parameter() { + return oa_auth.getOAPVP2(); + } + +///** +// * @return the bkuSelectionTemplateURL +// */ +//public String getBkuSelectionTemplateURL() { +// return bkuSelectionTemplateURL; +//} + /** - * Sets the STORK QAALevel - * @param qaaLevel + * @return the templateURL */ - public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { - this.qaaLevel = qaaLevel; + public String getTemplateURL() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + if (templates.getTemplate() != null) + return templates.getTemplate().getURL(); + } + return null; } - /** - * Returns the desired STORK Requested Attributes - * @return STORK Requested Attributes - */ - public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; + public String getAditionalAuthBlockText() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + return templates.getAditionalAuthBlockText(); + } + return null; } - /** - * Sets the desired STORK Requested Attributes - * @param requestedAttributes - */ - public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - this.requestedAttributes = requestedAttributes; + public String getBKUURL(String bkutype) { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + if (bkuurls != null) { + if (bkutype.equals(ONLINEBKU)) + return bkuurls.getOnlineBKU(); + else if (bkutype.equals(HANDYBKU)) + return bkuurls.getHandyBKU(); + else if (bkutype.equals(LOCALBKU)) + return bkuurls.getLocalBKU(); + + } + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + return null; + } + + public List getBKUURL() { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + + List list = new ArrayList(); + + if (bkuurls == null) { + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + } else { + list.add(bkuurls.getOnlineBKU()); + list.add(bkuurls.getHandyBKU()); + list.add(bkuurls.getLocalBKU()); + } + return list; } + + + public boolean useSSO() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.isUseSSO(); + else + return false; + } + + public String getSingleLogOutURL() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.getSingleLogOutURL(); + else + return null; + } + +///** +// * @return the inputProcessorSignTemplateURL +// */ +//public String getInputProcessorSignTemplateURL() { +// return inputProcessorSignTemplateURL; +//} + +///** +// * @return the verifyInfoboxParameters +// */ +//public VerifyInfoboxParameters getVerifyInfoboxParameters() { +// return verifyInfoboxParameters; +//} + +/** + * @return the mandateProfiles + */ +public String getMandateProfiles() { + + Mandates mandates = oa_auth.getMandates(); + + if (mandates != null) + return mandates.getProfiles(); + else + return null; +} + +/** + * @return the identityLinkDomainIdentifierType + */ +public String getIdentityLinkDomainIdentifierType() { + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getType(); + + return null; +} + +/** + * @return the qaaLevel + */ +public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; +} + +/** + * @return the requestedAttributes + */ +public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; +} + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 62f85fa3c..1536b907b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -18,6 +18,9 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.XMLObject; import org.w3c.dom.Element; +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; @@ -62,18 +65,14 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; + import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; public class BuildFromLegacyConfig { @@ -200,8 +199,9 @@ public class BuildFromLegacyConfig { for (String transformInfo : transformsInfos) { TransformsInfoType transforminfotype = new TransformsInfoType(); transforminfotype.setFilename(""); + //TODO: Transformation is stored in BASE64 - transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes()).getBytes()); + transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes("UTF-8")).getBytes("UTF-8")); auth_transformInfos.add(transforminfotype); } SecurityLayer auth_securityLayer = new SecurityLayer(); @@ -271,31 +271,22 @@ public class BuildFromLegacyConfig { auth_foreign.setSTORK(auth_foreign_stork); //set CPEPS - Map map = storkConfig.getCpepsMap(); + Map map = storkConfig.getCpepsMap(); Set map_keys = map.keySet(); - List auth_foreign_stork_cpeps = new ArrayList(); + List auth_foreign_stork_cpeps = new ArrayList(); for (String key : map_keys) { CPEPS cpep = new CPEPS(); cpep.setCountryCode(map.get(key).getCountryCode()); cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!! - List cpep_reqs = new ArrayList(); + List cpep_reqs = new ArrayList(); + List map1 = map.get(key).getCountrySpecificRequestedAttributes(); for (RequestedAttribute e1 : map1) { - RequestedAttributeType cpep_req = new RequestedAttributeType(); - cpep_req.setIsRequired(e1.isRequired()); - cpep_req.setFriendlyName(e1.getFriendlyName()); - cpep_req.setNameFormat(e1.getNameFormat()); - cpep_req.setName(e1.getName()); - - List e2s = e1.getAttributeValues(); - List cpep_req_attr = new ArrayList(); - for (XMLObject e2 : e2s) { - cpep_req_attr.add(e2); - } - cpep_req.setAttributeValue(cpep_req_attr); + Element element = SAMLUtil.marshallMessage(e1); + cpep_reqs.add(XMLUtil.printXML(element)); } - cpep.setRequestedAttribute(cpep_reqs); + cpep.setAttributeValue(cpep_reqs); auth_foreign_stork_cpeps.add(cpep); } auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); @@ -358,6 +349,7 @@ public class BuildFromLegacyConfig { //SLLayer Version / useIframe oa_auth.setSlVersion(oa.getSlVersion()); oa_auth.setUseIFrame(false); + oa_auth.setUseUTC(oa.getUseUTC()); //BKUURLs @@ -417,7 +409,6 @@ public class BuildFromLegacyConfig { oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink()); oa_saml1.setProvideStammzahl(oa.getProvideStammzahl()); oa_saml1.setUseCondition(oa.getUseCondition()); - oa_saml1.setUseUTC(oa.getUseUTC()); //OA_PVP2 OAPVP2 oa_pvp2 = new OAPVP2(); @@ -494,11 +485,13 @@ public class BuildFromLegacyConfig { ConnectionParameter old) { ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType(); auth_moaSP_connection.setURL(old.getUrl()); - auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); - ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); - auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); - auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); - auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); + + //TODO: remove from Database config!!!!! +// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); +// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); +// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); +// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); +// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); return auth_moaSP_connection; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java new file mode 100644 index 000000000..c191d7b2b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java @@ -0,0 +1,98 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +/** + * Encpasulates C-PEPS information according MOA configuration + * + * @author bzwattendorfer + * + */ +public class CPEPS { + + /** Country Code of C-PEPS */ + private String countryCode; + + /** URL of C-PEPS */ + private URL pepsURL; + + /** Specific attributes to be requested for this C-PEPS */ + private List countrySpecificRequestedAttributes = new ArrayList(); + + /** + * Constructs a C-PEPS + * @param countryCode ISO Country Code of C-PEPS + * @param pepsURL URL of C-PEPS + */ + public CPEPS(String countryCode, URL pepsURL) { + super(); + this.countryCode = countryCode; + this.pepsURL = pepsURL; + } + + /** + * Gets the country code of this C-PEPS + * @return ISO country code + */ + public String getCountryCode() { + return countryCode; + } + + /** + * Sets the country code of this C-PEPS + * @param countryCode ISO country code + */ + public void setCountryCode(String countryCode) { + this.countryCode = countryCode; + } + + /** + * Gets the URL of this C-PEPS + * @return C-PEPS URL + */ + public URL getPepsURL() { + return pepsURL; + } + + /** + * Sets the C-PEPS URL + * @param pepsURL C-PEPS URL + */ + public void setPepsURL(URL pepsURL) { + this.pepsURL = pepsURL; + } + + /** + * Gets the country specific attributes of this C-PEPS + * @return List of country specific attributes + */ + public List getCountrySpecificRequestedAttributes() { + return countrySpecificRequestedAttributes; + } + + /** + * Sets the country specific attributes + * @param countrySpecificRequestedAttributes List of country specific requested attributes + */ + public void setCountrySpecificRequestedAttributes( + List countrySpecificRequestedAttributes) { + this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes; + } + + /** + * Adds a Requested attribute to the country specific attribute List + * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add + */ + public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) { + this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java new file mode 100644 index 000000000..c2898f314 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -0,0 +1,1396 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import iaik.pki.pathvalidation.ChainingModes; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import java.math.BigInteger; +import java.net.MalformedURLException; +import java.net.URL; +import java.security.Principal; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Vector; + +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.id.auth.data.SchemaImpl; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.legacy.CPEPS; +import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter; +import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathException; +import at.gv.egovernment.moa.util.XPathUtils; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; +import eu.stork.vidp.messages.util.SAMLUtil; + +/** + * A class that builds configuration data from a DOM based representation. + * + * @author Patrick Peck + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConfigurationBuilder { + + // + // XPath namespace prefix shortcuts + // + /** an XPATH-Expression */ + protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; + /** an XPATH-Expression */ + protected static final String DSIG = Constants.DSIG_PREFIX + ":"; + + /** an XPATH-Expression */ + protected static final String STORK = Constants.STORK_PREFIX + ":"; + + /** an XPATH-Expression */ + protected static final String STORKP= Constants.STORKP_PREFIX + ":"; + + // + // chaining mode constants appearing in the configuration file + // + /** an XPATH-Expression */ + protected static final String CM_CHAINING = "chaining"; + /** an XPATH-Expression */ + protected static final String CM_PKIX = "pkix"; + /** an XPATH-Expression */ + protected static final String DEFAULT_ENCODING = "UTF-8"; + + // + // XPath expressions to select certain parts of the configuration + // + /** an XPATH-Expression */ + protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; + + /** an XPATH-Expression */ + protected static final String AUTH_BKU_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; + /** an XPATH-Expression */ + protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String AUTH_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; + + + //protected static final String AUTH_MANDATE_TEMPLATE_XPATH = +// ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "MandateTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; + /** an XPATH-Expression */ + public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; + + /** an XPATH-Expression */ + protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; + + /** an XPATH-Expression */ + public static final String AUTH_VERIFY_INFOBOXES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes"; + + /** an XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities"; + + /** an XPATH-Expression */ + public static final String AUTH_ONLINEMANDATES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates"; + + + + /** an XPATH-Expression */ + protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; + /** an XPATH-Expression */ + protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH = + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH = + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; + //protected static final String OA_AUTH_COMPONENT_MANDATE_TEMPLATE_XPATH = + //CONF + "Templates/" + CONF + "MandateTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_URL_XPATH = + CONF + "ConnectionParameter/@URL"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = + CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = + CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = + CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; + /** an XPATH-Expression */ + protected static final String GENERIC_CONFIGURATION_XPATH = + ROOT + CONF + "GenericConfiguration"; + + /** an XPATH-Expression */ + protected static final String TRUSTED_BKUS = + ROOT + CONF + "TrustedBKUs/" + CONF + "BKUURL"; + + protected static final String TRUSTED_TEMPLATEURLS = + ROOT + CONF + "TrustedTemplateURLs/" + CONF + "TemplateURL"; + + + /** an XPATH-Expression */ + protected static final String CHAINING_MODES_XPATH = + ROOT + CONF + "ChainingModes"; + /** an XPATH-Expression */ + protected static final String CHAINING_MODES_DEFAULT_XPATH = + CHAINING_MODES_XPATH + "/@systemDefaultMode"; + /** an XPATH-Expression */ + protected static final String TRUST_ANCHOR_XPATH = + ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; + /** an XPATH-Expression */ + protected static final String ISSUER_XPATH = DSIG + "X509IssuerName"; + /** an XPATH-Expression */ + protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; + /** an XPATH-Expression */ + protected static final String TRUSTED_CA_CERTIFICATES_XPATH = + ROOT + CONF + "TrustedCACertificates"; + + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile"; + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; + + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "C-PEPS"; + + /** STORK Config AttributeName */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE = "countryCode"; + + /** STORK Config AttributeName */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL = "URL"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + + CONF + "SignatureCreationParameter" ; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES = + STORK + "RequestedAttribute"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + + CONF + "SignatureVerificationParameter"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE = + CONF + "KeyStore"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME = + CONF + "KeyName"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD = + CONF + "KeyStore/@password"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD = + CONF + "KeyName/@password"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID = + CONF + "TrustProfileID"; + + /** STORK Config XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_STORK_QAA = + CONF + "STORK/" + STORK + "QualityAuthenticationAssuranceLevel"; + + /** STORK Config XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE = + CONF + "STORK/" + STORKP + "RequestedAttributes/" + STORK + "RequestedAttribute"; + + /** + * main configuration file directory name used to configure MOA-ID + */ + protected String rootConfigFileDir_; + + /** The root element of the MOA-ID configuration */ + protected Element configElem_; + + /** + * Creates a new MOAConfigurationProvider. + * + * @param configElem The root element of the MOA-ID configuration. + */ + public ConfigurationBuilder(Element configElem, String rootConfigDir) { + configElem_ = configElem; + rootConfigFileDir_ = rootConfigDir; + } + + /** + * Returns the root element of the MOA-ID configuration. + * + * @return The root element of the MOA-ID configuration. + */ + public Element getConfigElem() { + return configElem_; + } + + /** + * Build a ConnectionParameter object containing all information + * of the moa-sp element in the authentication component + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter buildAuthBKUConnectionParameter() { + + Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); + if (authBKU==null) return null; + return buildConnectionParameter(authBKU); + } + + /** + * Build a ConnectionParameter containing all information + * of the foreignid element in the authentication component + * @return ConnectionParameter of the authentication component foreignid element + */ + public ConnectionParameter buildForeignIDConnectionParameter() { + Element foreignid = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_XPATH); + if (foreignid==null) return null; + return buildConnectionParameter(foreignid); + + } + + /** + * Build a ConnectionParameter containing all information + * of the OnlineMandates element in the authentication component + * @return ConnectionParameter of the authentication component OnlineMandates element + */ + public ConnectionParameter buildOnlineMandatesConnectionParameter() { + Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH); + if (onlinemandates==null) return null; + return buildConnectionParameter(onlinemandates); + + } + + /** + * Method buildAuthBKUSelectionType. + * + * Build a string with the configuration value of BKUSelectionAlternative + * + * @return String + */ + public String buildAuthBKUSelectionType() { + + Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); + if (authBKU==null) return null; + return (authBKU).getAttribute("BKUSelectionAlternative"); + } + + /** + * Build a string array with all filenames leading + * to the Transforms Information for the Security Layer + * @param contextNode The node from which should be searched + * @param xpathExpr The XPATH expression for the search + * @return String[] of filenames to the Security Layer Transforms Information + * or null if no transforms are included + */ + public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) { + + List transformsInfoFileNames = new ArrayList(); + + try { + NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); + + Attr tiElem; + while ((tiElem = (Attr) tiIter.nextNode()) != null) { + String tiFileName = tiElem.getNodeValue(); + transformsInfoFileNames.add(tiFileName); + } + + String[] result = new String[transformsInfoFileNames.size()]; + transformsInfoFileNames.toArray(result); + + return result; + } catch (XPathException xpe) { + return new String[0]; + } + } + + + /** + * Loads the transformsInfos from files. + * @throws Exception on any exception thrown + */ + public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { + + String[] transformsInfos = new String[transformsInfoFileNames.length]; + for (int i = 0; i < transformsInfoFileNames.length; i++) { + String fileURL = transformsInfoFileNames[i]; + + //if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + } + return transformsInfos; + } + + /** + * Build a ConnectionParameter bean containing all information + * of the authentication component moa-sp element + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter buildMoaSpConnectionParameter() { + + Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH); + if (connectionParameter==null) return null; + return buildConnectionParameter(connectionParameter); + } + + /** + * Return a string with a url-reference to the VerifyIdentityLink trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyIdentityLink trust profile ID + */ + public String getMoaSpIdentityLinkTrustProfileID() { + return XPathUtils.getElementValue( + configElem_, + AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, + ""); + } + /** + * Return a string representation of an URL pointing to trusted CA Certificates + * @return String representation of an URL pointing to trusted CA Certificates + */ + public String getTrustedCACertificates() { + return XPathUtils.getElementValue( + configElem_, + TRUSTED_CA_CERTIFICATES_XPATH,null); + } + + /** + * Return a string with a url-reference to the VerifyAuthBlock trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyAuthBlock trust profile ID + */ + public String getMoaSpAuthBlockTrustProfileID() { + return XPathUtils.getElementValue( + configElem_, + AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, + ""); + } + /** + * Build a string array with references to all verify transform info + * IDs within the moa-sp part of the authentication component + * @return A string array containing all urls to the + * verify transform info IDs + */ + public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { + + List verifyTransformsInfoIDs = new ArrayList(); + NodeIterator vtIter = + XPathUtils.selectNodeIterator( + configElem_, + AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); + Element vtElem; + + while ((vtElem = (Element) vtIter.nextNode()) != null) { + + String vtInfoIDs = DOMUtils.getText(vtElem); + verifyTransformsInfoIDs.add(vtInfoIDs); + } + String[] result = new String[verifyTransformsInfoIDs.size()]; + verifyTransformsInfoIDs.toArray(result); + + return result; + } + + public List getTrustedBKUs() { + + List trustedBKUs = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_BKUS); + + Element vtElem; + + while ((vtElem = (Element) bkuIter.nextNode()) != null) { + String bkuURL = DOMUtils.getText(vtElem); + trustedBKUs.add(bkuURL); + } + + return trustedBKUs; + + } + +public List getTrustedTemplateURLs() { + + List trustedTemplateURLs = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_TEMPLATEURLS); + + Element vtElem; + + while ((vtElem = (Element) bkuIter.nextNode()) != null) { + String bkuURL = DOMUtils.getText(vtElem); + trustedTemplateURLs.add(bkuURL); + } + + return trustedTemplateURLs; + + } + + /** + * Returns a list containing all X509 Subject Names + * of the Identity Link Signers + * @return a list containing the configured identity-link signer X509 subject names + */ + public List getIdentityLink_X509SubjectNames() { + + Vector x509SubjectNameList = new Vector(); + NodeIterator x509Iter = + XPathUtils.selectNodeIterator( + configElem_, + AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); + Element x509Elem; + + while ((x509Elem = (Element) x509Iter.nextNode()) != null) { + String vtInfoIDs = DOMUtils.getText(x509Elem); + x509SubjectNameList.add(vtInfoIDs); + } + + // now add the default identity link signers + String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; + for (int i=0; inull. + * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating + * the identity link signer certificate. Needed for + * checking if this ID is not used for validating other + * infoboxes. + * + * @return An OAProxyParameter array containing beans + * with all relevant information for the authentication component of the online + * application + */ + public OAAuthParameter[] buildOnlineApplicationAuthParameters( + VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID) + throws ConfigurationException + { + + String bkuSelectionTemplateURL = + XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); + String templateURL = + XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + String inputProcessorSignTemplateURL = + XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); + + + List OA_set = new ArrayList(); + NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); + + for (int i = 0; i < OAIter.getLength(); i++) { + Element oAElem = (Element) OAIter.item(i); + Element authComponent = + (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); + + OAAuthParameter oap = new OAAuthParameter(); + String publicURLPrefix = oAElem.getAttribute("publicURLPrefix"); + oap.setPublicURLPrefix(publicURLPrefix); + oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); + oap.setFriendlyName(oAElem.getAttribute("friendlyName")); + String targetConfig = oAElem.getAttribute("target"); + String targetFriendlyNameConfig = oAElem.getAttribute("targetFriendlyName"); + + // get the type of the online application + String oaType = oAElem.getAttribute("type"); + oap.setOaType(oaType); + String slVersion = "1.1"; + if ("businessService".equalsIgnoreCase(oaType)) { + if (authComponent==null) { + Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + Element identificationNumberElem = + (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH); + if (identificationNumberElem==null) { + Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes()); + if (identificationNumberChild == null) { + Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + + if (!StringUtils.isEmpty(targetConfig)) { + Logger.error("Target attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + if (!StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + + + if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { + oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); + //BZ.., setting type of IdLinkDomainIdentifier + oap.setIdentityLinkDomainIdentifierType(identificationNumberChild.getLocalName()); + //..BZ + } else { + // If we have business service and want to dealt with GDA, the security layer can be advised to calulate + // the Health Professional Identifier HPI instead of the wbPK + Logger.info("OA uses HPI for Identification"); + oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI); + } + + // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file + Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2"); + slVersion = "1.2"; + + } else { + + if (StringUtils.isEmpty(targetConfig) && !StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set alone for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + oap.setTarget(targetConfig); + oap.setTargetFriendlyName(targetFriendlyNameConfig); + + if (authComponent!=null) { + slVersion = authComponent.getAttribute("slVersion"); + } + + + } + oap.setSlVersion(slVersion); + //Check if there is an Auth-Block to read from configuration + + if (authComponent!=null) + { + oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); + oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); + oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); + oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); + oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData"))); + oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC"))); + oap.setUseCondition(BoolUtils.valueOf(authComponent.getAttribute("useCondition"))); + oap.setConditionLength(buildConditionLength(authComponent.getAttribute("conditionLength"))); + oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); + oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + +// System.out.println(publicURLPrefix); +// System.out.println("useCondition: " + oap.getUseCondition()); +// System.out.println("conditionLength: " + oap.getConditionLength()); + + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); + // load OA specific transforms if present + String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); + try { + oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames)); + } catch (Exception ex) { + Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms."); + } + Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); + oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( + verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + + Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH); + if (mandateProfilesNode != null) { + if ("businessService".equalsIgnoreCase(oaType)) { + Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed."); + throw new ConfigurationException("config.02", null); + } + else { + String profiles = DOMUtils.getText(mandateProfilesNode); + oap.setMandateProfiles(profiles); + } + } + + //add STORK Configuration specific to OA (RequestedAttributes, QAALevel) + //QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); + //if (qaaLevel != null) { + // oap.setQaaLevel(qaaLevel); + // Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); + //} + + //RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); + // + //if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { + // //we have additional STORK attributes to request for this OA + // Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); + // for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { + // if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { + /// addReqAttr.detach(); + // oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); + // Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); + // } + // } + + //} else { + // //do nothing, only request default attributes + //} + + + } + OA_set.add(oap); + } + OAAuthParameter[] result = + new OAAuthParameter[OA_set.size()]; + OA_set.toArray(result); + + return result; + + } + + /** + * Returns the condition length as int + * @param length the condition length as int + * @return + */ + private int buildConditionLength(String length) { + + if (StringUtils.isEmpty(length)) + return -1; + else + return new Integer(length).intValue(); + } + + /** + * Builds the URL for a BKUSelectionTemplate or a Template. The method selects + * the uri string from the MOA ID configuration file via the given xpath expression + * and returns either this string or the default value. + * + * @param oaAuthComponent The AuthComponent element to get the template from. + * @param xpathExpr The xpath expression for selecting the template uri. + * @param defaultURL The default template url. + * @return The template url. This may either the via xpath selected uri + * or, if no template is specified within the online appliacation, + * the default url. Both may be null. + */ + protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) { + String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL); + if (templateURL != null) { + templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_); + } + return templateURL; + } + + + + + + + /** + * Method buildConnectionParameter: internal Method for creating a + * ConnectionParameter object with all data found in the incoming element + * @param root This Element contains the ConnectionParameter + * @return ConnectionParameter + */ + protected ConnectionParameter buildConnectionParameter(Element root) + { + ConnectionParameter result = new ConnectionParameter(); + result.setAcceptedServerCertificates( + XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); + + result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( + result.getAcceptedServerCertificates(), rootConfigFileDir_)); + + result.setUrl( + XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); + result.setClientKeyStore( + XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); + + result.setClientKeyStore(FileUtils.makeAbsoluteURL( + result.getClientKeyStore(), rootConfigFileDir_)); + + result.setClientKeyStorePassword( + XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); + + if ((result.getAcceptedServerCertificates()==null) + && (result.getUrl()=="") + && (result.getClientKeyStore()==null) + && (result.getClientKeyStorePassword()=="")) + return null; + + return result; + } + + + /** + * Build the mapping of generic configuration properties. + * + * @return a {@link Map} of generic configuration properties (a name to value + * mapping) from the configuration. + */ + public Map buildGenericConfiguration() { + + Map genericConfiguration = new HashMap(); + NodeIterator gcIter = + XPathUtils.selectNodeIterator( + configElem_, + GENERIC_CONFIGURATION_XPATH); + Element gcElem; + + while ((gcElem = (Element) gcIter.nextNode()) != null) { + String gcName = gcElem.getAttribute("name"); + String gcValue = gcElem.getAttribute("value"); + + genericConfiguration.put(gcName, gcValue); + } + + return genericConfiguration; + } + + + /** + * Returns the default chaining mode from the configuration. + * + * @return The default chaining mode. + */ + public String getDefaultChainingMode() { + String defaultChaining = + XPathUtils.getAttributeValue( + configElem_, + CHAINING_MODES_DEFAULT_XPATH, + CM_CHAINING); + + return translateChainingMode(defaultChaining); + + } + /** + * Build the chaining modes for all configured trust anchors. + * + * @return The mapping from trust anchors to chaining modes. + */ + public Map buildChainingModes() { + Map chainingModes = new HashMap(); + NodeIterator trustIter = + XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH); + Element trustAnchorElem; + + while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { + IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); + String mode = trustAnchorElem.getAttribute("mode"); + + if (issuerAndSerial != null) { + chainingModes.put(issuerAndSerial, translateChainingMode(mode)); + } + } + + return chainingModes; + } + + /** + * Build an IssuerAndSerial from the DOM representation. + * + * @param root The root element (being of type dsig: + * X509IssuerSerialType. + * @return The issuer and serial number contained in the root + * element or null if could not be built for any reason. + */ + protected IssuerAndSerial buildIssuerAndSerial(Element root) { + String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); + String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); + + if (issuer != null && serial != null) { + try { + RFC2253NameParser nameParser = new RFC2253NameParser(issuer); + Principal issuerDN = nameParser.parse(); + + return new IssuerAndSerial(issuerDN, new BigInteger(serial)); + } catch (RFC2253NameParserException e) { + warn("config.09", new Object[] { issuer, serial }, e); + return null; + } catch (NumberFormatException e) { + warn("config.09", new Object[] { issuer, serial }, e); + return null; + } + } + return null; + } + + /** + * Translate the chaining mode from the configuration file to one used in the + * IAIK MOA API. + * + * @param chainingMode The chaining mode from the configuration. + * @return The chaining mode as provided by the ChainingModes + * interface. + * @see iaik.pki.pathvalidation.ChainingModes + */ + protected String translateChainingMode(String chainingMode) { + if (chainingMode.equals(CM_CHAINING)) { + return ChainingModes.CHAIN_MODE; + } else if (chainingMode.equals(CM_PKIX)) { + return ChainingModes.PKIX_MODE; + } else { + return ChainingModes.CHAIN_MODE; + } + } + + /** + * Builds the IdentityLinkDomainIdentifier as needed for providing it to the + * SecurityLayer for computation of the wbPK. + *

e.g.:
+ * input element: + *
+ * <pr:Firmenbuchnummer Identifier="FN">000468 i</pr:Firmenbuchnummer> + *

+ * return value: urn:publicid:gv.at+wbpk+FN468i + * + * @param number The element holding the identification number of the business + * company. + * @return The domain identifier + */ + protected String buildIdentityLinkDomainIdentifier(Element number) { + if (number == null) { + return null; + } + String identificationNumber = number.getFirstChild().getNodeValue(); + String identifier = number.getAttribute("Identifier"); + // remove all blanks + identificationNumber = StringUtils.removeBlanks(identificationNumber); + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { + // delete zeros from the beginning of the number + identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); + // remove hyphens + identificationNumber = StringUtils.removeToken(identificationNumber, "-"); + } + StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK); + identityLinkDomainIdentifier.append("+"); + if (!identificationNumber.startsWith(identifier)) { + identityLinkDomainIdentifier.append(identifier); + } + identityLinkDomainIdentifier.append("+"); + identityLinkDomainIdentifier.append(identificationNumber); + return identityLinkDomainIdentifier.toString(); + } + + /** + * Builds the parameters for verifying additional infoboxes (additional to the + * IdentityLink infobox). + * + * @param verifyInfoboxesElem The VerifyInfoboxes element from the + * config file. This maybe the global element or the + * elment from an Online application. + * @param defaultVerifyInfoboxParameters Default parameters to be used, if no + * VerifyInfoboxes element is present. + * This only applies to parameters + * of an specific online application and is set to + * null when building the global parameters. + * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating + * the identity link signer certificate. Needed for + * checking if this ID is not used for validating other + * infoboxes. + * + * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters} + * object needed for verifying additional infoboxes. + * + * @throws ConfigurationException If the trust profile for validating the identity link + * signer certificate is used for validating another infobox. + */ + public VerifyInfoboxParameters buildVerifyInfoboxParameters( + Node verifyInfoboxesElem, + VerifyInfoboxParameters defaultVerifyInfoboxParameters, + String moaSpIdentityLinkTrustProfileID) + throws ConfigurationException + { + + if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) { + return null; + } + Vector identifiers = new Vector(); + List defaultIdentifiers = null; + Map defaultInfoboxParameters = null; + if (defaultVerifyInfoboxParameters != null) { + defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers(); + defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters(); + } + Hashtable infoboxParameters = new Hashtable(); + if (verifyInfoboxesElem != null) { + // get the DefaultTrustProfileID + String defaultTrustProfileID = null; + Node defaultTrustProfileNode = + XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH); + if (defaultTrustProfileNode != null) { + Node trustProfileIDNode = + XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH); + defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); + if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) { + throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID}); + } + } + // get the Infoboxes + NodeList infoboxes = + XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH); + for (int i=0; i buildSTORKcPEPSMap() { + + Logger.debug("Loading STORK C-PEPS information"); + + Map cpepsMap = new HashMap(); + + NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS); + + Element cpepsElement; + CPEPS cpeps; + + while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) { + cpeps = buildSTORKCpeps(cpepsElement); + if (cpeps != null) { + cpepsMap.put(cpeps.getCountryCode(), cpeps); + } + } + + if(!cpepsMap.isEmpty()) { + Logger.info("STORK C-PEPS information loaded"); + } + + return cpepsMap; + + } + + /** + * Builds the required STORK QAALevel for this OA + * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) + * @return STORK QAALevel for this OA + */ + public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) { + Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA); + + if (qaaLevelElement == null) return null; + + try { + QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement); + return qaaLevel; + } catch (MessageEncodingException e) { + Logger.error("Could not build STORK QAALevel, using default."); + return null; + } + + } + + /** + * Builds the Requested Attributes specific for an OA + * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) + * @return STORK RequestedAttributes for this OA + */ + public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) { + List reqAttributeList = new ArrayList(); + + + Element reqAttributeElement; + NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE); + + while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { + RequestedAttribute requestedAttribute; + try { + requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); + } catch (MessageEncodingException e) { + Logger.error("Provided RequestedAttributes Online Application is malformed.", e); + return null; + } + //only add if STORK attribute is correct + if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { + reqAttributeList.add(requestedAttribute); + } else { + Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); + } + } + + return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); + } + + /** + * Method warn. + * @param messageId to identify a country-specific message + * @param parameters for the logger + */ + // + // various utility methods + // + + protected static void warn(String messageId, Object[] parameters) { + Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + } + + /** + * Method warn. + * @param messageId to identify a country-specific message + * @param args for the logger + * @param t as throwabl + */ + protected static void warn(String messageId, Object[] args, Throwable t) { + Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java new file mode 100644 index 000000000..455fde9bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java @@ -0,0 +1,130 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * This bean class is used to store data for various connectionParameter + * within the MOA-ID configuration + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConnectionParameter { + + /** + * Server URL + */ + private String url; + /** + * File URL for a directory containing PKCS#12 server SSL certificates. + * From these certificates, a X509 trust store will be assembled for use + * by a JSSE TrustManager. + * This field will only be used in case of an HTTPS URL. + */ + private String acceptedServerCertificates; + /** + * File URL of a X509 key store containing the private key to be used + * for an HTTPS connection when the server requires client authentication. + * This field will only be used in case of an HTTPS URL. + */ + private String clientKeyStore; + /** + * Password protecting the client key store. + */ + private String clientKeyStorePassword; + + /** + * Checks whether the URL scheme is "https". + * @return true in case of an URL starting with "https" + */ + public boolean isHTTPSURL() { + return getUrl().indexOf("https") == 0; + } + + /** + * Returns the url. + * @return String + */ + public String getUrl() { + return url; + } + + /** + * Returns the acceptedServerCertificates. + * @return String + */ + public String getAcceptedServerCertificates() { + return acceptedServerCertificates; + } + + /** + * Sets the acceptedServerCertificates. + * @param acceptedServerCertificates The acceptedServerCertificates to set + */ + public void setAcceptedServerCertificates(String acceptedServerCertificates) { + this.acceptedServerCertificates = acceptedServerCertificates; + } + + /** + * Sets the url. + * @param url The url to set + */ + public void setUrl(String url) { + this.url = url; + } + + /** + * Returns the clientKeyStore. + * @return String + */ + public String getClientKeyStore() { + return clientKeyStore; + } + + /** + * Returns the clientKeyStorePassword. + * @return String + */ + public String getClientKeyStorePassword() { + return clientKeyStorePassword; + } + + /** + * Sets the clientKeyStore. + * @param clientKeyStore The clientKeyStore to set + */ + public void setClientKeyStore(String clientKeyStore) { + this.clientKeyStore = clientKeyStore; + } + + /** + * Sets the clientKeyStorePassword. + * @param clientKeyStorePassword The clientKeyStorePassword to set + */ + public void setClientKeyStorePassword(String clientKeyStorePassword) { + this.clientKeyStorePassword = clientKeyStorePassword; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java new file mode 100644 index 000000000..3948522c0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java @@ -0,0 +1,501 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.ArrayList; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Auth component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +/** + * + * + * @author Harald Bratko + */ +public class OAAuthParameter extends OAParameter { + /** + * Sercurity Layer version + */ + private String slVersion; + /** + * true, if the Security Layer version is version 1.2, otherwise false + */ + private boolean slVersion12; + /** + * identityLinkDomainIdentifier + * (e.g urn:publicid:gv.at+wbpk+FN468i for a "Firmenbuchnummer") + *
+ * only used within a business application context for providing it to the + * security layer as input for wbPK computation + */ + private String identityLinkDomainIdentifier; + /** + * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) + */ + private String keyBoxIdentifier; + /** + * transformations for rendering in the secure viewer of the security layer + * implementation; multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + /** + * determines whether "Stammzahl" is to be included in the authentication data + */ + private boolean provideStammzahl; + /** + * determines whether AUTH block is to be included in the authentication data + */ + private boolean provideAuthBlock; + /** + * determines whether identity link is to be included in the authentication data + */ + private boolean provideIdentityLink; + /** + * determines whether the certificate is to be included in the authentication data + */ + private boolean provideCertificate; + /** + * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data + */ + private boolean provideFullMandatorData; + + /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ + private boolean useUTC; + + /** determines wheter a saml:Condition is added to the SAML assertion or not */ + private boolean useCondition; + + /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ + private int conditionLength; + /** + * url to a template for web page "Auswahl der Bürgerkartenumgebung" + */ + private String bkuSelectionTemplateURL; + /** + * template for web page "Anmeldung mit Bürgerkarte" + */ + private String templateURL; + + /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; + /** + * Parameters for verifying infoboxes. + */ + private VerifyInfoboxParameters verifyInfoboxParameters; + + /** + * Parameter for Mandate profiles + */ + private String mandateProfiles; + + /** + * + * Type for authentication number (e.g. Firmenbuchnummer) + */ + private String identityLinkDomainIdentifierType; + + /** + * STORK QAA Level, Default = 4 + */ + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + + /** + * STORK RequestedAttributes for Online Application + * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth + */ + private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); + + +/** + * Returns true if the Security Layer version is version 1.2, + * otherwise false. + * @return true if the Security Layer version is version 1.2, + * otherwise false + */ + public boolean getSlVersion12() { + return slVersion12; + } + + /** + * Returns the security layer version. + * @return the security layer version. + */ + public String getSlVersion() { + return slVersion; + } + + /** + * Returns the identityLinkDomainIdentifier. + * @return the identityLinkDomainIdentifier. + */ + public String getIdentityLinkDomainIdentifier() { + return identityLinkDomainIdentifier; + } + + /** + * Returns the transformsInfos. + * @return the transformsInfos. + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the provideAuthBlock. + * @return String + */ + public boolean getProvideAuthBlock() { + return provideAuthBlock; + } + + /** + * Returns the provideIdentityLink. + * @return String + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink; + } + + /** + * Returns the provideStammzahl. + * @return String + */ + public boolean getProvideStammzahl() { + return provideStammzahl; + } + + /** + * Returns true if the certificate should be provided within the + * authentication data, otherwise false. + * @return true if the certificate should be provided, + * otherwise false + */ + public boolean getProvideCertifcate() { + return provideCertificate; + } + + /** + * Returns true if the full mandator data should be provided within the + * authentication data, otherwise false. + * @return true if the full mandator data should be provided, + * otherwise false + */ + public boolean getProvideFullMandatorData() { + return provideFullMandatorData; + } + + /** + * Returns true if the IssueInstant should be given in UTC, otherwise false. + * @return true if the IssueInstant should be given in UTC, otherwise false. + */ + public boolean getUseUTC() { + return useUTC; + } + + /** + * Returns true if the SAML assertion should contain a saml:Condition, otherwise false. + * @return true if the SAML assertion should contain a saml:Condition, otherwise false. + */ + public boolean getUseCondition() { + return useCondition; + } + + /** + * Returns the validity time of the SAML assertion (if useCondition is true) in seconds + * @return the validity time of the SAML assertion (if useCondition is true) in seconds + */ + public int getConditionLength() { + return conditionLength; + } + + +/** + * Returns the key box identifier. + * @return String + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * Returns the BkuSelectionTemplate url. + * @return The BkuSelectionTemplate url or null if no url for + * a BkuSelectionTemplate is set. + */ + public String getBkuSelectionTemplateURL() { + return bkuSelectionTemplateURL; + } + + /** + * Returns the TemplateURL url. + * @return The TemplateURL url or null if no url for + * a Template is set. + */ + public String getTemplateURL() { + return templateURL; + } + + + /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or null if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + + /** + * Returns the parameters for verifying additional infoboxes. + * + * @return The parameters for verifying additional infoboxes. + * Maybe null. + */ + public VerifyInfoboxParameters getVerifyInfoboxParameters() { + return verifyInfoboxParameters; + } + + /** + * Sets the security layer version. + * Also sets slVersion12 ({@link #getSlVersion12()}) + * to true if the Security Layer version is 1.2. + * @param slVersion The security layer version to be used. + */ + public void setSlVersion(String slVersion) { + this.slVersion = slVersion; + if ("1.2".equals(slVersion)) { + this.slVersion12 = true; + } + } + /** + * Sets the IdentityLinkDomainIdentifier. + * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. + */ + public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { + this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; + } + /** + * Sets the transformsInfos. + * @param transformsInfos The transformsInfos to be used. + */ + public void setTransformsInfos(String[] transformsInfos) { + this.transformsInfos = transformsInfos; + } + + +/** + * Sets the provideAuthBlock. + * @param provideAuthBlock The provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + /** + * Sets the provideIdentityLink. + * @param provideIdentityLink The provideIdentityLink to set + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + /** + * Sets the provideStammzahl. + * @param provideStammzahl The provideStammzahl to set + */ + public void setProvideStammzahl(boolean provideStammzahl) { + this.provideStammzahl = provideStammzahl; + } + + /** + * Sets the provideCertificate variable. + * @param provideCertificate The provideCertificate value to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + /** + * Sets the provideFullMandatorData variable. + * @param provideFullMandatorData The provideFullMandatorData value to set + */ + public void setProvideFullMandatorData(boolean provideFullMandatorData) { + this.provideFullMandatorData = provideFullMandatorData; + } + + /** + * Sets the useUTC variable. + * @param useUTC The useUTC value to set + */ + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + + /** + * Sets the useCondition variable + * @param useCondition The useCondition value to set + */ + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + /** + * Sets the conditionLength variable + * @param conditionLength the conditionLength value to set + */ + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + + /** + * Sets the key box identifier. + * @param keyBoxIdentifier to set + */ + public void setKeyBoxIdentier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * Sets the BkuSelectionTemplate url. + * @param bkuSelectionTemplateURL The url string specifying the location + * of a BkuSelectionTemplate. + */ + public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { + this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; + } + + /** + * Sets the Template url. + * @param templateURL The url string specifying the location + * of a Template. + */ + public void setTemplateURL(String templateURL) { + this.templateURL = templateURL; + } + + /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + + /** + * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. + * + * @param verifyInfoboxParameters The verifyInfoboxParameters to set. + */ + public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { + this.verifyInfoboxParameters = verifyInfoboxParameters; + } + + /** + * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + */ + public String getIdentityLinkDomainIdentifierType() { + return identityLinkDomainIdentifierType; + } + + /** + * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) + */ + public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { + this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; + } + + /** + * Sets the Mandate/Profiles + * @param profiles + */ + public void setMandateProfiles(String profiles) { + this.mandateProfiles = profiles; + } + + /** + * Returns the Mandates/Profiles + * @return + */ + public String getMandateProfiles() { + return this.mandateProfiles; + } + + /** + * Returns the defined STORK QAALevel + * @return STORK QAALevel + */ + public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; + } + + /** + * Sets the STORK QAALevel + * @param qaaLevel + */ + public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { + this.qaaLevel = qaaLevel; + } + + /** + * Returns the desired STORK Requested Attributes + * @return STORK Requested Attributes + */ + public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; + } + + /** + * Sets the desired STORK Requested Attributes + * @param requestedAttributes + */ + public void setRequestedAttributes(RequestedAttributes requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java new file mode 100644 index 000000000..de449cbcf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java @@ -0,0 +1,164 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Configuration parameters belonging to an online application, + * to be used within both, the MOA ID Auth and the + * MOA ID PROXY component. + * + * @author Harald Bratko + */ +public class OAParameter { + + /** + * type of the online application (maybe "PublicService" or "BusinessService") + */ + private String oaType; + + /** + * specifies whether the online application is a business application or not + * (true if value of {@link #oaType} is "businessService" + */ + private boolean businessService; + + /** + * public URL prefix of the online application + */ + private String publicURLPrefix; + + /** + * specifies a human readable name of the Online Application + */ + private String friendlyName; + + /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + private String target; + /** + * specifies a friendly name for the target + */ + private String targetFriendlyName; + + /** + * Returns the type of the online application. + * @return the type of the online application. + */ + public String getOaType() { + return oaType; + } + + /** + * Returns true is the OA is a businss application, otherwise + * false. + * @return true is the OA is a businss application, otherwise + * false + */ + public boolean getBusinessService() { + return this.businessService; + } + + /** + * Returns the publicURLPrefix. + * @return String + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * + * Sets the type of the online application. + * If the type is "businessService" the value of businessService + * ({@link #getBusinessService()}) is also set to true + * @param oaType The type of the online application. + */ + public void setOaType(String oaType) { + this.oaType = oaType; + if ("businessService".equalsIgnoreCase(oaType)) { + this.businessService = true; + } + } + + /** + * Sets the publicURLPrefix. + * @param publicURLPrefix The publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + this.publicURLPrefix = publicURLPrefix; + } + + + /** + * Gets the friendly name of the OA + * @return Friendly Name of the OA + */ + public String getFriendlyName() { + return friendlyName; + } + + /** + * Sets the friendly name of the OA + * @param friendlyName + */ + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + /** + * Gets the target of the OA + * @return target of the OA + */ + public String getTarget() { + return target; + } + + /** + * Sets the target of the OA + * @param target + */ + public void setTarget(String target) { + this.target = target; + } + + /** + * Gets the target friendly name of the OA + * @return target Friendly Name of the OA + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the target friendly name of the OA + * @param targetFriendlyName + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java new file mode 100644 index 000000000..2d0a91fb9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java @@ -0,0 +1,90 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Encapsulates several STORK configuration parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class STORKConfig { + + /** STORK SAML signature creation parameters */ + private SignatureCreationParameter signatureCreationParameter; + + /** STORK SAML signature verification parameters */ + private SignatureVerificationParameter signatureVerificationParameter; + + /** Map of supported C-PEPSs */ + private Map cpepsMap = new HashMap(); + + + /** + * Constructs a STORK Config object + * @param signatureCreationParameter STORK SAML Signature creation parameters + * @param signatureVerificationParameter STORK SAML Signature verification parameters + * @param cpepsMap Map of supported C-PEPS + */ + public STORKConfig(SignatureCreationParameter signatureCreationParameter, + SignatureVerificationParameter signatureVerificationParameter, + Map cpepsMap) { + super(); + this.signatureCreationParameter = signatureCreationParameter; + this.signatureVerificationParameter = signatureVerificationParameter; + this.cpepsMap = cpepsMap; + } + + public SignatureCreationParameter getSignatureCreationParameter() { + return signatureCreationParameter; + } + + public void setSignatureCreationParameter( + SignatureCreationParameter signatureCreationParameter) { + this.signatureCreationParameter = signatureCreationParameter; + } + + public SignatureVerificationParameter getSignatureVerificationParameter() { + return signatureVerificationParameter; + } + + public void setSignatureVerificationParameter( + SignatureVerificationParameter signatureVerificationParameter) { + this.signatureVerificationParameter = signatureVerificationParameter; + } + + public Map getCpepsMap() { + return cpepsMap; + } + + public void setCpepsMap(Map cpepsMap) { + this.cpepsMap = cpepsMap; + } + + public boolean isSTORKAuthentication(String ccc) { + + if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty()) + return false; + + if (this.cpepsMap.containsKey(ccc.toUpperCase())) + return true; + else + return false; + + } + + public CPEPS getCPEPS(String ccc) { + if (isSTORKAuthentication(ccc)) + return this.cpepsMap.get(ccc); + else + return null; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java new file mode 100644 index 000000000..fcccf41f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java @@ -0,0 +1,112 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates signature creation parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureCreationParameter { + + /** KeyStore Path */ + private String keyStorePath; + + /** KeyStore Password */ + private String keyStorePassword; + + /** Signing Key Name */ + private String keyName; + + /** Signing Key Password */ + private String keyPassword; + + /** + * Gets the KeyStore Path + * @return File Path to KeyStore + */ + public String getKeyStorePath() { + return keyStorePath; + } + + /** + * Sets the KeyStore Path + * @param keyStorePath Path to KeyStore + */ + public void setKeyStorePath(String keyStorePath) { + this.keyStorePath = keyStorePath; + } + + /** + * Gets the KeyStore Password + * @return Password to KeyStore + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * Sets the KeyStore Password + * @param keyStorePassword Password to KeyStore + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * Gets the Signing Key Name + * @return Siging Key Name + */ + public String getKeyName() { + return keyName; + } + + /** + * Sets the Signing Key Name + * @param keyName Signing Key Name + */ + public void setKeyName(String keyName) { + this.keyName = keyName; + } + + /** + * Gets the Signing Key Password + * @return Signing Key Password + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * Sets the Signing Key Password + * @param keyPassword Signing Key Password + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java new file mode 100644 index 000000000..d01c8e541 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java @@ -0,0 +1,35 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates Signature Verification data for STORK according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureVerificationParameter { + + /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */ + private String trustProfileID; + + /** + * Gets the MOA-SP TrustProfileID + * @return TrustProfileID of MOA-SP for STORK signature verification + */ + public String getTrustProfileID() { + return trustProfileID; + } + + /** + * Sets the MOA-SP TrustProfileID + * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification + */ + public void setTrustProfileID(String trustProfileID) { + this.trustProfileID = trustProfileID; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java new file mode 100644 index 000000000..a482da430 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java @@ -0,0 +1,411 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.io.IOException; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class is a container for parameters that maybe needed for verifying an infobox. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameter { + + /** + * The default package name (first part) of a infobox validator class. + */ + public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator."; + + /** + * The identifier of the infobox to be verified. This identifier must exactly the + * identifier of the infobox returned by BKU. + */ + protected String identifier_; + + /** + * The friendly name of the infobox. + * This name is used within browser messages, thus it should be the german equivalent of + * the {@link #identifier_ infobox identifier} (e.g. "Stellvertretungen" + * for "Mandates" or "GDAToken" for + * "EHSPToken". + *
If not specified within the config file the {@link #identifier_ infobox identifier} + * will be used. + */ + protected String friendlyName_; + + /** + * The Id of the TrustProfile to be used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The full name of the class to be used for verifying the infobox. + */ + protected String validatorClassName_; + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + */ + protected List schemaLocations_; + + /** + * Application specific parameters that may be needed for verifying an infobox. + */ + protected Element applicationSpecificParams_; + + /** + * Specifies if the infobox is be required to be returned by the BKU. + */ + protected boolean required_; + + /** + * Specifies whether the Stammzahl should be passed to the verifying + * application or not. + */ + protected boolean provideStammzahl_; + + /** + * Specifies whether the identity link should be passed to the verifying + * application or not. + */ + protected boolean provideIdentityLink_; + + /** + * Initializes this VerifiyInfoboxParamater with the given identifier and a default + * validator class name. + * + * @param identifier The identifier of the infobox to be verified. + */ + public VerifyInfoboxParameter(String identifier) { + identifier_ = identifier; + StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK); + sb.append(identifier.toLowerCase()); + sb.append("."); + sb.append(identifier.substring(0, 1).toUpperCase()); + sb.append(identifier.substring(1)); + sb.append("Validator"); + validatorClassName_ = sb.toString(); + } + + /** + * Returns application specific parameters. + * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_} + * + * @see #applicationSpecificParams_ + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @see #applicationSpecificParams_ + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Appends special application specific parameters for party representation. + * + * @param applicationSpecificParams The application specific parameters for party representation to set. + */ + public void appendParepSpecificParams(Element applicationSpecificParams) { + try { + if (applicationSpecificParams_==null) { + applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters"); + } + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode); + if (null!=nodeList) { + for (int i=0; iTrue if the identity link should be passed to the verifying + * application, otherwise false. + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink_; + } + + /** + * Sets the {@link #provideIdentityLink_} parameter. + * + * @param provideIdentityLink True if the identity link should be passed to + * the verifying application, otherwise false. + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + provideIdentityLink_ = provideIdentityLink; + } + + /** + * Specifies whether the Stammzahl should be passed to the verifying + * application or not. + * + * @return True if the Stammzahl should be passed to the + * verifying application, otherwise false. + */ + public boolean getProvideStammzahl() { + return provideStammzahl_; + } + + /** + * Sets the {@link #provideStammzahl_} parameter. + * + * @param provideStammzahl True if the Stammzahl should be + * passed to the verifying application, otherwise false. + */ + public void setProvideStammzahl(boolean provideStammzahl) { + provideStammzahl_ = provideStammzahl; + } + + /** + * Specifies whether the infobox is required or not. + * + * @return True if the infobox is required to be returned by the BKU, + * otherwise false. + */ + public boolean isRequired() { + return required_; + } + + /** + * Sets the {@link #required_} parameter. + * + * @param required True if the infobox is required to be returned by the + * BKU, otherwise false. + */ + public void setRequired(boolean required) { + required_ = required; + } + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects + * each of them specifying the location of an XML schema. + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * Sets the schema locations. + * + * @see #schemaLocations_ + * + * @param schemaLocations The schema location list to be set. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Returns the ID of the trust profile to be used for verifying certificates. + * + * @return The ID of the trust profile to be used for verifying certificates. + * Maybe null. + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * Sets the ID of the trust profile to be used for verifying certificates. + * + * @param trustProfileID The ID of the trust profile to be used for verifying certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Returns the name of the class to be used for verifying this infobox. + * + * @return The name of the class to be used for verifying this infobox. + */ + public String getValidatorClassName() { + return validatorClassName_; + } + + /** + * Sets the name of the class to be used for verifying this infobox. + * + * @param validatorClassName The name of the class to be used for verifying this infobox. + */ + public void setValidatorClassName(String validatorClassName) { + validatorClassName_ = validatorClassName; + } + + /** + * Get a string representation of this object. + * This method is for debugging purposes only. + * + * @return A string representation of this object. + */ + public String toString() { + + StringBuffer buffer = new StringBuffer(1024); + + buffer.append(" "); + buffer.append("\n"); + if (friendlyName_ != null) { + buffer.append(" "); + buffer.append(friendlyName_); + buffer.append(""); + buffer.append("\n"); + } + if (trustProfileID_ != null) { + buffer.append(" "); + buffer.append(trustProfileID_); + buffer.append(""); + buffer.append("\n"); + } + if (validatorClassName_ != null) { + buffer.append(" "); + buffer.append(validatorClassName_); + buffer.append(""); + buffer.append("\n"); + } + if (schemaLocations_ != null) { + buffer.append(" "); + buffer.append("\n"); + Iterator it = schemaLocations_.iterator(); + while (it.hasNext()) { + buffer.append(" \n"); + } + buffer.append(" "); + buffer.append("\n"); + } + if (applicationSpecificParams_ != null) { + try { + String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_); + buffer.append(" "); + buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams)); + buffer.append("\n"); + } catch (TransformerException e) { + // do nothing + } catch (IOException e) { + // do nothing + } + } + buffer.append(" "); + + + return buffer.toString() ; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java new file mode 100644 index 000000000..c7f5aa7ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java @@ -0,0 +1,159 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * This class contains the parameters for verifying all the infoboxes configured for an + * online application. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameters { + + /** + * A map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + */ + protected Map infoboxParameters_; + + /** + * A list of the identifiers of the infoboxes supported by this + * VerifyInfoboxParameters; + */ + protected List identifiers_; + + /** + * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate + * in the context of the actual online application. + * The string will be added as value of the PushInfobox parameter in the + * HTML form used for reading the infoboxes from the BKU. + */ + protected String pushInfobox_; + + /** + * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_} + * map. + */ + public VerifyInfoboxParameters() { + infoboxParameters_ = new Hashtable(); + pushInfobox_ = ""; + } + + /** + * Initializes this VerifyInfoboxParameters with the given + * infoboxParameters map and builds the {@link #pushInfobox_} string + * from the keys of the given map. + */ + public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) { + identifiers_ = identifiers; + infoboxParameters_ = infoboxParameters; + // build the pushInfobox string + if ((identifiers != null) && (!identifiers.isEmpty())) { + StringBuffer identifiersSB = new StringBuffer(); + int identifiersNum = identifiers.size(); + int i = 1; + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + identifiersSB.append((String)it.next()); + if (i != identifiersNum) { + identifiersSB.append(","); + } + i++; + } + pushInfobox_ = identifiersSB.toString(); + } else { + pushInfobox_ = ""; + } + } + + /** + * Returns the (comma separated) identifiers of the infoboxes configured for the actual + * online application. + * + * @see #pushInfobox_ + * + * @return The (comma separated) identifiers of the infoboxes configured for the actual + * online application. + */ + public String getPushInfobox() { + return pushInfobox_; + } + + /** + * Sets the {@link #pushInfobox_} string. + * + * @param pushInfobox The pushInfobox string to be set. + */ + public void setPushInfobox(String pushInfobox) { + pushInfobox_ = pushInfobox; + } + + /** + * Returns map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + * + * @return The map of {@link VerifyInfoboxParameter} objects. + */ + public Map getInfoboxParameters() { + return infoboxParameters_; + } + + /** + * Sets the map of {@link VerifyInfoboxParameter} objects. + * + * @see #infoboxParameters_ + * + * @param infoboxParameters The infoboxParameters to set. + */ + public void setInfoboxParameters(Map infoboxParameters) { + infoboxParameters_ = infoboxParameters; + } + + /** + * Returns the identifiers of the supported infoboxes. + * + * @return The identifiers. + */ + public List getIdentifiers() { + return identifiers_; + } + + /** + * Sets the identifiers. + * + * @param identifiers The identifiers to set. + */ + public void setIdentifiers(List identifiers) { + identifiers_ = identifiers; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index ed0de8ebe..d14d570ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.config.proxy; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.OAParameter; /** * Configuration parameters belonging to an online application, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index 219b0f8ba..094e7162e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -33,9 +33,9 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 86ae93a4b..1c9c1caa8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -33,7 +33,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 485a44421..4b4364555 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -3,9 +3,32 @@ */ package at.gv.egovernment.moa.id.config.stork; +import iaik.util.logging.Log; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; +import java.util.Properties; + +import javax.xml.parsers.ParserConfigurationException; + +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; +import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; /** @@ -17,55 +40,83 @@ import at.gv.egovernment.moa.util.StringUtils; public class STORKConfig { /** STORK SAML signature creation parameters */ - private SignatureCreationParameter signatureCreationParameter; + private STORK stork; + private Properties props; + private Map cpepsMap; - /** STORK SAML signature verification parameters */ - private SignatureVerificationParameter signatureVerificationParameter; - - /** Map of supported C-PEPSs */ - private Map cpepsMap = new HashMap(); - - - /** - * Constructs a STORK Config object - * @param signatureCreationParameter STORK SAML Signature creation parameters - * @param signatureVerificationParameter STORK SAML Signature verification parameters - * @param cpepsMap Map of supported C-PEPS - */ - public STORKConfig(SignatureCreationParameter signatureCreationParameter, - SignatureVerificationParameter signatureVerificationParameter, - Map cpepsMap) { - super(); - this.signatureCreationParameter = signatureCreationParameter; - this.signatureVerificationParameter = signatureVerificationParameter; - this.cpepsMap = cpepsMap; + public STORKConfig(STORK stork, Properties props) { + this.stork = stork; + this.props = props; + + //create CPEPS map + List cpeps = stork.getCPEPS(); + + cpepsMap = new HashMap(); + + for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) { + + try { + CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL())); + + List attr = cpep.getAttributeValue(); + + ArrayList requestedAttributes = new ArrayList(); + + for (String e1 : attr) { + Element element = XMLUtil.stringToDOM(e1); + RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element); + requestedAttributes.add(requestedAttribute); + } + moacpep.setCountrySpecificRequestedAttributes(requestedAttributes); + + cpepsMap.put(cpep.getCountryCode(), moacpep); + + } catch (MalformedURLException e) { + Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + + cpep.getCountryCode() + " has an invalid URL and is ignored."); + } catch (ParserConfigurationException e) { + Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); + } catch (SAXException e) { + Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); + } catch (IOException e) { + Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); + } catch (MessageEncodingException e) { + Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); + } + } } public SignatureCreationParameter getSignatureCreationParameter() { - return signatureCreationParameter; - } - - public void setSignatureCreationParameter( - SignatureCreationParameter signatureCreationParameter) { - this.signatureCreationParameter = signatureCreationParameter; + + return new SignatureCreationParameter(props); } public SignatureVerificationParameter getSignatureVerificationParameter() { - return signatureVerificationParameter; - } - - public void setSignatureVerificationParameter( - SignatureVerificationParameter signatureVerificationParameter) { - this.signatureVerificationParameter = signatureVerificationParameter; + + SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); + + if (samlsign == null) { + Log.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); + return null; + } + + SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter(); + + if (sigverify == null) { + Log.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found."); + return null; + } + + return new SignatureVerificationParameter(sigverify.getTrustProfileID()); } public Map getCpepsMap() { return cpepsMap; } - - public void setCpepsMap(Map cpepsMap) { - this.cpepsMap = cpepsMap; - } public boolean isSTORKAuthentication(String ccc) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java index 1f66b7752..ee4fc1e20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java @@ -23,6 +23,8 @@ package at.gv.egovernment.moa.id.config.stork; +import java.util.Properties; + /** * Encapsulates signature creation parameters according MOA configuration * @@ -31,32 +33,24 @@ package at.gv.egovernment.moa.id.config.stork; */ public class SignatureCreationParameter { - /** KeyStore Path */ - private String keyStorePath; + private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation."; + private static final String PROPS_KEYSTORE_FILE = "keystore.file"; + private static final String PROPS_KEYSTORE_PASS = "keystore.password"; + private static final String PROPS_KEYNAME_NAME = "keyname.name"; + private static final String PROPS_KEYNAME_PASS = "keyname.password"; - /** KeyStore Password */ - private String keyStorePassword; + private Properties props; - /** Signing Key Name */ - private String keyName; + SignatureCreationParameter(Properties props) { + this.props = props; + } - /** Signing Key Password */ - private String keyPassword; - /** * Gets the KeyStore Path * @return File Path to KeyStore */ public String getKeyStorePath() { - return keyStorePath; - } - - /** - * Sets the KeyStore Path - * @param keyStorePath Path to KeyStore - */ - public void setKeyStorePath(String keyStorePath) { - this.keyStorePath = keyStorePath; + return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE); } /** @@ -64,15 +58,7 @@ public class SignatureCreationParameter { * @return Password to KeyStore */ public String getKeyStorePassword() { - return keyStorePassword; - } - - /** - * Sets the KeyStore Password - * @param keyStorePassword Password to KeyStore - */ - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; + return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS); } /** @@ -80,15 +66,7 @@ public class SignatureCreationParameter { * @return Siging Key Name */ public String getKeyName() { - return keyName; - } - - /** - * Sets the Signing Key Name - * @param keyName Signing Key Name - */ - public void setKeyName(String keyName) { - this.keyName = keyName; + return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME); } /** @@ -96,17 +74,6 @@ public class SignatureCreationParameter { * @return Signing Key Password */ public String getKeyPassword() { - return keyPassword; + return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS); } - - /** - * Sets the Signing Key Password - * @param keyPassword Signing Key Password - */ - public void setKeyPassword(String keyPassword) { - this.keyPassword = keyPassword; - } - - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java index 2d8402e4d..211c7dde4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java @@ -14,6 +14,10 @@ public class SignatureVerificationParameter { /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */ private String trustProfileID; + public SignatureVerificationParameter(String trustProfileID2) { + this.trustProfileID = trustProfileID2; + } + /** * Gets the MOA-SP TrustProfileID * @return TrustProfileID of MOA-SP for STORK signature verification @@ -22,14 +26,6 @@ public class SignatureVerificationParameter { return trustProfileID; } - /** - * Sets the MOA-SP TrustProfileID - * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification - */ - public void setTrustProfileID(String trustProfileID) { - this.trustProfileID = trustProfileID; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 4c5b82db8..a453010da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -11,11 +11,14 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -58,6 +61,10 @@ public class DispatcherServlet extends AuthServlet{ protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + + boolean isValidSSOSession = false; + boolean useSSOOA = false; + try { Logger.info("REQUEST: " + req.getRequestURI()); Logger.info("QUERY : " + req.getQueryString()); @@ -191,10 +198,19 @@ public class DispatcherServlet extends AuthServlet{ return; } + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (oaParam == null) { + //TODO: Find a better place for this!! + req.getSession().invalidate(); + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + RequestStorage.setPendingRequest(httpSession, protocolRequest); AuthenticationManager authmanager = AuthenticationManager.getInstance(); - + SSOManager ssomanager = SSOManager.getInstance(); //get SSO Cookie for Request @@ -215,10 +231,8 @@ public class DispatcherServlet extends AuthServlet{ } } - boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); - - //TODO: load useSSO from config! - boolean useSSOOA = true; + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + useSSOOA = oaParam.useSSO(); if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { @@ -257,22 +271,26 @@ public class DispatcherServlet extends AuthServlet{ moduleAction.processRequest(protocolRequest, req, resp); - //save SSO session usage in Database - String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); + RequestStorage.removePendingRequest(httpSession); + + if (useSSOOA || isValidSSOSession) { + //save SSO session usage in Database + String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - if (newSSOSessionId != null) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + } } else { - ssomanager.deleteSSOSessionID(req, resp); + authmanager.logout(req, resp); } - - RequestStorage.removePendingRequest(httpSession); - - + //authmanager.logout(req, resp); } catch (Throwable e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index e1a8673b7..10ff4bfc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -58,18 +58,19 @@ public class CertStoreConfigurationImpl extends ObservableImpl */ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { this.conf=conf; - String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; - String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName); + + String certStoreRootDirParam = conf.getCertstoreDirectory(); + if (certStoreRootDirParam == null) throw new ConfigurationException( - "config.08", new Object[] {paramName}); + "config.08", new Object[] {"CertStoreDirectory"}); rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); File f = new File(rootDirectory); if (!f.isDirectory()) throw new ConfigurationException( - "config.05", new Object[] {paramName}); + "config.05", new Object[] {"CertStoreDirectory"}); parameters = new CertStoreParameters[] { this }; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index d04c0b3d5..7c2a9d533 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -2,21 +2,15 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; import java.io.PrintWriter; -import java.util.ArrayList; -import java.util.Arrays; import java.util.List; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; @@ -202,11 +196,10 @@ public class AuthenticationManager extends AuthServlet { setNoCachingHeadersInHttpRespone(request, response); - //TODO:move this to config!!! - final List PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); + List legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols(); //is legacy allowed - boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule()); + boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule()); //check legacy request parameter boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); @@ -265,12 +258,9 @@ public class AuthenticationManager extends AuthServlet { .getOnlineApplicationParameter(target.getOAURL()); if (oaParam == null) { - //TODO: Find a better place for this!! - request.getSession().invalidate(); throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); } - - + else { //check if an MOASession exists and if not create an new MOASession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index eeb0afae2..1e863ec81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -10,7 +10,7 @@ import org.hibernate.Query; import org.hibernate.Session; import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -57,7 +57,7 @@ public class SSOManager { public String existsOldSSOSession(String ssoId) { Logger.trace("Check that the SSOID has already been used"); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 2c4b7c4c5..f3df7a4df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import java.io.IOException; +import java.io.PrintWriter; import java.io.UnsupportedEncodingException; import javax.servlet.http.HttpServletRequest; @@ -11,7 +13,11 @@ import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -19,6 +25,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; @@ -65,12 +72,13 @@ public class GetArtifactAction implements IAction { //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), // useUTC, false); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, oaParam, target); - String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session, oaParam, authData); + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); String redirectURL = oaURL; session.getOAURLRequested(); @@ -85,8 +93,15 @@ public class GetArtifactAction implements IAction { httpResp.setContentType("text/html"); httpResp.setStatus(302); + +// if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { +// String url = "RedirectServlet?"+RedirectServlet.REDIRCT_GETPARAM+"="+redirectURL; +// httpResp.addHeader("Location", url); +// +// } else { + httpResp.addHeader("Location", redirectURL); +// } - httpResp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); // CONFIRMATION FOR SSO! @@ -128,7 +143,13 @@ public class GetArtifactAction implements IAction { } catch (UnsupportedEncodingException e) { // TODO Auto-generated catch block e.printStackTrace(); - } + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } //catch (MOADatabaseException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } } protected static String addURLParameter(String url, String paramname, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 784dec0df..c8a9a24ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -113,7 +113,9 @@ public class GetAuthenticationDataService implements Constants { String samlArtifact = DOMUtils.getText(samlArtifactElem); try { - AuthenticationData authData = SAML1AuthenticationServer.getSaml1AuthenticationData(samlArtifact); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + + AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); useUTC = authData.getUseUTC(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index e79954daa..1b516fe19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -6,18 +6,32 @@ import java.io.File; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Date; +import java.util.List; +import java.util.Vector; + +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -26,10 +40,21 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; public class SAML1AuthenticationServer extends AuthenticationServer { + private static SAML1AuthenticationServer instance; + + public static SAML1AuthenticationServer getInstace() { + if (instance == null) + instance = new SAML1AuthenticationServer(); + + return instance; + } + //private static Map authenticationDataStore = new HashMap(); private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); @@ -48,7 +73,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * * @return AuthenticationData */ - public static AuthenticationData getSaml1AuthenticationData(String samlArtifact) + public AuthenticationData getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); @@ -71,17 +96,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } boolean keepAssertion = false; - try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } + + //removed from MOA-ID 2.0 config +// try { +// String boolStr = AuthConfigurationProvider.getInstance() +// .getGenericConfigurationParameter( +// "AuthenticationServer.KeepAssertion"); +// if (null != boolStr && boolStr.equalsIgnoreCase("true")) +// keepAssertion = true;// Only allowed for debug purposes!!! +// +// } catch (ConfigurationException ex) { +// throw new AuthenticationException("1205", new Object[] { +// samlArtifact, ex.toString() }); +// } if (!keepAssertion) { authenticationDataStore.remove(samlArtifact); } @@ -96,7 +123,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return authData; } - public static String BuildSAMLArtifact(AuthenticationSession session, + public String BuildSAMLArtifact(AuthenticationSession session, OAAuthParameter oaParam, AuthenticationData authData) throws ConfigurationException, BuildException, AuthenticationException { @@ -112,14 +139,17 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // conditionLength); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); + //Load SAML1 Parameter from OA config + OASAML1 saml1parameter = oaParam.getSAML1Parameter(); + + boolean useCondition = saml1parameter.isUseCondition(); + int conditionLength = saml1parameter.getConditionLength().intValue(); try { //set BASE64 encoded signer certificate String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { + if (saml1parameter.isProvideCertificate()) { byte[] signerCertificate = session.getEncodedSignerCertificate(); if (signerCertificate != null) { @@ -131,19 +161,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } //set prPersion - boolean provideStammzahl = oaParam.getProvideStammzahl(); + boolean provideStammzahl = saml1parameter.isProvideStammzahl(); String prPerson = new PersonDataBuilder().build(session.getIdentityLink(), provideStammzahl); //set Authblock - String authBlock = oaParam.getProvideAuthBlock() ? session + String authBlock = saml1parameter.isProvideAUTHBlock() ? session .getAuthBlock() : ""; //set IdentityLink for assortion - String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink() + String ilAssertion = saml1parameter.isProvideIdentityLink() ? session.getIdentityLink() .getSerializedSamlAssertion() : ""; - if (!oaParam.getProvideStammzahl()) { + if (!saml1parameter.isProvideStammzahl()) { ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink() .getIdentificationValue(), ""); } @@ -151,16 +181,87 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String samlAssertion; if (session.getUseMandate()) { + List oaAttributes = session.getExtendedSAMLAttributesOA();; + + if (saml1parameter.isProvideFullMandatorData()) { + + try { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + session.getMISMandate(), oaParam.getBusinessService(), + saml1parameter.isProvideStammzahl()); + + if (extendedSAMLAttributes != null) { + + String identifier = "MISService"; + String friendlyName ="MISService"; + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[] { + friendlyName, String.valueOf((i + 1)) }); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[] { + identifier, String.valueOf((i + 1)) }); + } + } + } + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } + } + + String mandateDate = generateMandateDate(session, oaParam); + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, prPerson, - session.getMandateData(), + mandateDate, authBlock, ilAssertion, session.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), - session.getExtendedSAMLAttributesOA(), + oaAttributes, useCondition, conditionLength); @@ -180,21 +281,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.setSamlAssertion(samlAssertion); - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } + //is removed from MOA-ID 2.0 config +// String assertionFile = AuthConfigurationProvider.getInstance() +// .getGenericConfigurationParameter( +// "AuthenticationServer.WriteAssertionToFile"); +// if (!ParepUtils.isEmpty(assertionFile)) +// try { +// ParepUtils.saveStringToFile(samlAssertion, new File( +// assertionFile)); +// } catch (IOException e) { +// throw new BuildException("builder.00", new Object[] { +// "AuthenticationData", e.toString() }, e); +// } + + //TODO: get sourceID from oaConfig!!! String samlArtifact = new SAMLArtifactBuilder().build( session.getAuthURL(), session.getSessionID(), - session.getSourceID()); + saml1parameter.getSourceID()); storeAuthenticationData(samlArtifact, authData); @@ -209,6 +313,157 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + private String generateMandateDate(AuthenticationSession session, + OAAuthParameter oaParam + ) throws AuthenticationException, BuildException, + ParseException, ConfigurationException, ServiceException, + ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[] { + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); + + //AuthenticationSession session = getSession(sessionID); + // AuthConfigurationProvider authConf = + // AuthConfigurationProvider.getInstance(); + + IdentityLink tempIdentityLink = null; + + Element mandate = session.getMandate(); + + if (session.getUseMandate()) { + tempIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils + .extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, + "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical + && oaParam.getBusinessService() + && identificationType != null + && Constants.URN_PREFIX_BASEID + .equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the + // BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK( + identificationValue, session.getDomainIdentifier()); + ParepUtils + .HideStammZahlen(prPerson, true, null, null, true); + } + + tempIdentityLink.setDateOfBirth(dateOfBirth); + tempIdentityLink.setFamilyName(familyName); + tempIdentityLink.setGivenName(givenName); + tempIdentityLink.setIdentificationType(identificationType); + tempIdentityLink.setIdentificationValue(identificationValue); + tempIdentityLink.setPrPerson(prPerson); + try { + tempIdentityLink.setSamlAssertion(session.getIdentityLink() + .getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + + } + + } + + Element mandatePerson = tempIdentityLink.getPrPerson(); + + String mandateData = null; + try { + + boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl(); + + String oatargetType; + + if(oaParam.getBusinessService()) { + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } + + Element prIdentification = (Element) mandatePerson + .getElementsByTagNameNS(Constants.PD_NS_URI, + "Identification").item(0); + + if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { + + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + String baseid = getBaseId(mandatePerson); + Element identificationBpK = createIdentificationBPK(mandatePerson, + baseid, oaParam.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + mandatePerson.insertBefore(identificationBpK, + prIdentification); + } + } + + } else { + +// Element identificationBpK = mandatePerson.getOwnerDocument() +// .createElementNS(Constants.PD_NS_URI, "Identification"); +// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Value"); +// +// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// tempIdentityLink.getIdentificationValue())); +// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Type"); +// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// "urn:publicid:gv.at:cdid+bpk")); +// identificationBpK.appendChild(valueBpK); +// identificationBpK.appendChild(typeBpK); +// +// mandatePerson.insertBefore(identificationBpK, prIdentification); + } + + + mandateData = DOMUtils.serializeNode(mandatePerson); + + } catch (TransformerException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } catch (IOException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + + return mandateData; + } + + + + /** * Stores authentication data indexed by the assertion handle contained in * the given saml artifact. @@ -220,7 +475,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * @throws AuthenticationException * when SAML artifact is invalid */ - private static void storeAuthenticationData(String samlArtifact, + private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) throws AuthenticationException { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 850f2438a..e1bd38d68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -63,9 +63,11 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public DefaultConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 49e3c09b8..1243960ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -86,9 +86,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public ElakConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index d4a3e4634..9bbef8aa9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -79,9 +79,12 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public EnhancedConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index 61f38412e..e075c99ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -33,7 +33,7 @@ import java.security.GeneralSecurityException; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; @@ -91,8 +91,10 @@ public class MOAIDProxyInitializer { ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); if (connParamAuth!=null) { if (connParamAuth.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - AxisSecureSocketFactory.initialize(ssf); + + //TODO: einkommentieren!!!! + //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); + //AxisSecureSocketFactory.initialize(ssf); } } else { throw new ConfigurationException("config.16", null); @@ -104,8 +106,10 @@ public class MOAIDProxyInitializer { for (int i = 0; i < oaParams.length; i++) { OAProxyParameter oaParam = oaParams[i]; ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - if (oaConnParam.isHTTPSURL()) - SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + if (oaConnParam.isHTTPSURL()); + + //TODO: einkommentieren!!!! + //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } // Initializes the ConnectionBuilderFactory from configuration data diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index fa455b4ef..6cb7ffdfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 6a497f174..ddaab7a28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -55,7 +55,7 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; @@ -265,7 +265,9 @@ public class ProxyServlet extends HttpServlet { // setup SSLSocketFactory for communication with the online application if (oaConnParam.isHTTPSURL()) { try { - ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + + //TODO: einkommentieren!!!! + //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } catch (Throwable ex) { throw new ProxyException( "proxy.05", diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java index 9933142e3..b01a6a36e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -11,7 +11,7 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.logging.Logger; @@ -52,7 +52,7 @@ public class AssertionStorage { //store AssertionStore element to Database try { - MOASessionUtil.saveOrUpdate(element); + MOASessionDBUtils.saveOrUpdate(element); Log.info("Assertion with Artifact=" + artifact + " is stored in Database"); } catch (MOADatabaseException e) { @@ -85,7 +85,7 @@ public class AssertionStorage { Date expioredate = new Date(now - authDataTimeOut); List results; - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); synchronized (session) { session.beginTransaction(); @@ -98,7 +98,7 @@ public class AssertionStorage { if (results.size() != 0) { for(AssertionStore result : results) { try { - MOASessionUtil.delete(result); + MOASessionDBUtils.delete(result); Logger.info("Remove Assertion with Artifact=" + result.getArtifact() + " after assertion timeout."); @@ -115,7 +115,7 @@ public class AssertionStorage { try { AssertionStore element = searchInDatabase(artifact); - MOASessionUtil.delete(element); + MOASessionDBUtils.delete(element); } catch (MOADatabaseException e) { Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact @@ -130,7 +130,7 @@ public class AssertionStorage { private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { MiscUtil.assertNotNull(artifact, "artifact"); Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; synchronized (session) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index faff2955b..90c938e7f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -18,7 +18,7 @@ import org.hibernate.Transaction; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -62,7 +62,7 @@ public class AuthenticationSessionStoreage { //store AssertionStore element to Database try { - MOASessionUtil.saveOrUpdate(dbsession); + MOASessionDBUtils.saveOrUpdate(dbsession); Log.info("MOASession with sessionID=" + id + " is stored in Database"); } catch (MOADatabaseException e) { @@ -83,7 +83,7 @@ public class AuthenticationSessionStoreage { //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); - MOASessionUtil.saveOrUpdate(dbsession); + MOASessionDBUtils.saveOrUpdate(dbsession); Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { @@ -96,7 +96,7 @@ public class AuthenticationSessionStoreage { public static void destroySession(String moaSessionID) throws MOADatabaseException { - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; @@ -168,7 +168,7 @@ public class AuthenticationSessionStoreage { //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); - MOASessionUtil.saveOrUpdate(dbsession); + MOASessionDBUtils.saveOrUpdate(dbsession); return id; @@ -203,7 +203,7 @@ public class AuthenticationSessionStoreage { try { - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; synchronized (session) { @@ -284,11 +284,24 @@ public class AuthenticationSessionStoreage { } } + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + + + } + public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { MiscUtil.assertNotNull(SSOId, "moasessionID"); Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; @@ -327,16 +340,18 @@ public class AuthenticationSessionStoreage { } - public static void clean(long now, long authDataTimeOut) { - Date expioredate = new Date(now - authDataTimeOut); + public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + Date expioredatecreate = new Date(now - authDataTimeOutCreated); + Date expioredateupdate = new Date(now - authDataTimeOutUpdated); List results; - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); - query.setTimestamp("timeout", expioredate); + query.setTimestamp("timeoutcreate", expioredatecreate); + query.setTimestamp("timeoutupdate", expioredateupdate); results = query.list(); session.getTransaction().commit(); } @@ -344,7 +359,7 @@ public class AuthenticationSessionStoreage { if (results.size() != 0) { for(AuthenticatedSessionStore result : results) { try { - MOASessionUtil.delete(result); + MOASessionDBUtils.delete(result); Logger.info("Authenticated session with sessionID=" + result.getSessionid() + " after session timeout."); @@ -361,7 +376,7 @@ public class AuthenticationSessionStoreage { private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { MiscUtil.assertNotNull(sessionID, "moasessionID"); Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 6c8365e67..be8e475f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -177,7 +178,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ * @param target HTTP parameter from request * @return */ - public static boolean isValidBKUURI(String bkuURI) { + public static boolean isValidBKUURI(String bkuURI, List allowedBKUs) { Logger.debug("Ueberpruefe Parameter bkuURI"); // if non parameter is given return true @@ -202,9 +203,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ } else { Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs."); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - List trustedBKUs = authConf.getTrustedBKUs(); - boolean b = trustedBKUs.contains(bkuURI); + boolean b = allowedBKUs.contains(bkuURI); if (b) { Logger.debug("Parameter bkuURI erfolgreich ueberprueft"); return true; @@ -228,10 +227,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ } catch (MalformedURLException e) { Logger.error("Fehler Ueberpruefung Parameter bkuURI", e); return false; - } catch (ConfigurationException e) { - Logger.error("Fehler Ueberpruefung Parameter bkuURI", e); - return false; - } + } } @@ -270,7 +266,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ else { //check against configured trustet template urls AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - List trustedTemplateURLs = authConf.getTrustedTemplateURLs(); + List trustedTemplateURLs = authConf.getSLRequestTemplates(); boolean b = trustedTemplateURLs.contains(template); if (b) { Logger.debug("Parameter Template erfolgreich ueberprueft"); @@ -486,9 +482,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ try { if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + if (MiscUtil.isEmpty(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + if (MiscUtil.isEmpty(templateURL)) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 705b4e881..a6619fc11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -154,9 +154,7 @@ public class SSLUtils { PKIConfiguration cfg = null; if (! PKIFactory.getInstance().isAlreadyConfigured()) cfg = new PKIConfigurationImpl(conf); - String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); - //not using BoolUtils because default value hast to be true! - boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); + boolean checkRevocation = conf.isTrustmanagerrevoationchecking(); PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); // This call fixes a bug occuring when PKIConfiguration is // initialized by the MOA-SP initialization code, in case diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 1f5f1ea20..979744edb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -23,9 +23,13 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; + +import java.io.Serializable; -public class MISMandate { - +public class MISMandate implements Serializable{ + + private static final long serialVersionUID = 1L; + final static private String OID_NOTAR = "1.2.40.0.10.3.1"; final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 7ee3b4e84..8970abc10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -109,16 +109,7 @@ public class MISSimpleClient { ArrayList foundMandates = new ArrayList(); for (int i=0; i